Closed harley5303 closed 1 year ago
TrafeX
commented
2 years ago Hi @harley5303,
That's because nginx is running as an unprivileged user (not root). And those users can't use ports below 1024. You could remove this line to run nginx as root, but that makes it less secure. I'm sure that you can tell AWS Fargate to use port 8080 instead of 80.
willvincent
commented
2 years ago You could also put a load balancer in front of your fargate instance(s), that would allow you to keep nginx running as an unprivileged user but accept connections on port 80 (forwarded to the exposed port 8080), or indeed, you could also accept https connections on port 443 and use an SSL cert to further increase security.
However, the entire nginx process tree need not run as an unprivileged user. The master nginx process simply reads config and manages worker processes - and if it is running as root you can listen on privileged ports, but the workers that handle the actual requests can still run as unprivileged users simply by adding user nobody; to the nginx config.
The user the nginx, php-fpm and supervisors processes run as is able to be defined within config for each - so really that config could probably be moved from the dockerfile into the individual process config files, and therefore allow running on a privileged port. nginx & php-fpm both support defining the user directly, supervisor uses chown to change ownership of a pid file.
TrafeX
commented
1 year ago Hi @harley5303,
I hope you were able to solve the issue with the given answers. If not, let me know so I can reopen this issue.
Hi, i try to use your image to run my code on aws. Locally all works fine with port binding 8080 to 80. On aws ECS Fargate it have to run on port 80. So i changed the Port in the Dockerfile and nginx.conf... Locally it works with port 80 but on aws i get an error: [emerg] 19#19: bind() to [::]:80 failed (13: Permission denied) Do you know this problem and is there a workaround to solve this issue? BG Thomas