Gateway restarting is failed, and starting script is not working too, after changing HTTP/HTTPS port from 8080/8043 to 80/443

UnSuk_Song · September 13, 2023, 8:35am

Solved it myself by referencing other posts.
Thanks to those posts and others.

[Causes]
Ports 80 and 443 are 'privileged' or 'well-known' ports commonly used at the system level.
End-user or end-of-life applications cannot bind directly to these ports, usually requiring administrator privileges(sudo).
When Ignition Gateway attempted to bind to these ports, an error such as Failed to bind to 0.0.0.0/0.0.0.0:80 occurred because it did not have the required privileges.

[Trouble shooting]
On wrapper.log, there are noticeable log in it.

INFO   | jvm 2    | 2023/09/13 15:35:06 | I [g.WebServerManager            ] [06:35:05]: Starting setup 
INFO   | jvm 2    | 2023/09/13 15:35:06 | I [g.WebServerManager            ] [06:35:05]: Setup complete 
INFO   | jvm 2    | 2023/09/13 15:35:06 | I [g.WebServerManager            ] [06:35:06]: Starting up 
INFO   | jvm 2    | 2023/09/13 15:35:06 | I [g.SslManager                  ] [06:35:06]: State refreshed state=SELF_SIGNED_CERTIFICATE
INFO   | jvm 2    | 2023/09/13 15:35:06 | I [C.SecureRandomProvider        ] [06:35:06]: Secure random seed generated in 1ms 
INFO   | jvm 2    | 2023/09/13 15:35:06 | I [o.e.j.s.Server                ] [06:35:06]: jetty-10.0.13; built: 2022-12-07T20:13:20.134Z; git: 1c2636ea05c0ca8de1ffd6ca7f3a98ac084c766d; jvm 11.0.18+10-LTS 
INFO   | jvm 2    | 2023/09/13 15:35:06 | WrapperSimpleApp: 
INFO   | jvm 2    | 2023/09/13 15:35:06 | WrapperSimpleApp Error: Encountered an error running main:
INFO   | jvm 2    | 2023/09/13 15:35:06 | WrapperSimpleApp Error: MultiException[java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:80, java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:443]

Judging from these logs, it is clear that I changed the HTTP/HTTPS port caused the error.

Search for forums with these phrase:
java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:80
java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:443.

I found posts above and edited service file on /etc/systemd/system/Ignition-Gateway.service.

Add following string: AmbientCapabilities=CAP_NET_BIND_SERVICE

[Unit]
Description=Ignition-Gateway
After=syslog.target

[Service]
Type=forking
ExecStart=/usr/local/bin/ignition/ignition.sh start sysd
ExecStop=/usr/local/bin/ignition/ignition.sh stop sysd
User=fci
KillMode=process
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

As this service file is updated, following command is required:
sudo systemctl daemon-reload

Restart the Ignition Gateway again:

me@myserver:~$ /usr/local/bin/ignition/ignition.sh start
Starting Ignition-Gateway with systemd...
Waiting for Ignition-Gateway...
running: PID:11935

Now I can see the process listening on 80/443

me@myserver:~$ sudo lsof -i :80
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java    11956  me  xxxx  IPv6  72669      0t0  TCP *:http (LISTEN)

me@myserver:~$ sudo lsof -i :443
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java    11956  me  xxxx  IPv6  72670      0t0  TCP *:https (LISTEN)