Unable to Access JIRA due to BindException Permission Denied
JIRA is running, but isn't accessible in the browser.
The following appears in the
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:983) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... Caused by: java.net.BindException: Permission denied <null>:80 at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) ... Caused by: java.net.BindException: Permission denied at java.net.PlainSocketImpl.socketBind(Native Method) at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:383) ...
Linux restricts the first 1024 ports to the
root user only. If JIRA is running on port below 1024 as a non-root user, then you will get the above error. For more information on this Linux restriction, please have a look at First 1024 ports restricted to root user in Linux.
Running JIRA as the root user is not at all recommended. This introduces a critical security risk as an attacker could gain control of the rest of the server through Tomcat with superuser permissions if it is breached.
There are several options to handle this:
- Run JIRA on port a port greater than 1024, but through a reverse proxy so that JIRA can be accessed on 80. Further information can be found in the following documentation:
Using Linux, you can reroute port 80 to redirect to other ports. For example this will cause port 80 to route to port 8080 and means you can run Tomcat on 8080 and users can connect to it from port 80:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
- Run JIRA on Windows as there are no restrictions on ports under 1024.
If JIRA has been started by the root user, you may encounter the following error due to the
root user altering the file permissions: Action in Jira server fails with FileNotFoundException.
Additionally, the points in Confluence's Permission denied error when binding a port KB apply to JIRA as well.