duanrong5927
2019-02-14 12:21
浏览 623
已采纳

GCP上的golang =>监听tcp:443:绑定:权限被拒绝

I have an issue trying to setup an https on Google Cloud Platform using golang + let's encrypt

  • I already have a domain targeting the IP of the instance

  • Also I got a let's encrypt certificate and chain saved on /etc/letsencrypt/live/mydomain.com/

  • I already setup myapp to use the cert and configured to run as a service using myapp.service via systemctl

And after all this configurations I always get the next error message:


Feb 14 11:29:47 https https[1982]: 2019/02/14 11:29:47 listen tcp :443: bind: permission denied
Feb 14 11:29:47 https systemd[1]: https.service: Main process exited, code=exited, status=1/FAILURE
Feb 14 11:29:47 https systemd[1]: https.service: Unit entered failed state.
Feb 14 11:29:47 https systemd[1]: https.service: Failed with result 'exit-code'.

图片转代码服务由CSDN问答提供 功能建议

我尝试使用golang +加密在Google Cloud Platform上设置https时遇到问题

  • 我已经有一个针对实例IP的域

  • 我还让我们加密了证书并保存了链 在/etc/letsencrypt/live/mydomain.com /

  • 上,我已经设置myapp以使用证书,并配置为通过systemctl使用myapp.service作为服务运行 / p>

    所有这些配置之后,我总是得到下一条错误消息:


      2月14日11:29:47 https https [1982]:2019/02/14 11:29:47收听tcp:443:绑定:权限被拒绝
    2月14日11:29:47 https systemd [1]:  https.service:退出主进程,代码已退出,状态为1 / FAILURE 
    Feb 14 11:29:47 https systemd [1]:https.service:设备进入失败状态。
    Feb 14 11:29:47 https systemd  [1]:https.service:失败,返回结果为“退出代码”。
       
     
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongyu8664 2019-02-14 14:49
    已采纳

    Ok, I just look for more info about CAP_NET_BIND_SERVICE and I found an answer of Scott Stensland inside this other post:

    https://unix.stackexchange.com/questions/455221/setcap-not-found-in-debian-9/455234#455234

    Now looks fixed ... thanks

    But now I have a "open /etc/letsencrypt/live/mydomain.com/cert.pem: permission denied" error :\ (looking for other solutions in progress...)

    点赞 评论
  • dongxili9934 2019-02-14 12:32

    If you want to bind to a privileged port (ports less than 1024). You either need to be root or have the CAP_NET_BIND_SERVICE capability.

    点赞 评论

相关推荐 更多相似问题