Unable to start Kestrel. System.Net.Sockets.SocketException (13): Permission denied while running alpine as non root user
See original GitHub issueFrom @endejoli on Monday, 22 October 2018 19:03:34
Steps to reproduce the issue
1.Use the below Dockerfile to build image
FROM microsoft/dotnet:2.1-aspnetcore-runtime-alpine3.7
EXPOSE 5000
WORKDIR /app
COPY ./app/* /app/
RUN adduser -D buildadmin
RUN chown buildadmin:buildadmin /app /app/*
USER buildadmin
ENTRYPOINT ["dotnet", "Template.Sample.dll"]
- Building and running the image gives below error
18:10:59 INF] Starting web host
[18:10:59 INF] User profile is available. Using '/home/buildadmin/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
[18:10:59 INF] Creating key {c07b8334-0237-48ed-817e-9dcb73382d0e} with creation date 2018-10-22 18:10:59Z, activation date 2018-10-22 18:10:59Z, and expiration date 2019-01-20 18:10:59Z.
[18:10:59 WRN] No XML encryptor configured. Key {c07b8334-0237-48ed-817e-9dcb73382d0e} may be persisted to storage in unencrypted form.
[18:10:59 INF] Writing data to file '/home/buildadmin/.aspnet/DataProtection-Keys/key-c07b8334-0237-48ed-817e-9dcb73382d0e.xml'.
[18:10:59 FTL] Unable to start Kestrel.
System.Net.Sockets.SocketException (13): Permission denied
at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransport.BindAsync()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass22_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.AnyIPListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
[18:10:59 FTL] Host terminated unexpectedly
System.Net.Sockets.SocketException (13): Permission denied
at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransport.BindAsync()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass22_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.AnyIPListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
at Template.Sample.Program.Main(String[] args) in /repo/src/production/Template.Sample/Program.cs:line 20
Application is shutting down...
Expected behavior
It should start the webserver successuflly
Actual behavior
Additional information (e.g. issue happens only occasionally)
When i run dotnet as root user, everything works as expected
Output of docker version
docker info
Containers: 20
Running: 0
Paused: 0
Stopped: 20
Images: 37
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-1023-azure
Operating System: Ubuntu 16.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 6.807GiB
Name: actaz-prod-lbf3
ID: 2SKW:7Y6P:KJBW:RAON:HGZ4:TDLT:2M5J:NWAF:EMSL:ZYHW:TZAO:L736
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Copied from original issue: dotnet/dotnet-docker#765
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:27 (13 by maintainers)
Top Results From Across the Web
Kestrel permission denied for non-root user - asp.net
Server.Kestrel[0] Unable to start Kestrel. System.Net.Sockets.SocketException (13): Permission denied at System.Net.Sockets.Socket.
Read more >Asp.net core based docker image failing
Server.Kestrel[0], Unable to start Kestrel. System.Net.Sockets.SocketException (13): Permission denied,. I tried explicitly setting the port ...
Read more >Run proget container as non root
Unable to start Kestrel. System.Net.Sockets.SocketException (13): Permission denied while running alpine as non root user
Read more >Permission denied while running alpine as non root user
Unable to start Kestrel. System.Net.Sockets.SocketException (13): Permission denied while running alpine as non root user.
Read more >How do I run an ASP.Net Core container in Kubernetes as non ...
Net docker container on Kubernetes as a non-root user. ... System.Net.Sockets.SocketException (13): Permission denied at System.Net.Sockets.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
For OpenShift images, we use these settings (taken from the s2i containers):
This configures ASP.NET Core container to bind to higher port (it does not have permission to bind to port 80 in OpenShift by default) and the
io.openshift.expose-servicesvalue configures the OpenShift routing module.Thanks @jozefizso . Adding
ENV ASPNETCORE_URLS=http://*:8080did the trick for kubernetes as well.