Unable to Access JIRA due to BindException Permission Denied

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

JIRA is running, but isn't accessible in the browser.

The following appears in the atlassian-jira.log:

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    ...
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	...
Caused by: java.net.BindException: Permission denied <null>:80
	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
	...
Caused by: java.net.BindException: Permission denied
	at java.net.PlainSocketImpl.socketBind(Native Method)
	at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:383)
    ...

Cause

Linux restricts the first 1024 ports to the root user only. If JIRA is running on port below 1024 as a non-root user, then you will get the above error.  For more information on this Linux restriction, please have a look at First 1024 ports restricted to root user in Linux.

Resolution

 

Running JIRA as the root user is not at all recommended. This introduces a critical security risk as an attacker could gain control of the rest of the server through Tomcat with superuser permissions if it is breached.

There are several options to handle this:

  1. Run JIRA on port a port greater than 1024, but through a reverse proxy so that JIRA can be accessed on 80. Further information can be found in the following documentation:
  2. Using Linux, you can reroute port 80 to redirect to other ports. For example this will cause port 80 to route to port 8080 and means you can run Tomcat on 8080 and users can connect to it from port 80:

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
  3. Run JIRA on Windows as there are no restrictions on ports under 1024.

If JIRA has been started by the root user, you may encounter the following error due to the root user altering the file permissions: Action in Jira server fails with FileNotFoundException.

Additionally, the points in Confluence's Permission denied error when binding a port KB apply to JIRA as well.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.