Change default port order to 443, 3080 #4924
Assignees
Milestone
Comments
|
Not sure if it would be possible, but using the Happy Eyeballs algorithm (https://tools.ietf.org/html/rfc8305), used for IPv4/IPv6, could give the best of both worlds. Basically, send a request on both 443 and 3080, and see which one comes back first (and is a valid teleport endpoint). I was also bitten by the default 3080 thing, and switched from 443 just to make my developers' lives easier. |
russjones
added
the
tsh
|
Useful debugging tip: drop packets to 3080 on the loopback: $ [sudo] iptables -I INPUT -i lo -p tcp --dport 3080 -j DROP |
|
Does this fallback behaviour still exist in teleport >= 6? When I run the current master it looks to time out on |
|
Hi @tcsc how to setup the config to enable accessing web UI without using port in the end of url? current --> https://teleport.myteam.com:3080 Is it possible right now? |
tcsc
added a commit
that referenced
this issue
Apr 9, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
tcsc
added a commit
that referenced
this issue
Apr 12, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
tcsc
added a commit
that referenced
this issue
Apr 15, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
tcsc
added a commit
that referenced
this issue
Apr 20, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
|
Hi @yusufharip. To avoid specifying the port number in the url, you will need to configure your teleport proxy to listen on the standard https port For this example, you would need a config like: ...
proxy_service:
public_addr: teleport.myteam.com:443
web_listen_addr: 0.0.0.0:443You can check our configuration reference for more details. |
|
Thanks @nklaassen work perfectly. |
tcsc
added a commit
that referenced
this issue
May 4, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
russjones
pushed a commit
that referenced
this issue
May 14, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
russjones
pushed a commit
that referenced
this issue
May 14, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
russjones
pushed a commit
that referenced
this issue
May 15, 2021
Addresses issue #4924 If a default Web Proxy port is not specified by the user, either via config or on the command line, `tsh` defaults to `3080`. Unfortunately `3080` is often blocked by firewalls, leading to an unacceptably long timeout for the user. This change adds an RFC8305-like default-port selection algorithm, that will try multiple ports on the supplied host concurrently and select the most reponsive address to use for Web Proxy traffic. I have included the standard HTTPS port (443) in the defaulut set, and this can be easily expanded if other good candidates come along. If the port selection fails for any reason, `tsh` reverts to the legacy behaviour of picking `3080` automatically.
|
Fixed in Teleport 6.2. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
tsh login --proxy=example.comby default tries 3080 and then 443. The problem is that most of the time 3080 is blocked,and the above command will hang before trying next port 443. Why don't we switch the order of ports, with 443 being the default, and 3080 a fallback.
Motivation
This will improve UX for everyone
The text was updated successfully, but these errors were encountered: