Open port 80 and 443

I am trying to run a docker (with kubernetes) file which needs the ports 80 and 443 for some reason, unfortunately.

k3d cluster create $(name) \
  		--k3s-arg '--kubelet-arg=eviction-hard=imagefs.available<1%,nodefs.available<1%@agent:*' \
  		--k3s-arg '--kubelet-arg=eviction-minimum-reclaim=imagefs.available=1%,nodefs.available=1%@agent:*' \
		-p "80:80@loadbalancer" \
		-p "443:443@loadbalancer" \
		-p "3306:3306@loadbalancer" \
		-p "1883:1883@loadbalancer" \
		-p "6379:6379@loadbalancer" \
		-p "5672:5672@loadbalancer" \
		-p "15672:15672@loadbalancer" \
		--k3s-arg "--disable=traefik@server:0"

Unfortunately, it is not possible to run the make k3d command but I will eventually get the message that the access it denied.

INFO[0007] Starting node 'k3d-edge-test-serverlb' 
ERRO[0007] Failed Cluster Start: Failed to add one or more helper nodes: runtime failed to start node 'k3d-edge-test-lukas-serverlb': docker failed to start container for node 'k3d-edge-test-serverlb': Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:80 -> 0.0.0.0:0: listen tcp 0.0.0.0:80: bind: permission denied

Is there anybody who can help with this?

I know that ports lower than 1024 are blocked by the operating system. I cannot change stuff in the router. I found a couple of commands in the internet, which I tried for fixing, like:

sudo sysctl net.ipv4.ip_unprivileged_port_start=443
sudo sysctl net.ipv4.ip_unprivileged_port_start=80

or

sudo setcap CAP_NET_BIND_SERVICE=+eip `which docker`

but none of them fixed it.

Anybody out here who has a smart idea?

Ports 80 and 443 are normally used by webservers (80 unencrypted, 443 with SSL). Does it need to be able to talk to a webserver?

So map it to some other ports. Get familiar with this syntax and just map port 80 to 8080 or any other free port you might like to use. The same goes for port 443.

Ports below 1024 need superuser rights.

However, I strongly advise running any kind of webserver if you’re knowledge is at “it needs port 80 and 443 for some reason”.

3 Likes

That is specifying the starting port range for privileged ports, not the actual ports themselves. (Which defaults to 1024.)

Sounds like it’s just not having permissions as a non-root process, but just in case it’s already taken (a process already listening on it), you can check with sudo ss -tlnp