Developer License: what needs to be done if hosting on docker behind proxy server
Developer License: what needs to be done if hosting on docker behind proxy server
Yesterday I wanted to apply for the developers license but I am kinda stuck at what to do to get that process to work.
Just some background info that might help or make a difference:
- I’m running PSU on Docker behind a reverse proxy (Godoxy)
- No ports are exposed as the reverse proxy routes traffic to PSU in the container on port 5000
- The only entrance via the reverse proxy is port 443
- I was previously running PSU with
ironmansoftware/universal:latest - I switched yesterday evening to
devolutions/powershell-universal:latest - Version now shows : 2026.1.6
- The reverse proxy protects PSU access by having Authentik involved as OIDC (configured in the reverse proxy settings, not PSU)
I looked at the documentation on licensing:
https://docs.powershelluniversal.com/licensing#static-login-port
In that document it states I need to set this:
{
“PSULoginPort”: 60370
}
To be honest, I have no clue where to set this and the documentation does not seem to mention this either.
And then there is the fact I cannot reach that port anyway, there are layers of security around the setup of docker and containers that prevent opening ports to the public. The DNS does have anything regarding that port, the reverse proxy know nothing about that port, the docker compose has no port exposure, the container access is protected by OIDC via the reverse proxy so you need to authenticate before you can reach PSU on my docker env, that sort of thing.
And then there is the fact that I have no clue why I would need to open that port anyway, it feels like a bit of overreach to ask people to expose a port to the internet and bypass all protective layers. And is there any documentation or statement from PSU/Devolutions on what will be sent back and forth? Can I close that port once the developer license is pulled in the PSU environment?
So if I click the button “Login with Devolutions Account” I get this message in my browser:Firefox can’t connect to the server at 127.0.0.1:60370
So the question now is: what do I need to do to get that developers license? Is there a way to just login to the Devolutions website with my account (which I have) and generate/get a license that I can apply to PSU myself? That would be infinitely easier and more secure than opening port(s) or having some back-and-forth between my PSU container and some server from Devolutions. This process ‘feels’ a bit more complex then it should be, but that could be for a reason I am not aware of.
Now I am assuming a lot here, about opening ports, listening servers and whatnot but that is because I have no clue what is needed and what will happen in the background once I (if indeed needed of course) open an unprotected port to the internet.
Some clarity on the correct needed setup, the routes of traffic involved so I can understand what would be needed and what the impact is.
In my case the involved parts are: DNS, Docker (compose), reverse proxy and Authentik
Any help on this would be appreciated!
PS: once I started using the image from devolutions/powershell-universal:latest I see a lot of messages like this in the logs of PSU:
[10:48:06 INF] Microsoft.AspNetCore.Hosting.Diagnostics Request starting HTTP/1.1 HEAD http://172.18.0.22:5000/ - null null │ │ [10:48:06 INF] Microsoft.AspNetCore.Mvc.ChallengeResult Executing ChallengeResult with authentication schemes ( ). │ │ [10:48:06 INF] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler AuthenticationScheme: Cookies was challenged. │ │ [10:48:06 INF] Microsoft.AspNetCore.Hosting.Diagnostics Request finished HTTP/1.1 HEAD http://172.18.0.22:5000/ - 302 null null 32.821ms │ │ [10:48:11 INF] Microsoft.AspNetCore.Hosting.Diagnostics Request starting HTTP/1.1 HEAD http://172.18.0.22:5000/ - null null │ │ [10:48:11 INF] Microsoft.AspNetCore.Mvc.ChallengeResult Executing ChallengeResult with authentication schemes (
Is this to be expected? Perhaps it is meant to be, no idea here.
Recommended Answer
I have confirmed with Adam that the Developer License flow is intended for local editing, not remote access. PSULoginPort is the intended setting for your scenario, but it only makes the local login port static. It does not change the loopback host from 127.0.0.1.
The documentation was a little unclear on this and it will be fixed this week. Sorry about the confusions.
All Comments (7)
@Adam Driscoll any idea on this?
Without wanting to sound passive aggressive (but I guess it still counts as that):
I guess there is no help for me on this one
I suppose I need to move on now due to lack of response. I have no clue how to proceed.
@Adam Driscoll is there anything I missed? If I need support I am currently not aware how to get that and uncertain if I am even eligible for support. Not even sure if you even see these messages.
It’s ok, it’s not passive aggressive. It’s just capacity, I think, is the real barrier.
I have confirmed with Adam that the Developer License flow is intended for local editing, not remote access. PSULoginPort is the intended setting for your scenario, but it only makes the local login port static. It does not change the loopback host from 127.0.0.1.
The documentation was a little unclear on this and it will be fixed this week. Sorry about the confusions.
in with Devolutions Account
@mjs461 So, the “old way” of generating a developer license from a paid license is not working anymore? We are using this way for our development systems. These are all “infrastructure as code”, so we do not have a browser or something else to login with devolution account. We are only using this for developing anything inside psu, test it and then it goes to the systems with paid licenses.Also our systems never have internet access.
Our license will expire soon - What can we do?
Thanks for the answers @mjs461 !
I understand the intention en mechanism better now.