azukaar
[BUG]: not support well for custom SSL ports, such as 888.
What happened?
For example, cosmos panel URL is https://cosmos.abc.com:888
I specify in the URLs to use the host xxx.abc.com:888 (setting Host to xxx.abc.com:888), it causes cosmos to lose network access.
There seems to be a port conflict over port 888 (this manifests as a brief period of availability, but after a restart, cosmos becomes inaccessible, with the log showing 0.0.0.0:888 address already in use).
This behavior is really strange — it doesn't align with my understanding of how a reverse proxy should work at all. Am I forced to assign a unique domain + unique port for each Docker app? However, even when I set it to https://xxx.abc.com:999 , I still cannot access the app, because cosmos is not listening on port 999. This has left me quite confused.
When the port 888 is not appended to the Host, there is no port conflict. However, clicking the app from the homepage results in the URL https://xxx.abc.com , which leads to an 404 error unless I manually add :888 to the chrome address.
What should have happened?
hots= xxx.abc.com:888 and vist xxx.abc.com:888 in docker
How to reproduce the bug?
- Go to URLs and click Create
- Select ServApp mode or Proxy (the same error)
- Check the option Use Hosts
- Enter
xxx.abc.com:888(use the same port as the panel) - Try restarting cosmos — it won't work, as the port is already in use
Relevant log output
Other details
No response
System details
- OS: [fedora 42]
- Browser [chrome]
- Version [latest]
Can you expand on what your config look like? what's the HTTP part of the config? Thanks
I hide https rsa. The real HTTPSPort had been changed to 998. if blinko host set "blinko.xxx.top:998" ,the log showing 0.0.0.0:998 address already in use.
"IT-Tools" is the same.
{
"TLSKeyHostsCached": [
"nas.xxx.top",
"blinko.xxx.top",
"tools.xxx.top",
"moontv.xxx.top"
],
"TLSValidUntil": "2025-10-19T14:56:07.213532326Z",
"SelfTLSKeyHostsCached": [
"nas.xxx.top",
"blinko.xxx.top",
"tools.xxx.top",
"moontv.xxx.top"
],
"GenerateMissingAuthCert": true,
"HTTPSCertificateMode": "LETSENCRYPT",
"DNSChallengeProvider": "cloudflare",
"ForceHTTPSCertificateRenewal": false,
"HTTPPort": "888",
"HTTPSPort": "998",
"ProxyConfig": {
"Routes": [
{
"Disabled": false,
"Name": "blinko",
"Description": "New Route",
"UseHost": true,
"Host": "blinko.xxx.top:998",
"UsePathPrefix": false,
"PathPrefix": "",
"Timeout": 14400000,
"ThrottlePerMinute": 10000,
"CORSOrigin": "",
"StripPathPrefix": false,
"MaxBandwith": 0,
"AuthEnabled": false,
"AdminOnly": false,
"Target": "http://blinko-website:1111",
"SmartShield": {
"Enabled": true,
"PolicyStrictness": 0,
"PerUserTimeBudget": 0,
"PerUserRequestLimit": 0,
"PerUserByteLimit": 0,
"PerUserSimultaneous": 0,
"MaxGlobalSimultaneous": 0,
"PrivilegedGroups": 0
},
"Mode": "PROXY",
"BlockCommonBots": true,
"BlockAPIAbuse": false,
"AcceptInsecureHTTPSTarget": false,
"HideFromDashboard": false,
"DisableHeaderHardening": false,
"SpoofHostname": false,
"AddionalFilters": null,
"RestrictToConstellation": false,
"OverwriteHostHeader": "",
"WhitelistInboundIPs": [],
"Icon": "",
"TunnelVia": "",
"TunneledHost": "",
"ExtraHeaders": null
},
{
"Disabled": false,
"Name": "IT-Tools",
"Description": "Expose IT-Tools to the web",
"UseHost": true,
"Host": "tools.xxx.top",
"UsePathPrefix": false,
"PathPrefix": "",
"Timeout": 14400000,
"ThrottlePerMinute": 12000,
"CORSOrigin": "",
"StripPathPrefix": false,
"MaxBandwith": 0,
"AuthEnabled": false,
"AdminOnly": false,
"Target": "http://IT-Tools:80",
"SmartShield": {
"Enabled": true,
"PolicyStrictness": 0,
"PerUserTimeBudget": 0,
"PerUserRequestLimit": 0,
"PerUserByteLimit": 0,
"PerUserSimultaneous": 0,
"MaxGlobalSimultaneous": 0,
"PrivilegedGroups": 0
},
"Mode": "PROXY",
"BlockCommonBots": true,
"BlockAPIAbuse": false,
"AcceptInsecureHTTPSTarget": false,
"HideFromDashboard": false,
"DisableHeaderHardening": false,
"SpoofHostname": false,
"AddionalFilters": null,
"RestrictToConstellation": false,
"OverwriteHostHeader": "",
"WhitelistInboundIPs": [],
"Icon": "",
"TunnelVia": "",
"TunneledHost": "",
"ExtraHeaders": null
},
{
"Disabled": false,
"Name": "moontv",
"Description": "New Route",
"UseHost": true,
"Host": "moontv.xxx.top",
"UsePathPrefix": false,
"PathPrefix": "",
"Timeout": 14400000,
"ThrottlePerMinute": 10000,
"CORSOrigin": "",
"StripPathPrefix": false,
"MaxBandwith": 0,
"AuthEnabled": false,
"AdminOnly": false,
"Target": "http://moontv:3000",
"SmartShield": {
"Enabled": true,
"PolicyStrictness": 0,
"PerUserTimeBudget": 0,
"PerUserRequestLimit": 0,
"PerUserByteLimit": 0,
"PerUserSimultaneous": 0,
"MaxGlobalSimultaneous": 0,
"PrivilegedGroups": 0
},
"Mode": "SERVAPP",
"BlockCommonBots": true,
"BlockAPIAbuse": false,
"AcceptInsecureHTTPSTarget": false,
"HideFromDashboard": false,
"DisableHeaderHardening": false,
"SpoofHostname": false,
"AddionalFilters": null,
"RestrictToConstellation": false,
"OverwriteHostHeader": "",
"WhitelistInboundIPs": [],
"Icon": "",
"TunnelVia": "",
"TunneledHost": "",
"ExtraHeaders": null
}
]
},
"Hostname": "nas.xxx.top",
"AllowHTTPLocalIPAccess": true,
"UseWildcardCertificate": false,
"OverrideWildcardDomains": "",
"AcceptAllInsecureHostname": false,
"DNSChallengeResolvers": "",
"UseForwardedFor": false,
"AllowSearchEngine": false,
"PublishMDNS": true
}