fix(lnd-ui): align container port across all specs

The LND UI container was unreachable on .228 after the v1.7.43-alpha deploy because three sources of truth disagreed on which port nginx listens on inside the container: - docker/lnd-ui/nginx.conf listen 8081 - docker/lnd-ui/Dockerfile EXPOSE 8080 - apps/lnd-ui/manifest.yml host networking, ports: [] - scripts/first-boot-containers.sh -p 8081:8080 - scripts/deploy-to-target.sh -p 8081:80 (de-facto) - scripts/deploy-tailscale.sh -p 8081:80 - scripts/container-specs.sh SPEC_PORTS=8081:80 Result: podman published host 8081 to container port 80, but no one was listening on 80 inside, so connections were reset. Canonicalize on container:80 with host:8081 publish, matching the three deploy paths already in agreement. Changes: - docker/lnd-ui/nginx.conf: listen 8081 -> listen 80 - docker/lnd-ui/Dockerfile: EXPOSE 8080 -> EXPOSE 80 - apps/lnd-ui/manifest.yml: replace host-network (never true) with bridge networking and explicit 8081:80 port mapping, correcting a documentation-vs-reality mismatch - scripts/first-boot-containers.sh: -p 8081:8080 -> -p 8081:80, and fix the internal-port comment Verified on .228 after rebuild: curl http://127.0.0.1:8081/ returns HTTP 200 and the /app/lnd/ host-nginx proxy resolves cleanly.
2026-04-23 15:42:49 -04:00
parent 83aacdf209
commit 72dec5aaa5
4 changed files with 11 additions and 7 deletions
--- a/apps/lnd-ui/manifest.yml
+++ b/apps/lnd-ui/manifest.yml
@@ -22,10 +22,14 @@ app:

  security:
    readonly_root: false
-    network_policy: host
+    network_policy: bridge

-  # Host networking: nginx listens on 8081 directly on the host IP.
-  ports: []
+  # Bridge networking via archy-net. Container nginx listens on 80;
+  # host nginx proxies /app/lnd/ -> 127.0.0.1:8081 -> container:80.
+  ports:
+    - host: 8081
+      container: 80
+      protocol: tcp

  volumes: []

--- a/docker/lnd-ui/Dockerfile
+++ b/docker/lnd-ui/Dockerfile
@@ -22,6 +22,6 @@ RUN sed -i 's/^user  nginx;/user  root;/' /etc/nginx/nginx.conf && \
    mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/proxy_temp \
             /var/cache/nginx/fastcgi_temp /var/cache/nginx/uwsgi_temp \
             /var/cache/nginx/scgi_temp
-EXPOSE 8080
+EXPOSE 80
 ENTRYPOINT []
 CMD ["nginx", "-g", "daemon off;"]
--- a/docker/lnd-ui/nginx.conf
+++ b/docker/lnd-ui/nginx.conf
@@ -1,5 +1,5 @@
 server {
-    listen 8081;
+    listen 80;
    server_name _;

    root /usr/share/nginx/html;
--- a/scripts/first-boot-containers.sh
+++ b/scripts/first-boot-containers.sh
@@ -1242,9 +1242,9 @@ for ui in bitcoin-ui lnd-ui electrs-ui; do
  fi
  case $ui in
    # UI containers use --network host so they can proxy to localhost services
-    # Internal nginx ports: bitcoin-ui=8334, electrs-ui=50002, lnd-ui=8080 (host 8081)
+    # Internal nginx ports: bitcoin-ui=8334, electrs-ui=50002, lnd-ui=80 (host 8081)
    bitcoin-ui)  PORT_ARG=""; NET_ARG="--network host"; REG_IMG="${BITCOIN_UI_IMAGE}" ;;
-    lnd-ui)      PORT_ARG="-p 8081:8080"; NET_ARG=""; REG_IMG="${LND_UI_IMAGE}" ;;
+    lnd-ui)      PORT_ARG="-p 8081:80"; NET_ARG=""; REG_IMG="${LND_UI_IMAGE}" ;;
    electrs-ui)  PORT_ARG=""; NET_ARG="--network host"; REG_IMG="${ELECTRS_UI_IMAGE}" ;;
  esac
  CONTAINER_NAME="archy-$ui"