Hitting "permission denied" when proxy starts up.

[TrevorBradleyKN]

Trying to get lando for windows working. Lando itself on localhost is OK, but the proxy (*.lndo.site) is failing, giving ECONNREFUSED errors trying to connect to any port (even if I hardwire config.yml to use nonstandard ports >10000)

I dug deeper and realized that landoproxyhyperion5000gandalfedition_proxy_1 was failing immediately after starting, with the following error:

2023-04-13 14:14:01 fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz 2023-04-13 14:14:01 fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz 2023-04-13 14:14:01 openssl (missing): 2023-04-13 14:14:01 required by: world[openssl] 2023-04-13 14:14:01 fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz 2023-04-13 14:14:01 fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz 2023-04-13 14:14:01 openssl (missing): 2023-04-13 14:14:01 required by: world[openssl] 2023-04-13 14:14:01 addcert 21:14:01.INFO ==> Installing openssl... 2023-04-13 14:14:01 /scripts/000-add-cert: line 68: apt-get: not found 2023-04-13 14:14:01 WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz: Permission denied 2023-04-13 14:14:01 WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz: Permission denied 2023-04-13 14:14:01 ERROR: unsatisfiable constraints: 2023-04-13 14:14:01 run-parts: /scripts/000-add-cert: exit status 1 2023-04-13 14:14:01 addcert 21:14:01.INFO ==> Installing openssl... 2023-04-13 14:14:01 /helpers/add-cert.sh: line 68: apt-get: not found 2023-04-13 14:14:01 WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz: Permission denied 2023-04-13 14:14:01 WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz: Permission denied 2023-04-13 14:14:01 ERROR: unsatisfiable constraints: 2023-04-13 14:14:01 run-parts: /scripts/999-refresh-certs: exit status 1

Reinstalling lando/docker desktop for windows hasn't changed the error.

Any ideas what might be wrong here? Did I miss a setup step?

[absolutelynotjames]

I'm getting this as well on Windows 11, I'm unable to start any project, proxying fails at ECONNREFUSED.

I've tried updating Lando, rebuilding projects, disabling windows firewall, making sure nothing in wsl is hijacking any ports, changing 80/443 in the global lando config, changing the lando domain from .lndo.site, nothing seems to work.

Just started happening today, nothing has changed on my system and we've been using this lando file for years.

[chrisferagotti]

Sounds like what I've been experiencing the last 24 hours. Basically:

Anytime I start a project up, it finishes with every service being "[ECONNREFUSED]"; none of the proxies work, but I can use the localhost:1234 addresses. Also, looking at the Docker Desktop UI, all containers started up cleanly (including traefik.)

If I then kill the traefik container in Docker Desktop, and try to restart it, it can't, stating:

Error invoking remote method 'docker-start-container': Error: (HTTP code 500) server error - Ports are not available: exposing port TCP 127.0.0.1:443 -> 0.0.0.0:0: listen tcp 127.0.0.1:443: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.

If I then try to restart the lando project, the end result is the same as it was before, but this time, during startup, it has the errors:

ERROR: for landoproxyhyperion5000gandalfedition_proxy_1  Cannot start service proxy: Ports are not available: exposing port TCP 127.0.0.1:443 -> 0.0.0.0:0: listen tcp 127.0.0.1:443: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.

ERROR: for proxy  Cannot start service proxy: Ports are not available: exposing port TCP 127.0.0.1:443 -> 0.0.0.0:0: listen tcp 127.0.0.1:443: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.
ERROR: Encountered errors while bringing up the project.

And then the warning:

 ■ Lando was not able to start the proxy
   Error
   The proxy has been disabled for now so you can continue to work.
   Check out the docs below, resolve your issue and build this app
   https://docs.lando.dev/config/proxy.html

I can find absolutely nothing on the docker/WSL end that has the ports taken; the only port that netstat -lntu reports being active is 323, and on the Windows side, it says ports 443 and 80 is taken by wslrelay (sometimes.)

[agoradesign]

happens to me too today. important change since yesterday: Windows 11 22H2 Update

[gitressa]

It works well in Ubuntu, and seems like a Windows issue. Perhaps a Mac user can check?

System Configuration

Q	A
Lando version	v3.14.0
Docker version	Docker Engine Community 23.0.3
OS	Ubuntu 20.04

[chrisferagotti]

happens to me too today. important change since yesterday: Windows 11 22H2 Update

This is no guarantee, of course, just adding my own info, but it looks like I've had the Win11 22H2 update installed since March 8, but only started having this problem on April 12. It doesn't look like I had any Windows updates for nearly a month before his happened.

[chrisferagotti]

I take back what I said. I think it's MS update related. I have another Win11 PC that I have a dev environment set up. Things worked fine... then I ran the update below and I'm seeing the exact same behavior now on this machine.

2023-04 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5025239)

[TrevorBradleyKN]

For reference, I'm still on Windows 10 - Looks like my most recent update was the 2023-04 Cumulative update (KB5025221).

However, this is literally a brand new laptop and a brand new job for me (I've only ever lando'd on Linux before), so it's not clear if this specific update broke lando.

Thanks to everyone else for reporting in, it's good to know this isn't just company specific firewall rules.

[GuyPaddock]

Our team just ran into this today as well, but so far only on Windows 11. My machine is on Windows 10 and is running fine.

[GuyPaddock]

This thread looks related to the same root cause even though it's ddev and not Lando: https://github.com/ddev/ddev/issues/4809

Update: A teammate who had this issue on Windows 11 is reporting that the issue was fixed with the pre-release version of WSL2, as noted in https://github.com/ddev/ddev/issues/4809#issuecomment-1508094974.

Here's the issue fixed in WSL app 1.2.1 related to the root cause: https://github.com/microsoft/WSL/issues/9921

[absolutelynotjames]

Yep, good find. wsl --update --pre-release seems to fix it for me!

[TrevorBradleyKN]

Be aware, wsl --update --pre-release actually entirely broke lando for me. Now my localhost port URLs don't work either:

N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://deb.debian.org/debian bullseye InRelease' is not signed. E: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease 403 Forbidden [IP: 151.101.190.132 80] N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://deb.debian.org/debian-security bullseye-security InRelease' is not signed. E: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease 403 Forbidden [IP: 151.101.190.132 80] E: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease 403 Forbidden [IP: 151.101.190.132 80] E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch http://apt.postgresql.org/pub/repos/apt/dists/bullseye-pgdg/InRelease 403 Forbidden [IP: 87.238.57.227 80] E: The repository 'http://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.

Just be a little cautious about upgrading to the pre-release...

[chrisferagotti]

Be aware, wsl --update --pre-release actually entirely broke lando for me. Now my localhost port URLs don't work either:

N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://deb.debian.org/debian bullseye InRelease' is not signed. E: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease 403 Forbidden [IP: 151.101.190.132 80] N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://deb.debian.org/debian-security bullseye-security InRelease' is not signed. E: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease 403 Forbidden [IP: 151.101.190.132 80] E: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease 403 Forbidden [IP: 151.101.190.132 80] E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch http://apt.postgresql.org/pub/repos/apt/dists/bullseye-pgdg/InRelease 403 Forbidden [IP: 87.238.57.227 80] E: The repository 'http://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.

Just be a little cautious about upgrading to the pre-release...

It worked fine for me after testing it, but good to know.

[emhorsley]

Yep, good find. wsl --update --pre-release seems to fix it for me!

This solved the issue for me as well. Windows 11, just started experiencing the issue this morning. All is good now!

[drjamesj]

Mine also broke some time yesterday after an automatic Windows update. I have been scratching my head like crazy diving into the WSL2 networking nightmare to try and figure out what was using my port to no avail.

wsl --update --pre-release also seems to have resolved my issue. (I had to follow up with a lando rebuild because I was messing around with my containers during the process). Thank you!

[TrevorBradleyKN]

Still really struggling with this on Windows 10 after the wsl --update --pre-release (now on version 1.2.4).

Is everyone who is having success working from Windows 11 and not Windows 10?

If I use lando from Windows Powershell, I now get:

  ‼ APPSERVER URLS
    × https://localhost:56821 [302] - REQUEST FAILED WITH STATUS CODE 302
    × http://localhost:56822 [302] - REQUEST FAILED WITH STATUS CODE 302
    × http://drupal10.lndo.site/ [ECONNREFUSED] - CONNECT ECONNREFUSED 127 0 0 1 80
    × https://drupal10.lndo.site/ [ECONNREFUSED] - CONNECT ECONNREFUSED 127 0 0 1 443

If I use lando from wsl at the linux prompt, I get:

  ❯ APPSERVER URLS
    ✔ https://localhost:58176 [200]
    ✔ http://localhost:58177 [200]
    ⠸ http://lando.lndo.site/ [ECONNREFUSED] - CONNECT ECONNREFUSED 127 0 0 1 80
    ⠸ https://lando.lndo.site/ [ECONNREFUSED] - CONNECT ECONNREFUSED 127 0 0 1 443

(which is the preferred setup for Windows? Lando in Powershell or inside wsl? I do eventually need xdebug to work)

[emhorsley]

Yes, i'm on Windows 11 build 22H2. For reference, i came here because of a similar error that started over the weekend because of a WSL update that broke Lando (more specifically docker) for me. Running the command to jump to the pre-release worked. Nobody else on our team has the issue thats on Windows 10, just those on 11 had it

[Stargate-project]

I installed lando without docker desktop

just use the wsl ubuntu / debian distro

works fine, except subdomain not working

[Stargate-project]

(which is the preferred setup for Windows? Lando in Powershell or inside wsl? I do eventually need xdebug to work)

for wsl, install the Debian / Linux method in the docs, make sure you have "windows subsystems for linux" installed from the Microsoft store

you can delete the docker desktop/ saves you about 4-5 Gb memory

[chrisferagotti]

My own preference is:

Docker/Docker Desktop is installed in Windows (and it's configured to use WSL2) Lando is installed in Ubuntu/WSL (and the requirement for docker-ce is removed during install and in /var/lib/dpkg/status) My IDE is (PHPStorm) running in Windows. I've got xdebug running fine.

The only real/regular issues I experience with this is (usually after a git checkout, especially a big repo) there's a bit of a lag as my IDE indexes files. I know I can use IntelliJ's Gateway to run PHPStorm inside WSL, and help with file system lag, but I've found it a bit buggy myself and would rather just deal with the occasional/predictable lag during git checkouts.

On Wed, Apr 19, 2023 at 6:30 PM Stargate-project @.***> wrote:

(which is the preferred setup for Windows? Lando in Powershell or inside wsl? I do eventually need xdebug to work)

for wsl, install the Debian / Linux method in the docs, make sure you have "windows subsystems for linux" installed from the Microsoft store

— Reply to this email directly, view it on GitHub https://github.com/lando/lando/issues/3554#issuecomment-1515464603, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAI2D3VFYKPQAIAGNEOXY63XCBRRDANCNFSM6AAAAAAW5TVKGI . You are receiving this because you commented.Message ID: @.***>

[socrates77]

Yep, good find. wsl --update --pre-release seems to fix it for me!

The update so far has worked I can log in via subdomain and have started two applications together without any problems.

I have seen other issues related to this problem. It should be made known with proper caveats.

[agoradesign]

After my first comment, it worked for a few days. I'm unsure, what solved it in the end, because it finally worked after restarting windows then. what I did: update Lando to 3.15, Docker 4.18 and reset Windows firewall.

BUT suddenly yesterday morning I had problems again. There were different opinions here in this thread about wsl pre-release update, but most of them were positive. So I decided to give this a try too. And this seems to really solve the problem now. It's just one day ago, but everything is working as expected now

[mergederg]

I've also been seeing this come and go for the last week or two. I was hesitant to risk making it even worse but wsl --update --pre-release seems to have resolved it.