Unable to Access JIRA due to BindException Permission Denied

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

症状

JIRA is running, but isn't accessible in the browser.

atlassian-jira.log に次のメッセージが表示される。

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    ...
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	...
Caused by: java.net.BindException: Permission denied <null>:80
	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
	...
Caused by: java.net.BindException: Permission denied
	at java.net.PlainSocketImpl.socketBind(Native Method)
	at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:383)
    ...

原因

Linux restricts the first 1024 ports to the root user only. If JIRA is running on port below 1024 as a non-root user, then you will get the above error.  For more information on this Linux restriction, please have a look at First 1024 ports restricted to root user in Linux.

ソリューション

 

Running JIRA as the root user is not at all recommended. This introduces a critical security risk as an attacker could gain control of the rest of the server through Tomcat with superuser permissions if it is breached.

There are several options to handle this:

  1. Run JIRA on port a port greater than 1024, but through a reverse proxy so that JIRA can be accessed on 80. Further information can be found in the following documentation:
  2. Using Linux, you can reroute port 80 to redirect to other ports. For example this will cause port 80 to route to port 8080 and means you can run Tomcat on 8080 and users can connect to it from port 80:

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
  3. Run JIRA on Windows as there are no restrictions on ports under 1024.

If JIRA has been started by the root user, you may encounter the following error due to the root user altering the file permissions: Actions in Jira server fails with FileNotFoundException in the Jira logs.

Additionally, the points in Confluence's Permission denied error when binding a port KB apply to JIRA as well.

最終更新日 2018 年 11 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.