How to fix: "listen tcp :443: bind: permission denied" on mattermost using ansible

Question

I am deploying mattermost in my AWS enviorment using ansible. I am trying to set a secure https connection, but I keep getting this error when I go into the logs:

{:"commands/server.go:112","msg":"listen tcp :443: bind: permission denied"}
{:"app/app.go:257","msg":"Stopping Server..."}
{:"app/web_hub.go:120","msg":"stopping websocket hub connections"}
{:"app/web_hub.go:125","msg":"We appear to have already sent the stop checking for deadlocks 

I sort of have an idea that its some sort of permissions error, but I am not sure how to move forward from this. Can anyone help?

Answer 1

In a Linux, only root can bind to ports below 1024. A typical Ansible use case is not running as root.

See https://docs.ansible.com/ansible/2.4/become.html about privilege escalation in Ansible.

See https://superuser.com/a/892391/155147 for possible solutions for allowing privileged port binding.

Answer 2

I had similar issues with Grafana, after upgrading Grafana to a new version.

sudo service grafana-server status was printing out:

grafana-vm systemd[1]: grafana-server.service: Main process exited, code=exited, status=1/FAILURE
grafana-vm systemd[1]: grafana-server.service: Unit entered failed state.
grafana-vm systemd[1]: grafana-server.service: Failed with result 'exit-code'.
grafana-vm systemd[1]: grafana-server.service: Service hold-off time over, scheduling restart.
grafana-vm systemd[1]: Stopped Grafana instance.
grafana-vm systemd[1]: grafana-server.service: Start request repeated too quickly.
grafana-vm systemd[1]: Failed to start Grafana instance.
grafana-vm systemd[1]: grafana-server.service: Unit entered failed state.
grafana-vm systemd[1]: grafana-server.service: Failed with result 'start-limit-hit'.

Excerpt from the log:

lvl=eror msg="Stopped HTTPServer" logger=server reason="failed to open listener on address 0.0.0.0:80: listen tcp 0.0.0.0:80: bind: permission denied"
lvl=eror msg="A service failed" logger=server err="failed to open listener on address 0.0.0.0:80: listen tcp 0.0.0.0:80: bind: permission denied"
lvl=eror msg="Server shutdown" logger=server reason="failed to open listener on address 0.0.0.0:80: listen tcp 0.0.0.0:80: bind: permission denied"

It turns out this is a fix:

sudo setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server

More: https://grafana.com/docs/grafana/latest/administration/configuration/#http_port