Request to support custom ssl port

[siaimes]

What would you like to be added:
I need openpai to support custom SSL port.
Why is this needed:
If the administrator can customize the ssl port, it will be possible to deploy multiple websites on the same master node through an additional nginx service. But now the ssl port number is designated as 443, without modifying the source code, the administrator cannot customize the ssl port. The custom ssl port is very useful, especially when the master node has sufficient computing power to deploy multiple websites.
Without this feature, how does the current module work:
ssl port must be 443.
Components that may involve changes:
hostPort: 443
basic-management-operations.md

[siaimes]

I thought of a compromise, but it doesn't seem to work. So I have come to seek help from the community.

I turned off openpai's ssl and changed http to listen on port 8080. Now I can access http://MasterIP:8080 in the browser.

Then I used the following two configurations to start a nginx service to manage ports 80 and 443.

docker-compose.yml

# Licensed under the MIT License
version: "3"
services:
  nginx:
    restart: always
    container_name: nginx
    image: nginx:1.15
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./nginx:/etc/nginx/conf.d
      - ./nginx/ssl:/etc/nginx/ssl
      - ./nginx/log:/var/log/nginx

nginx/default.conf

server {
    listen 0.0.0.0:443 ssl;
    server_name MasterIP;
       
    ssl_certificate         /etc/nginx/ssl/xxxx.crt;
    ssl_certificate_key     /etc/nginx/ssl/xxxx.key;
    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers             HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://MasterIP:8080;
    }

}

server {
    listen 0.0.0.0:80;

    server_name _;

    location / {
        return 301 https://MasterIP:443$request_uri;
    }

}

But, unfortunately, this does not work. netstat -plan | grep :443 command shows that the status of port 443 is LISTEN, but wget return Connecting to MasterIP:443... failed: Connection refused., tcping MasterIP 443 return No response.

The strange thing is that I only need to change 443 to another port, such as 8443, it works.

I was wondering if it conflicted with pylon, Because other possible solutions, such as port forwarding, don't work either.

[siaimes]

I was wondering if it conflicted with pylon, Because other possible solutions, such as port forwarding, don't work either.

Indeed, pylon occupies port 443, because this line hostPort: 443 do not in {% if 'ssl' in cluster_cfg['pylon'] %} ... {% endif %} statement.

[siaimes]

I was wondering if it conflicted with pylon, Because other possible solutions, such as port forwarding, don't work either.

Indeed, pylon occupies port 443, because this line hostPort: 443 do not in {% if 'ssl' in cluster_cfg['pylon'] %} ... {% endif %} statement.

I modified the source code of pai in dev-box, but the above configuration file still doesn't work. It seems that there are conflicts elsewhere.

[Binyang2014]

Fixed by #5495