diff --git a/admin/commands/config.go b/admin/commands/config.go index eda73cf1a2..dfb2c37fd7 100644 --- a/admin/commands/config.go +++ b/admin/commands/config.go @@ -62,14 +62,14 @@ type ConfigCommand struct { func (cmd *ConfigCommand) args(globals *flags.GlobalFlags) ([]string, bool) { port := globals.ServerURL.Port() if port == "" { - port = "443" + port = "8443" } var switchedToTLS bool var res []string if globals.ServerURL.Scheme == "http" { - port = "443" + port = "8443" switchedToTLS = true globals.SkipTLSCertificateCheck = true } diff --git a/admin/commands/config_test.go b/admin/commands/config_test.go index 792e981221..fe6f6a9ba8 100644 --- a/admin/commands/config_test.go +++ b/admin/commands/config_test.go @@ -32,11 +32,11 @@ func TestConfigCommandArgs(t *testing.T) { } t.Run("SwitchToTLS1", func(t *testing.T) { - u, err := url.Parse("http://127.0.0.1:80") + u, err := url.Parse("http://127.0.0.1:8080") require.NoError(t, err) args, switchedToTLS := cmd.args(&flags.GlobalFlags{ServerURL: u}) expected := []string{ - "--server-address=127.0.0.1:443", + "--server-address=127.0.0.1:8443", "--server-insecure-tls", "setup", "1.2.3.4", "generic", "node1", } @@ -54,7 +54,7 @@ func TestConfigCommandArgs(t *testing.T) { require.NoError(t, err) args, switchedToTLS := cmd.args(&flags.GlobalFlags{ServerURL: u}) expected := []string{ - "--server-address=127.0.0.1:443", + "--server-address=127.0.0.1:8443", "--server-username=admin", "--server-password=admin", "--server-insecure-tls", @@ -74,7 +74,7 @@ func TestConfigCommandArgs(t *testing.T) { require.NoError(t, err) args, switchedToTLS := cmd.args(&flags.GlobalFlags{ServerURL: u}) expected := []string{ - "--server-address=127.0.0.1:443", + "--server-address=127.0.0.1:8443", "--server-username=admin", "--server-password=admin", "--server-insecure-tls", @@ -102,7 +102,7 @@ func TestConfigCommandArgs(t *testing.T) { EnableTrace: true, }) expected := []string{ - "--server-address=127.0.0.1:443", + "--server-address=127.0.0.1:8443", "--server-username=admin", "--server-password=admin", "--server-insecure-tls", diff --git a/admin/commands/pmm/server/docker/install.go b/admin/commands/pmm/server/docker/install.go index eec6e3df77..94a284b265 100644 --- a/admin/commands/pmm/server/docker/install.go +++ b/admin/commands/pmm/server/docker/install.go @@ -129,8 +129,8 @@ func (c *InstallCommand) runContainer(ctx context.Context, volume *volume.Volume logrus.Info("Starting PMM Server") ports := nat.PortMap{ - "443/tcp": []nat.PortBinding{{HostIP: "0.0.0.0", HostPort: strconv.Itoa(int(c.HTTPSListenPort))}}, - "80/tcp": []nat.PortBinding{{HostIP: "0.0.0.0", HostPort: strconv.Itoa(int(c.HTTPListenPort))}}, + "8443/tcp": []nat.PortBinding{{HostIP: "0.0.0.0", HostPort: strconv.Itoa(int(c.HTTPSListenPort))}}, + "8080/tcp": []nat.PortBinding{{HostIP: "0.0.0.0", HostPort: strconv.Itoa(int(c.HTTPListenPort))}}, } containerID, err := startPMMServer(ctx, volume, "", dockerImage, c.dockerFn, ports, c.ContainerName) diff --git a/agent/Makefile b/agent/Makefile index a2334a7e7d..20811ce349 100644 --- a/agent/Makefile +++ b/agent/Makefile @@ -11,7 +11,7 @@ PMM_RELEASE_VERSION ?= $(shell git describe --always --dirty | cut -b2-) PMM_RELEASE_TIMESTAMP ?= $(shell date '+%s') PMM_RELEASE_FULLCOMMIT ?= $(shell git rev-parse HEAD) PMM_RELEASE_BRANCH ?= $(shell git describe --always --contains --all) -PMM_DEV_SERVER_PORT ?= 443 +PMM_DEV_SERVER_PORT ?= 8443 ifeq ($(GOBIN),) GOBIN := $(shell go env GOPATH)/bin endif diff --git a/agent/agents/supervisor/supervisor_test.go b/agent/agents/supervisor/supervisor_test.go index 5811e34504..b31573d5c4 100644 --- a/agent/agents/supervisor/supervisor_test.go +++ b/agent/agents/supervisor/supervisor_test.go @@ -52,7 +52,7 @@ func TestSupervisor(t *testing.T) { cfgStorage := config.NewStorage(&config.Config{ Paths: config.Paths{TempDir: tempDir}, Ports: config.Ports{Min: 65000, Max: 65099}, - Server: config.Server{Address: "localhost:443"}, + Server: config.Server{Address: "localhost:8443"}, LogLinesCount: 1, }) s := NewSupervisor(ctx, nil, cfgStorage) diff --git a/agent/config/config_test.go b/agent/config/config_test.go index be2287829a..68a66e6e0c 100644 --- a/agent/config/config_test.go +++ b/agent/config/config_test.go @@ -102,7 +102,7 @@ func TestGet(t *testing.T) { ListenAddress: "127.0.0.1", ListenPort: 9999, Server: Server{ - Address: "127.0.0.1:443", + Address: "127.0.0.1:8443", }, Paths: Paths{ PathsBase: "/usr/local/percona/pmm2", @@ -167,7 +167,7 @@ func TestGet(t *testing.T) { ListenAddress: "0.0.0.0", ListenPort: 7777, Server: Server{ - Address: "127.0.0.1:443", + Address: "127.0.0.1:8443", }, Paths: Paths{ PathsBase: "/usr/local/percona/pmm2", @@ -231,7 +231,7 @@ func TestGet(t *testing.T) { ListenAddress: "127.0.0.1", ListenPort: 7777, Server: Server{ - Address: "127.0.0.1:443", + Address: "127.0.0.1:8443", }, Paths: Paths{ PathsBase: "/usr/local/percona/pmm2", @@ -303,7 +303,7 @@ func TestGet(t *testing.T) { ListenAddress: "127.0.0.1", ListenPort: 7777, Server: Server{ - Address: "127.0.0.1:443", + Address: "127.0.0.1:8443", }, Paths: Paths{ PathsBase: "/usr/local/percona/pmm2", @@ -373,7 +373,7 @@ func TestGet(t *testing.T) { ListenAddress: "127.0.0.1", ListenPort: 7777, Server: Server{ - Address: "127.0.0.1:443", + Address: "127.0.0.1:8443", }, Paths: Paths{ PathsBase: "/base", @@ -441,7 +441,7 @@ func TestGet(t *testing.T) { ListenAddress: "127.0.0.1", ListenPort: 7777, Server: Server{ - Address: "127.0.0.1:443", + Address: "127.0.0.1:8443", }, Paths: Paths{ PathsBase: "/base", @@ -534,11 +534,11 @@ func TestGet(t *testing.T) { func TestFilteredURL(t *testing.T) { s := &Server{ - Address: "1.2.3.4:443", + Address: "1.2.3.4:8443", Username: "username", } - require.Equal(t, "https://username@1.2.3.4:443/", s.URL().String()) - require.Equal(t, "https://username@1.2.3.4:443/", s.FilteredURL()) + require.Equal(t, "https://username@1.2.3.4:8443/", s.URL().String()) + require.Equal(t, "https://username@1.2.3.4:8443/", s.FilteredURL()) for _, password := range []string{ "password", @@ -546,7 +546,7 @@ func TestFilteredURL(t *testing.T) { } { t.Run(password, func(t *testing.T) { s.Password = password - assert.Equal(t, "https://username:***@1.2.3.4:443/", s.FilteredURL()) + assert.Equal(t, "https://username:***@1.2.3.4:8443/", s.FilteredURL()) }) } } diff --git a/agent/docker-compose.yml b/agent/docker-compose.yml index a8ceec1062..a321af9f2e 100644 --- a/agent/docker-compose.yml +++ b/agent/docker-compose.yml @@ -6,8 +6,8 @@ services: image: ${PMM_SERVER_IMAGE:-perconalab/pmm-server:dev-latest} container_name: pmm-agent_pmm-server ports: - - "127.0.0.1:80:80" - - "127.0.0.1:443:443" + - "127.0.0.1:80:8080" + - "127.0.0.1:443:8443" environment: - PMM_DEBUG=1 - PERCONA_TEST_CHECKS_INTERVAL=10s diff --git a/api-tests/docker-compose.yml b/api-tests/docker-compose.yml index f1c06af778..2bc966c71e 100644 --- a/api-tests/docker-compose.yml +++ b/api-tests/docker-compose.yml @@ -6,8 +6,8 @@ services: image: ${PMM_SERVER_IMAGE:-perconalab/pmm-server:dev-latest} container_name: pmm-agent_pmm-server ports: - - 127.0.0.1:80:80 - - 127.0.0.1:443:443 + - 127.0.0.1:80:8080 + - 127.0.0.1:443:8443 environment: - PMM_DEBUG=1 - PERCONA_TEST_CHECKS_INTERVAL=10s diff --git a/build/ansible/pmm2/post-build-actions.yml b/build/ansible/pmm2/post-build-actions.yml index 65d29b38e0..080854c67e 100644 --- a/build/ansible/pmm2/post-build-actions.yml +++ b/build/ansible/pmm2/post-build-actions.yml @@ -67,7 +67,7 @@ --config-file=/usr/local/percona/pmm2/config/pmm-agent.yaml --skip-registration --id=pmm-server - --server-address=127.0.0.1:443 + --server-address=127.0.0.1:8443 --server-insecure-tls - name: Reread supervisord configuration EL7 diff --git a/build/ansible/roles/ami-ovf/tasks/main.yml b/build/ansible/roles/ami-ovf/tasks/main.yml index fd30f8009f..b0d893641c 100644 --- a/build/ansible/roles/ami-ovf/tasks/main.yml +++ b/build/ansible/roles/ami-ovf/tasks/main.yml @@ -57,6 +57,8 @@ with_items: - 80/tcp - 443/tcp + - 8080/tcp + - 8443/tcp - name: Add firewalld rule | EL9 when: @@ -68,6 +70,8 @@ with_items: - 80/tcp - 443/tcp + - 8080/tcp + - 8443/tcp - name: PMM | Add script which show PMM URL copy: diff --git a/build/ansible/roles/pmm2-images/tasks/main.yml b/build/ansible/roles/pmm2-images/tasks/main.yml index 9208e7cd4f..df5ab7b440 100644 --- a/build/ansible/roles/pmm2-images/tasks/main.yml +++ b/build/ansible/roles/pmm2-images/tasks/main.yml @@ -100,7 +100,7 @@ non_unique: true loop: - { name: pmm, gid: 1000 } - - { name: nginx, gid: 999 } + - { name: nginx, gid: 1002 } - { name: grafana, gid: 998 } - { name: clickhouse, gid: 997 } - { name: pmm-agent, gid: 996 } @@ -116,7 +116,7 @@ non_unique: true loop: - { name: pmm, uid: 1000, comment: "PMM Server", shell: "/bin/false", home: "/home/pmm", group: pmm, } - - { name: nginx, uid: 999, comment: "nginx user", shell: "/sbin/nologin", home: "/var/cache/nginx", group: nginx, } + - { name: nginx, uid: 1002, comment: "nginx user", shell: "/sbin/nologin", home: "/var/cache/nginx", group: nginx, } - { name: grafana, uid: 998, comment: "Grafana Dashboard", shell: "/sbin/nologin", home: "/etc/grafana", group: grafana, } - { name: clickhouse, uid: 997, comment: "Clickhouse server", shell: "/sbin/nologin", home: "/var/lib/clickhouse", group: clickhouse, } - { name: pmm-agent, uid: 996, comment: "pmm-agent", shell: "/bin/false", home: "/usr/local/percona/", group: pmm-agent, } diff --git a/build/docker/server/Dockerfile b/build/docker/server/Dockerfile index d5c2a752f7..db49bd7ad9 100644 --- a/build/docker/server/Dockerfile +++ b/build/docker/server/Dockerfile @@ -9,7 +9,7 @@ LABEL org.opencontainers.image.title Percona Monitoring and Management LABEL org.opencontainers.image.vendor Percona LABEL org.opencontainers.image.version ${VERSION} -EXPOSE 80 443 +EXPOSE 8080 8443 WORKDIR /opt diff --git a/build/docker/server/Dockerfile.el9 b/build/docker/server/Dockerfile.el9 index 4fb9001f98..2e2de1364a 100644 --- a/build/docker/server/Dockerfile.el9 +++ b/build/docker/server/Dockerfile.el9 @@ -14,7 +14,7 @@ LABEL org.opencontainers.image.title Percona Monitoring and Management LABEL org.opencontainers.image.vendor Percona LLC LABEL org.opencontainers.image.version ${VERSION} -EXPOSE 80 443 +EXPOSE 8080 8443 WORKDIR /opt diff --git a/docker-compose.yml b/docker-compose.yml index 642897edc5..6226531a39 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -46,27 +46,23 @@ services: # - GF_DATABASE_CA_CERT_PATH=/tmp/certs/root.crt # - GF_DATABASE_CLIENT_KEY_PATH=/tmp/certs/grafana.key # - GF_DATABASE_CLIENT_CERT_PATH=/tmp/certs/grafana.crt - extra_hosts: - host.docker.internal:host-gateway # - portal.localhost:${PORTAL_HOST:-host-gateway} # - check.localhost:${PORTAL_CHECK_HOST:-host-gateway} # - pmm.localhost:${PORTAL_PMM_HOST:-host-gateway} # - check-dev.percona.com:${PORTAL_PMM_HOST:-host-gateway} - # for delve cap_add: - SYS_PTRACE security_opt: - seccomp:unconfined - # see https://github.com/golang/go/wiki/LinuxKernelSignalVectorBug#what-to-do ulimits: memlock: 67108864 - ports: - - ${PMM_PORT_HTTP:-80}:80 - - ${PMM_PORT_HTTPS:-443}:443 + - ${PMM_PORT_HTTP:-80}:8080 + - ${PMM_PORT_HTTPS:-443}:8443 # For headless delve - ${PMM_PORT_DELVE:-2345}:2345 # PG @@ -125,6 +121,7 @@ services: - "--influxListenAddr=:8089" networks: - ${NETWORK:-default} + pmm-managed-server-ch: profiles: - pmm-external-dbs @@ -155,27 +152,24 @@ services: # - PMM_DEBUG=1 - PMM_VM_URL=${PMM_VM_URL:-http://victoriametrics:8428/} - PMM_DEBUG=1 - extra_hosts: - host.docker.internal:host-gateway # - portal.localhost:${PORTAL_HOST:-host-gateway} # - check.localhost:${PORTAL_CHECK_HOST:-host-gateway} # - pmm.localhost:${PORTAL_PMM_HOST:-host-gateway} # - check-dev.percona.com:${PORTAL_PMM_HOST:-host-gateway} - # for delve cap_add: - SYS_PTRACE security_opt: - seccomp:unconfined - # see https://github.com/golang/go/wiki/LinuxKernelSignalVectorBug#what-to-do ulimits: memlock: 67108864 ports: - - ${PMM_PORT_HTTP:-80}:80 - - ${PMM_PORT_HTTPS:-443}:443 + - ${PMM_PORT_HTTP:-80}:8080 + - ${PMM_PORT_HTTPS:-443}:8443 # For headless delve - ${PMM_PORT_DELVE:-2345}:2345 volumes: diff --git a/get-pmm.sh b/get-pmm.sh index 87ab6eaa1e..b732c3a79f 100755 --- a/get-pmm.sh +++ b/get-pmm.sh @@ -237,7 +237,7 @@ start_pmm() { run_docker 'stop pmm-server' || : run_docker "rename pmm-server $pmm_archive\n" fi - run_pmm="run -d -p $port:443 --volumes-from pmm-data --name $container_name --restart always $repo:$tag" + run_pmm="run -d -p $port:8443 --volumes-from pmm-data --name $container_name --restart always $repo:$tag" run_docker "$run_pmm 1> /dev/null" msg "Created PMM Server: $container_name" diff --git a/managed/services/supervisord/pmm_config.go b/managed/services/supervisord/pmm_config.go index fbe7f2b51f..16103ae339 100644 --- a/managed/services/supervisord/pmm_config.go +++ b/managed/services/supervisord/pmm_config.go @@ -148,6 +148,7 @@ redirect_stderr = true [program:nginx] priority = 4 command = nginx +user = nginx autorestart = true autostart = true startretries = 10 diff --git a/qan-api2/docker-compose.yaml b/qan-api2/docker-compose.yaml index deb5eea0d2..7ee50a3ff0 100644 --- a/qan-api2/docker-compose.yaml +++ b/qan-api2/docker-compose.yaml @@ -6,8 +6,8 @@ services: container_name: pmm-server image: perconalab/pmm-server:dev-latest ports: - - 80:80 - - 443:443 + - 80:8080 + - 443:8443 - 19000:9000 - 9933:9933 restart: always diff --git a/update/ansible/playbook/tasks/roles/nginx/files/conf.d/pmm.conf b/update/ansible/playbook/tasks/roles/nginx/files/conf.d/pmm.conf index 1450c7c7fe..fb656db6b1 100644 --- a/update/ansible/playbook/tasks/roles/nginx/files/conf.d/pmm.conf +++ b/update/ansible/playbook/tasks/roles/nginx/files/conf.d/pmm.conf @@ -28,8 +28,8 @@ } server { - listen 80; - listen 443 ssl http2; + listen 8080; + listen 8443 ssl http2; server_name _; server_tokens off;