Installation of PMM server and client at one server

Percona Monitoring and Management (PMM) PMM 3.x
1

Hello to Community !
Trying to meet with PMM 3 version I’ve met two questions

  1. Is it possible to install PMM server and PMM client at the same (remote) server and get access using web ?

  2. Is it possible to install PMM_Server+PMM_client on a server what run Apache ?

Because when I tried to make a first installation of PMM server using docker - it says
”docker: Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint pmm-server (66a2e24045358731b3fcd05f50caf6f3974c21920d12e5f1f9271d1ad5020d30): failed to bind host port for 0.0.0.0:443:172.18.0.2:8443/tcp: address already in use”

But OF COURSE 443 port is busy and always be busy because this port serving Apache SSL connections to the hosted sites.

It means we have to have a SEPARATE SERVER just for PMM Server ? (if I understand right you way of installation)

Why not use same simple web access idea like widely known PhpMyAdmin ?

XXX.IP.ADD.RESS/phpmyadmin/index.php

IMHO, “security” is not an argument because PhpMyAdmin allows an absolute control over MySQL databases - but millions of server administrators use the one.

Would be obliged for a comment,
Best regards,
Serge

2

When you launch the docker container for PMM, you can specify an alternate port. 8444 is quite common.

No, just switch to a different port as I mentioned above.

That would require our docker container know about, and understand your webserver config. Containers are isolated runtimes, and do not (by design) interact with anything running on the host machine unless specifically mounted to the container.

What you can do: in your apache config, add either a <proxypass> directive, or a <rewriterule> to redirect traffic from /pmm to ip.add.re.ss:8444/

Security is absolutely an argument. Your phpMyAdmin does not require you give it full, unrestricted access. Also, your phpMyAdmin should not be accessible on the public internet. Follow standard security best-practices, and ensure your PMA is locked behind UN/PW, or even 2FA (there’s apache plugins for this), or SSL Client Authentication, or run your PMA on a different port that is not “widely known”.

3

I considered your security notes and I accept you’re right.

Your idea to save (instead of “on-fly start” using wget… | /bin/bash) and run installation script with port option

sh pmm.sh -p 8444

has solved the problem, thanks a lot and the rest of installation was finished without any problem, including access to PMM,

Best regards,