Dashboard not visible on LAN

Configuration
1

My Gladys is running fine, but only on the localhost. Other Docker services are perfectly reachable on the LAN, but not Gladys. Also no other Docker is using that port, also tried other ports. Logs are fine.

Any clue?

services:
  gladys:
    logging:
      driver: json-file
      options:
        max-size: 10m
    cgroup: host
    restart: always
    privileged: true
    network_mode: host
    container_name: gladys
    environment:
      - NODE_ENV=production
      - SERVER_PORT=8001
      - TZ=Europe/Amsterdam
      - SQLITE_FILE_PATH=/var/lib/gladysassistant/gladys-production.db
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/gladysassistant:/var/lib/gladysassistant
      - /dev:/dev
      - /run/udev:/run/udev:ro
    image: gladysassistant/gladys:v4
2

With which address are you trying to contact Gladys?

http://MACHINE_IP:8001

?

3

Yes, I use the IP:8001, standars http.

4

It should work! Are you sure there is no configuration needed for your network?

5

Yes, because the others work out of the box.

Edit: also tried a fresh install. The setup page was also not reachable.

6

If you do:

ss -lntp | grep 8001

What do you see?

7

LISTEN 0 511 *:8001 : users:((« node »,pid=1876873,fd=29))

If I use the ports in the config yaml and comment out network=host, it works on LAN.
Then I get this:
LISTEN 0 4096 0.0.0.0:8001 0.0.0.0:* users:((« docker-proxy »,pid=1879103,fd=7))
LISTEN 0 4096 [::]:8001 [::]:* users:((« docker-proxy »,pid=1879109,fd=7))

The question remains. Is this a solid workaround and why doesn’t it work the other way?

8

If I feed this conversation into ChatGPT, apparently it’s an IPv6 issue.

I’m seeing recommendations like adding this to the docker-compose, but honestly, I haven’t tried it ^^

environment:
  - NODE_OPTIONS=--dns-result-order=ipv4first

I’m not using docker-compose for my personal setup, there is always some weird stuff like that, just using the raw docker run from the website.

If you don’t use network=host, you’ll have issues when using integrations that need to be on the network (e.g., Matter, Philips Hue, network scanning, etc.).

So it’s up to you, but it’s not a recommended setup :slight_smile:

9

only supplying the ports in stead of using network=host gives a non-working environment indeed

I’ve investigated it further. It seems that because of the network=host the ports are not automatically accessible to LAN devices. This is due to stricter rules on Debian 13.

I could setup a Macvlan, reverse proxy, but instead I went for the easy solution and added the ports (8001 and 8089 in my case for Z2M) to UFW on top of the list. In my iptables everything from LAN is disabled by default.

sudo ufw insert 1 allow from <LAN IP>/24 to any port <port> proto tcp

Works like a charm.

2 Likes