Unable to set port 80 on Ubuntu 20.04

Ignition
1

Trying to set the default port to 80 on a gateway but getting the following error message:

The Entered http port 1-1023 is not allowed by the system. Please enter a different one

I am fairly certain its just a linux issue, but I cannot seem to find the command to fix it!

I found the following command referenced, but I can’t figure out what the path to ignitions executable is, I tried /usr/local/bin/ignition/ignition-gateway but no luck

setcap cap_net_bind_service=ep /path/to/server/executable

Any ideas?

2

Try this instead Change port in gateway(webserver ) port failed - #5 by pturmel

4

Actually already tried that and no luck

[Unit]
Description=Ignition-Gateway
After=syslog.target

[Service]
Type=forking
ExecStart=/usr/local/bin/ignition/ignition.sh start sysd
ExecStop=/usr/local/bin/ignition/ignition.sh stop sysd
User=kgamble
KillMode=process
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Somehow I accidentally deleted the original response? So here is a different piece of text so that the forum will let me post it

5

Try setting the port in gateway.xml instead of the commissioning? interface?

6

It then causes the gateway to not be able to start, my assumption is that its failing trying to bind to that port

image
image1410×402 97.7 KB

If I change it back to 8088 in the .xml then it starts up perfectly fine again.

I changed this in another system once by running the gateway as root, but I knew it was a horrible temp solution, I would prefer to not have to do the same here

7

What’s the error in the wrapper.log when it fails to start?

8

On the bright side I was right! On the down-side, I was right and don’t know how to fix it lol :slightly_frowning_face:

INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp:
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error: Encountered an error running main:
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error: java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:80
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:349)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:310)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.Server.doStart(Server.java:401)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.catapult.IgnitionServer.start(IgnitionServer.java:1180)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.ignition.gateway.web.WebResourceManagerImpl.start(WebResourceManagerImpl.java:325)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.ignition.gateway.IgnitionGateway.start(IgnitionGateway.java:560)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.ignition.gateway.IgnitionGateway.main(IgnitionGateway.java:294)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.catapult.Catapult.main(Catapult.java:8)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:349)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/java.lang.Thread.run(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error: Caused by: java.net.SocketException: Permission denied
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.Net.bind0(Native Method)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.Net.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.Net.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.ServerSocketChannelImpl.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.ServerSocketAdaptor.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:344)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       ... 17 more
INFO   | jvm 1    | 2021/11/20 18:31:40 | I [g.ModuleManager               ] [18:31:40]: Loading modules....
STATUS | wrapper  | 2021/11/20 18:31:42 | <-- Wrapper Stopped
9

Hmm. You’ve already done all the things I can think of aside from running as root…

You don’t already have something running on 80 do you? Is this hardware, a VM, or Docker?

10

Ubuntu 20.04 VM in Google Cloud with a clean install of Ignition right after creating the VM

11

I don’t know then :confused:

Maybe this is a sign you should the “right thing” and run on 8088 with your security group or firewall or whatever the equivalent in Google Cloud is forwarding from 80 outside to 8088 on your instance.

12

Interesting, I didn’t know this would be considered a better practice, I can dig into how to forward ports through the Google Cloud console.

This is so much easier in docker! But for some reason, the inductiveautomation/ignition image would never actually start up in a container on Google Cloud. It would get stuck in “starting” forever so I had to go the manual install route.

13

Maybe @kcollins/@kcollins1 has some idea? :man_shrugging:

1 Like
14

iptables in linux saved part of this, though its not what I would have preferred to do

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8088
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8088
15

I’m assuming that after making the changes to the service definition, you can systemctl daemon-reload to load in the changes (followed by a systemctl restart <service name>.service)? I’ll have a go at spinning this up to make sure it still works.

With respect to Google Cloud and running as a container, can you provide more details on how you’re launching the container? I’ve not used any of the Google container services before but would be happy to give it a go to help ensure a baseline capability. Feel free to PM me with the details on that, or even start a new post and ping me or @kcollins1

16

EDIT: Updated on 2023-09-09, you can use the environment variables nowadays!

Regarding the port 80 situation, I was able to get it going using the following sequence:

  1. Assuming fresh install of Ubuntu 20.04 (I used a Multipass VM for this test).

  2. Run the Ignition installer with defaults including starting the service.

  3. Commission the gateway using the standard ports 8088/8043/8060.

  4. Edit the systemd service (to add an override file to augment base service config):

    sudo systemctl edit Ignition-Gateway.service

  5. Add the capabilities addition and drive the port configurations via env vars.

    [Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment="GATEWAY_HTTP_PORT=80"
Environment="GATEWAY_HTTPS_PORT=443"
Environment="GATEWAY_GAN_PORT=8060"

  6. Ensure systemd updates are loaded

    sudo systemctl daemon-reload

  7. Restart Ignition Gateway service.

    sudo systemctl restart Ignition-Gateway.service

At this point, you should have the gateway coming online on port 80 (if that is what you picked) even with the gateway running as a non-root user.

Hope this helps...

3 Likes
17

Good day Kevin,

Please can you let me know if the method you describe here is still the correct method to allow a public facing Linux Server (Ubuntu 22.04 LTS) with Ignition 8.1.31 LTS to use port 80 and specifically port 443 to be used.

I have tried this method below and does not allow the gateway to start when set to run as root, and had to reverse the change as the ignition is already in production and could not leave it offline for too long.

Thank you.

18

Yes, the above strategy should work overall (I've updated it as well, those environment variables work nowadays). I've also update the above to recommend putting the updated settings in a systemd override file instead (to stay independent of the base file which may get updated with upgrades, etc.).