Unable to set port 80 on Ubuntu 20.04

Trying to set the default port to 80 on a gateway but getting the following error message:

The Entered http port 1-1023 is not allowed by the system. Please enter a different one

I am fairly certain its just a linux issue, but I cannot seem to find the command to fix it!

I found the following command referenced, but I can’t figure out what the path to ignitions executable is, I tried /usr/local/bin/ignition/ignition-gateway but no luck

setcap cap_net_bind_service=ep /path/to/server/executable

Any ideas?

Try this instead Change port in gateway(webserver ) port failed - #5 by pturmel

Actually already tried that and no luck

[Unit]
Description=Ignition-Gateway
After=syslog.target

[Service]
Type=forking
ExecStart=/usr/local/bin/ignition/ignition.sh start sysd
ExecStop=/usr/local/bin/ignition/ignition.sh stop sysd
User=kgamble
KillMode=process
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Somehow I accidentally deleted the original response? So here is a different piece of text so that the forum will let me post it

Try setting the port in gateway.xml instead of the commissioning? interface?

It then causes the gateway to not be able to start, my assumption is that its failing trying to bind to that port

If I change it back to 8088 in the .xml then it starts up perfectly fine again.

I changed this in another system once by running the gateway as root, but I knew it was a horrible temp solution, I would prefer to not have to do the same here

What’s the error in the wrapper.log when it fails to start?

On the bright side I was right! On the down-side, I was right and don’t know how to fix it lol :slightly_frowning_face:

INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp:
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error: Encountered an error running main:
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error: java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:80
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:349)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:310)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.Server.doStart(Server.java:401)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.catapult.IgnitionServer.start(IgnitionServer.java:1180)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.ignition.gateway.web.WebResourceManagerImpl.start(WebResourceManagerImpl.java:325)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.ignition.gateway.IgnitionGateway.start(IgnitionGateway.java:560)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.ignition.gateway.IgnitionGateway.main(IgnitionGateway.java:294)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at com.inductiveautomation.catapult.Catapult.main(Catapult.java:8)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:349)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/java.lang.Thread.run(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error: Caused by: java.net.SocketException: Permission denied
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.Net.bind0(Native Method)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.Net.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.Net.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.ServerSocketChannelImpl.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at java.base/sun.nio.ch.ServerSocketAdaptor.bind(Unknown Source)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:344)
INFO   | jvm 1    | 2021/11/20 18:31:40 | WrapperSimpleApp Error:       ... 17 more
INFO   | jvm 1    | 2021/11/20 18:31:40 | I [g.ModuleManager               ] [18:31:40]: Loading modules....
STATUS | wrapper  | 2021/11/20 18:31:42 | <-- Wrapper Stopped

Hmm. You’ve already done all the things I can think of aside from running as root…

You don’t already have something running on 80 do you? Is this hardware, a VM, or Docker?

Ubuntu 20.04 VM in Google Cloud with a clean install of Ignition right after creating the VM

I don’t know then :confused:

Maybe this is a sign you should the “right thing” and run on 8088 with your security group or firewall or whatever the equivalent in Google Cloud is forwarding from 80 outside to 8088 on your instance.

Interesting, I didn’t know this would be considered a better practice, I can dig into how to forward ports through the Google Cloud console.

This is so much easier in docker! But for some reason, the inductiveautomation/ignition image would never actually start up in a container on Google Cloud. It would get stuck in “starting” forever so I had to go the manual install route.

Maybe @kcollins/@kcollins1 has some idea? :man_shrugging:

1 Like

iptables in linux saved part of this, though its not what I would have preferred to do

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8088
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8088

I’m assuming that after making the changes to the service definition, you can systemctl daemon-reload to load in the changes (followed by a systemctl restart <service name>.service)? I’ll have a go at spinning this up to make sure it still works.

With respect to Google Cloud and running as a container, can you provide more details on how you’re launching the container? I’ve not used any of the Google container services before but would be happy to give it a go to help ensure a baseline capability. Feel free to PM me with the details on that, or even start a new post and ping me or @kcollins1

Regarding the port 80 situation, I was able to get it going using the following sequence:

  1. Assuming fresh install of Ubuntu 20.04 (I used a Multipass VM for this test).

  2. Run the Ignition installer with defaults including starting the service.

  3. Commission the gateway using the standard ports 8088/8043/8060.

  4. Edit the systemd service:

    sudo systemctl edit --full Ignition-Gateway.service
    
  5. Update to add the capabilities addition.

    [Unit]
    Description=Ignition-Gateway
    After=syslog.target
    
    [Service]
    Type=forking
    ExecStart=/usr/local/bin/ignition/ignition.sh start sysd
    ExecStop=/usr/local/bin/ignition/ignition.sh stop sysd
    User=ubuntu
    KillMode=process
    AmbientCapabilities=CAP_NET_BIND_SERVICE
    # Should be able to just do these, but it doesn't work [yet]
    #Environment="GATEWAY_HTTP_PORT=80"
    #Environment="GATEWAY_HTTPS_PORT=443"
    #Environment="GATEWAY_GAN_PORT=8060"
    
    [Install]
    WantedBy=multi-user.target
    
  6. Ensure systemd updates are loaded

    sudo systemctl daemon-reload
    
  7. Edit the gateway.xml with your editor of choice and update gateway.port (and others) to be desired value.

    nano /usr/local/bin/ignition/data/gateway.xml
    
  8. Restart Ignition Gateway service.

    sudo systemctl restart Ignition-Gateway.service
    

At this point, you should have the gateway coming online on port 80 (if that is what you picked) even with the gateway running as a non-root user.

All of that said, it looks like there is some hard-coded checks for root user during commissioning to allow (on Linux) ports <1024, otherwise you could just directly set those ports via the environment variables in the service definition (which would allow you to get this set without running through commissioning on the standard ports first). This should be able to be fixed by checking for these capabilities or running-as-root.

Hope this helps, nonetheless…

2 Likes