I’m experiencing the very same behavior on the same (and most normal configuration).
First, the URL not reachable:
--bind) is not the same as external, it seems the binary does not bind to a socket and my guess is that it fails to generate a certificate and so can not further listen on 443. But then, what would be the proper value for the --bind?
if we set
--bind to the value of
--external, then the web installer is usable. Still, it sounds wrong because and induce fear about installation security, especially IP address privacy (eg, if behind CloudFlare)
Then the warning:
Warning: no private IP detected for binding broker. Will bind to XXX, which may give public access to the broker.
I’m having hard time understanding the reasons under this message. It even happened when setting
localhost (but see the above issue n°1).
- All machines possess
::1 (lo), so why not systematically
--bind on this interface for the internalUrl?
- Most of the confusion comes from not knowing what are we binding? Internal webservices or external webserver? And if both are configurable, why do we only have one
See also the related issues/questions:
Internal URL: it defines the interface where the internal webserver of the application is bound. It MUST contain a server name and a port, should be of this form :.
External URL: This is the main entry point from the outside world, the address you will communicate to your endusers. It typically differs from the internal URL when you are behind a reverse proxy or in a container.