Tcp: listening on :443: listen tcp :443: bind: permission denied

I ran the AIO installer on centos 7 as per the instructions on github, and the apache container is stuck in the running state. The last line in the logs is:

run: loading initial config: loading new config: http app module: start: tcp: listening on :443: listen tcp :443: bind: permission denied

docker ps gives me:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47bb166aa270 nextcloud/aio-apache:latest “start.sh /usr/bin/s…” 6 minutes ago Up 6 minutes (healthy) 0.0.0.0:443->443/tcp, :::443->443/tcp nextcloud-aio-apache

and ss -lptn ‘sport = :443’ reports:

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :443 : users:((“docker-proxy”,pid=8391,fd=4))
LISTEN 0 128 [::]:443 [::]:

Has anyone encountered this before?

Thanks in advance!

Are you running Docker in rootless mode? If so you have to expose the privileged ports: all-in-one/docker-rootless.md at main · nextcloud/all-in-one · GitHub

Hi, thanks for your reply. No I’m running docker as root, and I have the same problem whether I call docker run with sudo, or as a user in the docker group

If the user, which is running the Docker service isn’t a system user, Linux doesn’t allow this user to run services on privileged ports. This is not a Docker specific thing and the error message is pretty clear…

But maybe something else prevents it from binding to 443… However, if some other service were already running on 443, it would say “already in use” instead of “permission denied”. So I’m not sure then…

Nevertheless, I would try this:
https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports

ss reports that 443 is bound (I presume correctly) by docker-proxy on the host, the problem is the apache instance inside the docker container