In open source project,project open, I'm trying to run the server on port 80 for http and 443 for https which gave an error
[-nssock:driver-] Error: nssock: failed to listen on 0.0.0.0:80: Permission denied
and also is there anything else required to enable https port(like certification,etc)
Are there any other applications which already used the port 80? run below command to find out what applicaiton use the resource
netstat -an |grep "\.80 "
lsof -i:80
Probably you are trying to run AolServer as non-root user, but AolServer is configured to use "privileged" ports 80 and 443 (ports below 1024 are "privileged").
You may either configure your system to allow non-root process to bind to "privileged" ports, or just run AolServer as root. For the first approach also check discussion of the capabilities system.
Related
Background: I'm trying to have XDebug connect to my IDE from within a docker container (my php app is running inside a container on my development machine). On my Macbook, it has no issue doing this. However, on linux, I discovered that from within the container, the port I was using (9000) was not visibile on the host gateway (Using sudo nmap -sT -p- 172.20.0.1 where 172.20.0.1 is my host gateway in docker).
I was able to fix this issue by opening port 9000 on my development machine (sudo ufw allow 9000/tcp). Once I did this, the container could see port 9000 on the host gateway.
My Question: Is this completely necessary? I don't love the idea of opening up a firewall port just so a docker container, running on my machine, can connect to it. Is there a more secure alternative to this?
From what you've told us, opening the port does sound necessary. If a firewall blocks a port, all traffic over that port is blocked and you won't be able to use the application on the container from the host machine.
What you can do to make this more secure is to specify a specific interface to open the port for as specified here:
ufw allow in on docker0 port 9000 proto tcp
Obviously replace docker0 with the docker interface on your machine. You can find this by looking at the output of ip address show or by following the steps here if the interface name is not obvious.
I created a compute engine which has these network tags and firewall rules:
So if I understand this correctly, the machine is allowed to listen on port 80.
I installed node and created a really simple http server just to see if I can reach the box via http. Logged in via ssh on cloud console. When I try to start it (e.g. npm start to run the server), it says:
Error: listen EACCES: permission denied 0.0.0.0:80
Why? How to resolve?
I read somewhere that low port #s are usually restricted to root user, so I tried sudo it says sudo: npm: command not found and similar for sudo node.
Also why is that when you create a server using scripts like these, the article says they are executed as root? How does that happen and why am I not executing as root when I'm the one who booted up the machine and logged in as myself? Yes, my understanding of linux perms is very newbie.
Thanks...
In order to use TCP ports lower than 1024 you node server must run with root privileges. TCP ports 1024 and higher do not require privilege.
When you login to a Google Cloud Compute Engine instance, you are loggin in as a normal user. You do not have root privilege. To grant root privilege to a command, prefix it with sudo. Example: sudo mkdir /directoryname.
I do NOT recommend running node servers with root privilege. This opens a possibly serious security hole in your system. Search the Internet on this topic before deciding.
Your choices are:
Select a port above 1023. Common port numbers: 8000, 8080, 5000.
Start the node server with root privileges: sudo node hello.js
In regards to npm not being found. You will need to modify the environment's PATH variable to include the location of where you installed your node toolset for the user root.
Apache server is giving an error at boot up (or when I try to start the service with systemctl manually)
make_sock: could not bind to address [::]:7301 # virtual host port
But it starts nicely with following command:
httpd -k start
3 things come to mind:
That port, 7301 is already in use by another process, try a netstat -apn | grep 7301 to see if that's the case and if so change the apache port or kill that process.
You have 2 conflicting Listen directives in your apache conf file. For ex. Listen *:7301 and Listen 1.2.3.4:7301 would cause that error, pleasr remove one of them
You have configured apache to use an interface which is not active or does not have IPv6 enabled
Edit:
You have selinux active on your host and it's preventing apache from using a non default port as port 80.
I am currently trying to open port 8787 for rstudio server. I have set this up on an ubuntu host, and want to point my browser at the ip address of the ubuntu host, using port 8787 to direct it to rstudio. I can do this from the host machine, but no such luck using a different computer.
When I do
netstat - peantl | grep ":8787"
I get nothing returned, unlike when checking port 22 which is confirmed as listening. I can there ssh from external machines into the ubuntu host.
So I tried to open up port 8787 with iptables:
sudo iptables -A INPUT -p tcp --dport 8787 -j ACCEPT
command runs fine, but then re-checking with netstat I still do not get any output (I was expecting similar output to port 22 as mentioned previously)
I also allowed port 8787 on ufw:
sudo ufw allow 8787
using gufw it confirms port 8787 is open.
What could be the issue? If my network has restricted port 8787 how can I tell? Am I allowing port 8787 correctly with iptables?
Thanks.
All your iptables and ufw commands are doing is opening ports in the firewall itself. The fact that there is no output from the netstat|grep line means that the rstudio software does not actually have the port open for anyone to connect to. This is the issue you need to fix first.
i just use yum install tomcat7 to setup the tomcat7 and change the port, in the /usr/share/tomcat/conf/server.xml from 8080 to 80 and service tomcat6 start, it works fine.
but when i do the netstat -nlp, there is no 80 port, and also other cannot visit the 80 port
try to create ROOT, i think you did not create it yet, that way make your website unavaialbel.
When you do netstat it typically will show you http, not 80: this is because 80 is bound to http in /etc/services. You'll see something like this:
tcp 0 0 *:http *:* LISTEN
Assuming you're not experiencing a Tomcat error, make sure that you've set up the EC2 security group to allow access to port 80. Look at this for a decent treatment.
EDIT: if 8080 works but 80 doesn't then it is either:
Some other program (such as Apache) sitting on port 80.
You're probably not running with the right privileges. On most Linux distributions you need to be the root user (or running as a system process) to access ports numbered less than 1023