Open port 443 for a node web app

Question

I've been trying to run a node web app on port 443 but I'm getting this output Error: listen EACCES 0.0.0.0:443

Already tried ufw allow 443/tcp but nmap is still not showing 443 as an open port.

Also tried sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT w/ no success.

Any help will be apreciated.

score 12 · Answer 1 · edited Mar 30 '22 at 07:57

12

Thanx @exore, I solved the issue with

sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node))

The problem was, I believe, a manual installation of node.js. It comes as default on Ubuntu's last version but I didn't knew that and I installed it again through terminal.

You can go here for the entire discussion.

https://gist.github.com/firstdoit/6389682

Regards,

edited Mar 30 '22 at 07:57

andrew.46

39,359

answered Oct 20 '16 at 16:00

kikemx78

311

score 1 · Answer 2 · edited Mar 29 '22 at 13:47

EACCES means it is forbidden to listen on port 443. This is because you're not running your app as root. Ports below 1024 are reserved ports, and only root may use them.

Trying to change the firewall rules will have no effect, as firewalls let packets go through or stop them. They do not allow someone to listen to any particular port.

Solution : run your code with sudo, but this may be a security risk. So your app should switch to another user (or find some other mechanism I am not aware of to drop privileges) as soon as possible, just after the successful listen.

Since this is complicated, a good solution is

your app listen on the loopback interface on a non privileged port, say for example 127.0.0.1:10443
You setup a webserver to proxy requests from 0:443 to 127.0.0.1:10443. nginx come to mind but many other servers are usable for this task. Just pick your favorite one.

If you want SSL on port 443, which is usually the case, you should also set up certificates (create a self signed one or buy one or better still, get a free certificate from let's encrypt), configure protocols, available ciphers etc... This is also complicated.

Example minimal nginx config file that needs improvement and should work (can't test right now):

server {
    server_name  me.example.com;
    listen 0.0.0.0:443 ssl;
    ssl_certificate     /etc/mycerts/fullchain.pem;
    ssl_certificate_key /etc/mycerts/privkey.pem;
    ssl_session_timeout 30m;
    ssl_session_cache   shared:SSL:400k;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    server_tokens off;
    charset utf-8;
    location / {
            proxy_pass         http://127.0.0.1:10443/;
    }
}

score 0 · Answer 3 · answered Mar 29 '22 at 13:42

0

Just use sudo npm run start:dev :D

answered Mar 29 '22 at 13:42

skander lassoued

1

Open port 443 for a node web app

3 Answers3