Anjan Rao
Anjan Rao

Reputation: 145

Cannot bind arango 2.8.5 to to endpoint ssl://0.0.0.0:443

I am using arangodb 2.8.5 on ubuntu 14.04 (64bit)

Small application so i am trying to avoid running another web server in front to forward requests to arango apps. Thank you very much for any direction.

Regards, Anjan

Upvotes: 3

Views: 354

Answers (1)

dothebart
dothebart

Reputation: 6067

The problem occurs in conjunction with ArangoDB dropping its root privileges to the specified user by

[server]
endpoint = ssl://0.0.0.0:443
uid=arangodb

This may become possible with ArangoDB 3.0 again, however currently you have to choose one of the workarounds to allow non-root processes to bind lower ports:

  1. authbind
  2. Using the iptables REDIRECT target to redirect a low port to a high port (the "nat" table is not yet implemented for ip6tables, the IPv6 version of iptables)
  3. SELinux or AppArmor
  4. Use the capabilities system available as of Linux kernel 2.6.24 and CAP_NET_BIND_SERVICE capability:

    setcap 'cap_net_bind_service=+ep' /usr/sbin/arangod

    And then anytime ArangoDB is executed thereafter it will get the CAP_NET_BIND_SERVICE capability. setcap is in the debian package libcap2-bin.

    More details on the capabilities can be found at:

Upvotes: 2

Related Questions