search

sbs20 / scanservjs

SANE scanner nodejs web ui
https://sbs20.github.io/scanservjs/
GNU General Public License v2.0
766 stars 145 forks source link

Unable to change UI web port #707

Open malves61 opened 11 months ago

malves61 commented 11 months ago

After following the copy step to overriding the Server Port to 80 in /etc/scanservjs/config.local.js, scanservjs fails to start

To Reproduce Steps to reproduce the behavior:

  1. Copy /etc/scanservjs/config.default.js to /etc/scanservjs/config.local.js
  2. Edit /etc/scanservjs/config.local.js
  3. comment out config.port = 8080;
  4. edit it to config.port = 80;
  5. scanservjs fails to restart/start (even rebooting the container): root@scanner:~# systemctl status scanservjs.service x scanservjs.service - scanservjs Loaded: loaded (/lib/systemd/system/scanservjs.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Sun 2023-12-17 22:14:30 UTC; 2s ago Duration: 958ms Process: 678 ExecStart=/usr/lib/scanservjs/server/server.js (code=exited, status=1/FAILURE) Main PID: 678 (code=exited, status=1/FAILURE) CPU: 951ms

Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Main process exited, code=exited, status=1/FAILURE Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Failed with result 'exit-code'. Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Scheduled restart job, restart counter is at 5. Dec 17 22:14:30 scanner systemd[1]: Stopped scanservjs.service - scanservjs. Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Start request repeated too quickly. Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Failed with result 'exit-code'. Dec 17 22:14:30 scanner systemd[1]: Failed to start scanservjs.service - scanservjs.

root@scanner:~# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 443/master tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp6 0 0 :::22 :::* LISTEN 1/init tcp6 0 0 ::1:25 :::* LISTEN 443/master

NOTE: scanservjs starts normally if config.port is set to 8080 (on /etc/scanservjs/config.local.js) but no network devices are found (scanimage -L is OK)

root@scanner:~# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 443/master tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp6 0 0 :::22 :::* LISTEN 1/init tcp6 0 0 ::1:25 :::* LISTEN 443/master tcp6 0 0 :::8080 :::* LISTEN 694/node

Expected behavior scanservjs.service successful start and accessible on port 80. network devices present on web ui.

Server (please complete the following information):

Logs

This may be useful

# Node version
echo "node: $(node -v)"
node: v18.13.0

# OS version
DISTRIB_ID=Ubuntu; DISTRIB_RELEASE=23.10; DISTRIB_CODENAME=mantic; DISTRIB_DESCRIPTION="Ubuntu 23.10"; PRETTY_NAME="Ubuntu 23.10"; NAME="Ubuntu"; VERSION_ID="23.10"; VERSION="23.10 (Mantic Minotaur)"; VERSION_CODENAME=mantic; ID=ubuntu; ID_LIKE=debian; HOME_URL="https://www.ubuntu.com/"; SUPPORT_URL="https://help.ubuntu.com/"; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; UBUNTU_CODENAME=mantic; LOGO=ubuntu-logo
LJspice commented 11 months ago

Does it work for all free ports over 1024, and not work for all free ports under 1024? This may be expected linux behavior for privileged ports and a non-root user.

Practically, you could run scanservjs in docker and use that to map port 80 to port 8080, as docker would run as root. For my setup, I use an nginx reverse proxy container to change ports and provide HTTPS to my scanservjs container, which does not have its port 8080 exposed outside a docker network to the nginx container.

dukeczech commented 10 months ago

I had the same problem.

I solved by running this command and restarting scanservjs service: sudo setcap cap_net_bind_service=+ep /usr/bin/node sudo systemctl restart scanservjs.service

This allows nodejs to use ports under 1024. More info is here: https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux or https://stackoverflow.com/questions/60372618/nodejs-listen-eacces-permission-denied-0-0-0-080

remy56k commented 8 months ago

Yes, the cleanest (and better option, in my opinion, in terms of general security concerns) is to setup a little & light reverse proxy like Caddy on your server. The configuration is very simple : 

:80 {
    reverse_proxy 127.0.0.1:8080
}

Or if you are comfortable with the notion of local DNS and you need to host several services on the same host but all on the port 80 : 

scanserverjs.raspberry.lan:80 {
    reverse_proxy 127.0.0.1:8080
}

scanserverjsdev.raspberry.lan:80 {
    reverse_proxy 127.0.0.1:8081
}

app3.raspberry.lan:80 {
    reverse_proxy 127.0.0.1:8082
}