search

dotnet / tye

Tye is a tool that makes developing, testing, and deploying microservices and distributed applications easier. Project Tye includes a local orchestrator to make developing microservices easier and the ability to deploy microservices to Kubernetes with minimal configuration.
MIT License
5.28k stars 520 forks source link

Can't bind ingress to port 80 #1100

Open MarkusRodler opened 3 years ago

MarkusRodler commented 3 years ago

Describe the bug

I want tye to run ingress on port 80. But it fails with "Permission denied"

To Reproduce

I have two .net5 projects (Blazor WASM and .NET5 Web API) in seperate folders. This is my tye.yaml:

name: menuplanner
ingress:
  - name: ingress
    bindings:
      - port: 80
    rules:
      - host: menuplanner.local
        service: menuplanner-site
      - host: menu.menuplanner.local
        service: menu-service
services:
  - name: menuplanner-site
    project: ./dark-menuplanner-site/src/Dark.csproj
    bindings:
      - protocol: http
  - name: menu-service
    project: ./dark-menu-service/Service/Dark.csproj
    bindings:
      - protocol: http

It works if I choose a port above port 1023. Running with sudo tye run doesn't work, too.

Further technical details

[09:25:50 INF] Executing application from /home/dark/Workspace/MenuPlanner/tye.yaml [09:25:51 INF] Dashboard running on http://127.0.0.1:8000 [09:25:51 INF] Processing ingress rule: Path:null, Host:menuplanner.local, Service:menuplanner-site [09:25:51 INF] Service menuplanner-site is using (35615, http://localhost:35615/) [09:25:51 INF] Processing ingress rule: Path:null, Host:menu.menuplanner.local, Service:menu-service [09:25:51 INF] Service menu-service is using (43299, http://localhost:43299/) warn: Microsoft.AspNetCore.Server.Kestrel[0] Unable to bind to http://localhost:80 on the IPv4 loopback interface: 'Permission denied'. warn: Microsoft.AspNetCore.Server.Kestrel[0] Unable to bind to http://localhost:80 on the IPv6 loopback interface: 'Permission denied'. crit: Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.IO.IOException: Failed to bind to address http://localhost:80. ---> System.AggregateException: One or more errors occurred. (Permission denied) (Permission denied) ---> System.Net.Sockets.SocketException (13): Permission denied at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName) at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Bind(EndPoint localEP) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketConnectionListener.Bind() at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransportFactory.BindAsync(EndPoint endpoint, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>cDisplayClass21_01.<<StartAsync>g__OnBind|0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.LocalhostListenOptions.BindAsync(AddressBindContext context) --- End of inner exception stack trace --- ---> (Inner Exception #1) System.Net.Sockets.SocketException (13): Permission denied at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName) at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Bind(EndPoint localEP) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketConnectionListener.Bind() at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransportFactory.BindAsync(EndPoint endpoint, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass21_01.<gOnBind|0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.LocalhostListenOptions.BindAsync(AddressBindContext context)<---

--- End of inner exception stack trace --- at Microsoft.AspNetCore.Server.Kestrel.Core.LocalhostListenOptions.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func2 createBinding) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication1 application, CancellationToken cancellationToken) info: Microsoft.Hosting.Lifetime[0] Application is shutting down... An unhandled exception has occurred, how unseemly: System.IO.IOException: Failed to bind to address http://localhost:80. ---> System.AggregateException: One or more errors occurred. (Permission denied) (Permission denied) ---> System.Net.Sockets.SocketException (13): Permission denied at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName) at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Bind(EndPoint localEP) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketConnectionListener.Bind() at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransportFactory.BindAsync(EndPoint endpoint, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>cDisplayClass21_01.<<StartAsync>g__OnBind|0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.LocalhostListenOptions.BindAsync(AddressBindContext context) --- End of inner exception stack trace --- ---> (Inner Exception #1) System.Net.Sockets.SocketException (13): Permission denied at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName) at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Bind(EndPoint localEP) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketConnectionListener.Bind() at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransportFactory.BindAsync(EndPoint endpoint, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass21_01.<gOnBind|0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.LocalhostListenOptions.BindAsync(AddressBindContext context)<---

--- End of inner exception stack trace --- at Microsoft.AspNetCore.Server.Kestrel.Core.LocalhostListenOptions.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func2 createBinding) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication1 application, CancellationToken cancellationToken) at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken) at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) at Microsoft.Tye.Hosting.HttpProxyService.StartAsync(Application application) in //src/Microsoft.Tye.Hosting/HttpProxyService.cs:line 210 at Microsoft.Tye.Hosting.AggregateApplicationProcessor.StartAsync(Application application) in //src/Microsoft.Tye.Hosting/AggregateApplicationProcessor.cs:line 24 at Microsoft.Tye.Hosting.TyeHost.StartAsync() in //src/Microsoft.Tye.Hosting/TyeHost.cs:line 111 at Microsoft.Tye.Hosting.TyeHost.RunAsync() in //src/Microsoft.Tye.Hosting/TyeHost.cs:line 70 at Microsoft.Tye.Hosting.TyeHost.RunAsync() in /_/src/Microsoft.Tye.Hosting/TyeHost.cs:line 80 at Microsoft.Tye.Program.<>c.<b180>d.MoveNext() in //src/tye/Program.RunCommand.cs:line 126 --- End of stack trace from previous location where exception was thrown --- at Microsoft.Tye.Program.<>c.<b180>d.MoveNext() in //src/tye/Program.RunCommand.cs:line 126 --- End of stack trace from previous location where exception was thrown --- at System.CommandLine.Invocation.CommandHandler.GetResultCodeAsync(Object value, InvocationContext context) at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context) at System.CommandLine.Invocation.InvocationPipeline.<>cDisplayClass4_0.<b0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b19_0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass17_0.<b0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass14_0.<b0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>cDisplayClass22_0.<b0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b10_0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<b__0>d.MoveNext()


- The platform (Debian/WSL2)
MarkusRodler commented 3 years ago

Made it work with

sudo setcap 'cap_net_bind_service=+ep' `which tye`

I don't know if this is a good solution or if it can be solved within tye, but it works for now.

philliphoff commented 3 years ago

@MarkusRodler As the ability for non-privileged processes to bind to low-numbered ports is a platform feature and not a limitation of Tye itself, I'm not particularly inclined to have Tye workaround it without good reason. That said, I'd love to hear more about your scenario; is there a particular reason you need Tye's ingress on port 80 as opposed to some arbitrary or static port? Are you integrating with some other service that cannot be configured to use any other port?

MarkusRodler commented 3 years ago

@philliphoff the reason is that I want to easily switch from production urls to development urls by changing only the TLD (and not the port). E.g.: https://github.com => https://github.local So far i used some years docker-compose and jwilder's nginx-proxy for that purpose.

Nordes commented 3 years ago

Port 80 can be used on your WSL but you need to know that you have to be root (e.g. in ubuntu) to do so. Usually you have a few ports restrictions configured.

Anyway, for testing, you can use a different port. I use the port 5000 and 5001 with tye (2 instances of the same application running with 1 redis to see if the messaging works well).