search

sbs20 / scanservjs

SANE scanner nodejs web ui
https://sbs20.github.io/scanservjs/
GNU General Public License v2.0
686 stars 137 forks source link

Unable to change UI web port #707

Open malves61 opened 6 months ago

malves61 commented 6 months ago

After following the copy step to overriding the Server Port to 80 in /etc/scanservjs/config.local.js, scanservjs fails to start

To Reproduce Steps to reproduce the behavior:

  1. Copy /etc/scanservjs/config.default.js to /etc/scanservjs/config.local.js
  2. Edit /etc/scanservjs/config.local.js
  3. comment out config.port = 8080;
  4. edit it to config.port = 80;
  5. scanservjs fails to restart/start (even rebooting the container): root@scanner:~# systemctl status scanservjs.service x scanservjs.service - scanservjs Loaded: loaded (/lib/systemd/system/scanservjs.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Sun 2023-12-17 22:14:30 UTC; 2s ago Duration: 958ms Process: 678 ExecStart=/usr/lib/scanservjs/server/server.js (code=exited, status=1/FAILURE) Main PID: 678 (code=exited, status=1/FAILURE) CPU: 951ms

Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Main process exited, code=exited, status=1/FAILURE Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Failed with result 'exit-code'. Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Scheduled restart job, restart counter is at 5. Dec 17 22:14:30 scanner systemd[1]: Stopped scanservjs.service - scanservjs. Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Start request repeated too quickly. Dec 17 22:14:30 scanner systemd[1]: scanservjs.service: Failed with result 'exit-code'. Dec 17 22:14:30 scanner systemd[1]: Failed to start scanservjs.service - scanservjs.

root@scanner:~# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 443/master tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp6 0 0 :::22 :::* LISTEN 1/init tcp6 0 0 ::1:25 :::* LISTEN 443/master

NOTE: scanservjs starts normally if config.port is set to 8080 (on /etc/scanservjs/config.local.js) but no network devices are found (scanimage -L is OK)

root@scanner:~# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 443/master tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 104/systemd-resolve tcp6 0 0 :::22 :::* LISTEN 1/init tcp6 0 0 ::1:25 :::* LISTEN 443/master tcp6 0 0 :::8080 :::* LISTEN 694/node

Expected behavior scanservjs.service successful start and accessible on port 80. network devices present on web ui.

Server (please complete the following information):

Logs

This may be useful

# Node version
echo "node: $(node -v)"
node: v18.13.0

# OS version
DISTRIB_ID=Ubuntu; DISTRIB_RELEASE=23.10; DISTRIB_CODENAME=mantic; DISTRIB_DESCRIPTION="Ubuntu 23.10"; PRETTY_NAME="Ubuntu 23.10"; NAME="Ubuntu"; VERSION_ID="23.10"; VERSION="23.10 (Mantic Minotaur)"; VERSION_CODENAME=mantic; ID=ubuntu; ID_LIKE=debian; HOME_URL="https://www.ubuntu.com/"; SUPPORT_URL="https://help.ubuntu.com/"; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; UBUNTU_CODENAME=mantic; LOGO=ubuntu-logo
LJspice commented 6 months ago

Does it work for all free ports over 1024, and not work for all free ports under 1024? This may be expected linux behavior for privileged ports and a non-root user.

Practically, you could run scanservjs in docker and use that to map port 80 to port 8080, as docker would run as root. For my setup, I use an nginx reverse proxy container to change ports and provide HTTPS to my scanservjs container, which does not have its port 8080 exposed outside a docker network to the nginx container.

dukeczech commented 5 months ago

I had the same problem.

I solved by running this command and restarting scanservjs service: sudo setcap cap_net_bind_service=+ep /usr/bin/node sudo systemctl restart scanservjs.service

This allows nodejs to use ports under 1024. More info is here: https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux or https://stackoverflow.com/questions/60372618/nodejs-listen-eacces-permission-denied-0-0-0-080

remy56k commented 3 months ago

Yes, the cleanest (and better option, in my opinion, in terms of general security concerns) is to setup a little & light reverse proxy like Caddy on your server. The configuration is very simple : 

:80 {
    reverse_proxy 127.0.0.1:8080
}

Or if you are comfortable with the notion of local DNS and you need to host several services on the same host but all on the port 80 : 

scanserverjs.raspberry.lan:80 {
    reverse_proxy 127.0.0.1:8080
}

scanserverjsdev.raspberry.lan:80 {
    reverse_proxy 127.0.0.1:8081
}

app3.raspberry.lan:80 {
    reverse_proxy 127.0.0.1:8082
}