EACCES: permission error when using port 80 with Docker images for node 16/18

Hi!

Now that 3.0 is out, I wanted to use that opportunity to also switch to the Docker images that have a more recent version of node.

I've been successfully running this docker-compose.yml file on a RPi 4B:

version: "3.8"
services:
  nodered:
    image: nodered/node-red:3.0.0-14-minimal
    privileged: true
    user: root:root
    cap_add:
      - SYS_ADMIN
      - NET_ADMIN
    volumes:
      - ./data/nodered:/data
      - /etc/localtime:/etc/localtime
    depends_on:
      - mqtt
    network_mode: host
    restart: always
    environment:
      - TZ=Europe/Berlin

I'm mainly running as root and use the host network mode to be able to use port 80 for Alexa emulation, via node-red-contrib-amazon-echo.

Now, when I try both of nodered/node-red:3.0.0-16-minimal and nodered/node-red:3.0.0-18-minimal, i.e. updated versions of node as the image, during startup, I get this error:
[error] Error: listen EACCES: permission denied 0.0.0.0:80
(via docker compose logs -f).

Does anybody know why this happens with the 16 and 18 Docker images, but not the 14 one?

Thanks a lot!
Tobias

1 Like

Just to push the thread a bit again:
I faced exactly the same problem after the update to 3.0.

But just the info that it works with node 14 helped me in the short term.
However, I have not yet come closer to a fundamental solution of the phenomenon.

@hardillb As the maintainer of the Docker images, do you maybe have any ideas or suggestions here? Is it maybe something about the node base image?

The problem is that Node have changed how npm works when run as root, it now automatically remaps it's self to run as the user that owns the directory where the package.json file lives (in this case the node-red user). I really don't like this change and I'm looking at what to do to fix it, but it will not be a quick change.

The npm version packaged with the nodejs 14 build will be older than the change.

But unless you have a VERY VERY good reason you should NOT be running node-red as root you really shouldn't be and just to run on port 80 directly isn't a good reason. Either use Dockers port mapping to map the exposed port to port 1880 or run a real HTTP server as a reverse proxy infront of Node-RED.

2 Likes

Hi @hardillb,

thanks a lot! Yes, this would explain this problem! It would be great if you could find a solution for this in the Node-RED Docker images for this!

And I totally agree that running as the root user should be avoided, but I haven't yet found a way for my specific setup. I'm using node-red-contrib-amazon-echo (the local Alexa hub emulation, in contrast to the cloud/skill-based variant that your service offers), and due to the Alexa-port-80-requirement and the need for SSDP, I believe that Docker's network: host mode is needed (and port mapping are not taken into account then). And this again means that I need root to be able to use port 80...

Best wishes,
Tobias

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.