NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
22.78k stars 2.64k forks source link

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied) #2750

Open maz1987in opened 1 year ago

maz1987in commented 1 year ago

Checklist

Describe the bug

when I upgrade to the latest "2.10.0" I got

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Nginx Proxy Manager Version

To Reproduce Run docker with option "network_mode: host"

Expected behavior

Screenshots image

Operating System QNAP NAS

Additional context

zandhaas commented 1 year ago

BTW, below ID is different from me.

User ID: 0 Group ID: 0

I know but with that same PUID and GUID version 2.9.22 is working as expected. When I try to use PUID and GUID 0 (root) docker-compose says it's not a unique UID and thus nginx-pm does not start correctly.

So if some one has an idea on how to get version 2.10.x working that would be nice. I'm getting a bit frustrated because if this issue will not be resolved I have to think about moving to an other reverse proxy because all future development won't work in my environment.

zandhaas commented 1 year ago

And when I use the version 2.9.22 for my fresh installed environment it's starting right away without an issue. Very nice such an upgrade.

ebildebil commented 1 year ago

I've reinstall 2.10.2 to Synology 7.1.1 without PUID/PGID and issue has been solved. Are you using PUID/PGID?

Looking at your config, it seems that you are not using Host Networking? I have 2 instances running, and the one that does not use host networking works fine. When using host networking, i get the same errors.

The only way so far to solve host networking was to allow access to privileged ports to non root users. (as SUggested by nemccarthy earlier)

apriliars3 commented 1 year ago

I've reinstall 2.10.2 to Synology 7.1.1 without PUID/PGID and issue has been solved. Are you using PUID/PGID?

Looking at your config, it seems that you are not using Host Networking? I have 2 instances running, and the one that does not use host networking works fine. When using host networking, i get the same errors.

The only way so far to solve host networking was to allow access to privileged ports to non root users. (as SUggested by nemccarthy earlier) Captura de pantalla 2023-04-01 124314 Captura de pantalla 2023-04-01 124250

BobWs commented 1 year ago

reinstall NPM 2.10.2 without PGID/PUID worked for me on Docker Synology DSM 7.1.1!

Trolann commented 1 year ago

Tried 2.10.2 and got "No Reason Phrase" and rolling back to 2.9.22 doesn't work anymore. Now my system is down.

Edit: Error was due to a 'missing' cert (for a host that was removed long ago). I put a dummy cert in its place and the system came up, but would not let me login (same behavior as before). All my routes were also down. 2.10.2 doesn't seem to fix this, and the installation documentation still isn't updated.

Going to give it another few weeks while I'm busy with school and then migrate if it's not sorted.

drchino commented 1 year ago

I've rolled back to 2.9.22, still left the PGID/PUID and this worked straight away for me.

Will pause my updates until this is resolved

IDDQD69 commented 1 year ago

v2.10.2 seems to be working again at least for me when using host network mode.

BobWs commented 1 year ago

v2.10.2 is working for me with macvlan network!

ituri commented 1 year ago

Not here. Getting this error:

➜  nginx-proxy-manager sudo docker logs 3df258eb385e
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service prepare: starting
❯ Configuring npmuser ...
id: 'npmuser': no such user
❯ Checking paths ...
❯ Setting ownership ...
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
s6-rc: fatal: timed out
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
➜
fischy667 commented 1 year ago

To avoid the error s6-sudoc: fatal: unable to get exit status from server: Operation timed out I added the line

-e S6_CMD_WAIT_FOR_SERVICES_MAXTIME=60000 \

to my docker run command.

With this line and without PUID and PGID it is working fine.

ituri commented 1 year ago

To avoid the error s6-sudoc: fatal: unable to get exit status from server: Operation timed out I added the line

-e S6_CMD_WAIT_FOR_SERVICES_MAXTIME=60000 \

to my docker run command.

With this line and without PUID and PGID it is working fine.

Same issue. For reference, here's my docker-compose.yml:

version: "3.8"
services:
  app:
    # image: 'jc21/nginx-proxy-manager:latest'
    # c.f.: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2750#ref-issue-1641490445
    #image: 'jc21/nginx-proxy-manager:2.9.22'
    image: 'jc21/nginx-proxy-manager:2.10.2'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP

    # Uncomment the next line if you uncomment anything in the section
    environment:
      - PUID=1000
      - PGID=1000
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
      - S6_CMD_WAIT_FOR_SERVICES_MAXTIME = 60000

    volumes:
      - /mnt/docker/proxmox-nginx-proxy-manager-date:/data
      - /mnt/docker/proxmox-nginx-proxy-manager-letsencrypt:/etc/letsencrypt
coalfield commented 1 year ago

To avoid the error s6-sudoc: fatal: unable to get exit status from server: Operation timed out I added the line

-e S6_CMD_WAIT_FOR_SERVICES_MAXTIME=60000 \

to my docker run command.

With this line and without PUID and PGID it is working fine.

Thanks this fix works for me on latest version with PUID and PGID.

ljford7 commented 1 year ago

Nevermind - fix didn't work.

jc21 commented 1 year ago

v2.10.3 adds an unlimited S6_CMD_WAIT_FOR_SERVICES_MAXTIME value so it should not timeout anymore.

That said, the reason for the startup taking a long time is probably because certbot doesn't cleanup old certs and there will be thousands upon thousands of files in your letsencrypt folder that are no longer required. The startup tries to change the ownership of that folder.

I'd recommend running cert-prune from within the docker container to clean them up.

blaine07 commented 1 year ago

v2.10.3 adds an unlimited S6_CMD_WAIT_FOR_SERVICES_MAXTIME value so it should not timeout anymore.

That said, the reason for the startup taking a long time is probably because certbot doesn't cleanup old certs and there will be thousands upon thousands of files in your letsencrypt folder that are no longer required. The startup tries to change the ownership of that folder.

I'd recommend running cert-prune from within the docker container to clean them up.

Does cert-prune work correctly now mate? At one point it didn’t/needed amended on owners end or something??

coalfield commented 1 year ago

For those still struggling with the I have managed to resolve with the brilliant Marius help. I followed these steps:

Its likely not all those steps are needed and you can bypass the folder rename, but just saying what I did do with it confirmed working.

Note there is no GUID and PUID in the new version of the install. So anyone having issues with this container on synology can follow the above and you should be back up and running. Absolutely no errors on the log.

rymancl commented 1 year ago

With v2.10.3, npm is now working perfectly again on my Synology. 🎉 I removed

- PUID=0
- PGID=0

from my env vars and that's it.

I tested a fresh install and several server reboots and npm didn't have any issues starting up anymore.

Thanks for the work on this @jc21 !

boardlord1 commented 1 year ago

With v2.10.3, npm is now working perfectly again on my Synology. 🎉 I removed

- PUID=0
- PGID=0

from my env vars and that's it.

I tested a fresh install and several server reboots and npm didn't have any issues starting up anymore.

Thanks for the work on this @jc21 !

Can confirm this, updated to 2.10.3 from 2.9.22. At first, it again failed to bind to 0.0.0.0:80 (permission denied), but after commenting out the PUID and PGID env vars for NPM in my Portainer stack and redeploying it, NPM started up no problem. Thanks!

Turiok commented 1 year ago

@maz1987in Hi, If it's corrected. Can you close the issue?

DDZ-DO commented 1 year ago

Problem still exists. Tried it with latest release on Ubuntu Server 18.04 LTS.

BobWs commented 1 year ago

Problem still exists only when commenting out the PUID and PGID env vars it works!

newroc commented 1 year ago

Problem still exists. Tried it with latest release on RouterOS 7.10.1. I have tried the following scenarios:

DDZ-DO commented 1 year ago

Problem still exists only when commenting out the PUID and PGID env vars it works!

Never used PUID or PGID env

app:
    image: 'jc21/nginx-proxy-manager:latest'
    depends_on:
      - db
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "**"
      DB_MYSQL_PASSWORD: "******"
      DB_MYSQL_NAME: "***"
    volumes:
      - npm-data:/data
      - npm-letsencrypt:/etc/letsencrypt
    restart: always
    links:
      - "db:db"
jeph commented 1 year ago

For people still experiencing this, here's how I got to the latest container without having to do a clean install or anything from version 2.9.22.

  1. docker-compose up with this image: jc21/nginx-proxy-manager:github-uidgid
  2. Then docker-compose up with the latest image: jc21/nginx-proxy-manager:latest
pengliaoye commented 1 year ago

+1. have some issue

bensmith2697 commented 1 year ago

Still not working with latest, any update on this?

urbenlegend commented 8 months ago

For those suggesting to comment out PUID and PGID, isn't this unwise since NPM will be running as root and if it gets compromised it spells trouble for the rest of the system? I thought it was safer to have PUID and PGID as a regular user. I get the same permission denied on port 80 when I have those variables set though.

If this is intended behavior, is it possible to run NPM on 8080 and 8443 to circumvent this issue? I don't know how exactly to do this. I've already tried specifying 8080:80 and 8443:443 in my docker compose but I still get permission denied.

paoloantinori commented 1 month ago

For anyone still dealing with this, this works in rootless podman, as of today. latest does not and returns the error in the first post. The solution is to pin the version to 2.9.22

podman run --interactive --tty --rm --user '0:0' --userns 'keep-id'  --env PUID=1000 --env PGID=1000 -p 8080:80 -p 8181:81 -p 8443:443 --name nginx-manager  --volume ./letsencrypt:/etc/letsencrypt:z  'docker.io/jc21/nginx-proxy-manager:2.9.22'
johflo commented 1 month ago

Hi, I found the possible issue. I had a container with the bind() to 0.0.0.0:80 failed (13: Permission denied) issue.

After that I made an new npm contaier wich runs without problems. After copying the old proxy and stream configuration teh new container also broke

After deleting the config files, the new container works again. If I make a new configuration, everything works.