Docker Community Forums

Share and learn in the Docker community.

Stuck on Docker's Tutorial! Do I need root permissions to bind to a port below 1024?

(Joha0033) #1

I can’t seem to find a straight answer anywhere.

I’m a node guy, but this tutorial is in python, so I’m rolling with it.

I’m stuck in the tutorial, part3, prereq, last bullet… is this necessary and why?

$docker run -d -p 80:80 joha0033/image1repo:image1tag
* Running on (Press CTRL+C to quit)

looks ok… but…

I cannot get the following lines to work for me…
$curl -4 http://localhost/
curl: (7) Failed to connect to localhost port 80: Connection refused
[permission error of some sort, right?]

Chrome: http://localhost/ - refused to connect

I have been told “You need root permissions to bind to a port below 1024,” but I cannot get a straight answer on how, or why… please help!

I’ve tried adding net_bind_service, but maybe I’m doing that wrong?
$docker run -p 180:80 -d --cap-add NET_BIND_SERVICE joha0033/image1repo:image1tag

same problem, running, but localhost not working/refusing.

details on this stackoverflow:

(David Maze) #2

The important detail of that SO question is that ports that aren’t 80 work fine (e.g., docker run -p 4000:80 makes http://localhost:4000/ work). So you’re definitely on the right track. The easiest path might just be to pick some “high” port.

The other important detail of that SO question is that you’re on a Mac. ISTR there are weird issues with “low” ports on the Mac; Configuring macOS Application Firewall to allow LAN access to container exposing port 80 may or may not be related.

That’s historically true but kind of irrelevant. If you look in detail, parts of the Docker ecosystem run as root, and if you’re running Docker commands, you are root. (On a Linux system, you generally need root permissions to run Docker commands at all; on a multi-user system you could for instance mount anybody’s home directory into a container and bypass host permissions entirely.)

(Karunsubramanian) #3

It is quite possible you have some firewall blocking going on. If you are unable to bind to port 80, I would expect the docker run -p 80:80 to fail. You can verify this with ‘netstat -an | grep 80’, which should show port 80 in LISTEN mode. You can also try lsof -i TCP:80

Check /var/log/appfirewall.log or /var/log/alf.log for any firewall blocks.