Tcp: listening on :443: listen tcp :443: bind: permission denied

I ran the AIO installer on centos 7 as per the instructions on github, and the apache container is stuck in the running state. The last line in the logs is:

run: loading initial config: loading new config: http app module: start: tcp: listening on :443: listen tcp :443: bind: permission denied

docker ps gives me:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47bb166aa270 nextcloud/aio-apache:latest ā€œstart.sh /usr/bin/sā€¦ā€ 6 minutes ago Up 6 minutes (healthy) 0.0.0.0:443->443/tcp, :::443->443/tcp nextcloud-aio-apache

and ss -lptn ā€˜sport = :443ā€™ reports:

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :443 : users:((ā€œdocker-proxyā€,pid=8391,fd=4))
LISTEN 0 128 [::]:443 [::]:

Has anyone encountered this before?

Thanks in advance!

Are you running Docker in rootless mode? If so you have to expose the privileged ports: all-in-one/docker-rootless.md at main Ā· nextcloud/all-in-one Ā· GitHub

Hi, thanks for your reply. No Iā€™m running docker as root, and I have the same problem whether I call docker run with sudo, or as a user in the docker group

If the user, which is running the Docker service isnā€™t a system user, Linux doesnā€™t allow this user to run services on privileged ports. This is not a Docker specific thing and the error message is pretty clearā€¦

But maybe something else prevents it from binding to 443ā€¦ However, if some other service were already running on 443, it would say ā€œalready in useā€ instead of ā€œpermission deniedā€. So Iā€™m not sure thenā€¦

Nevertheless, I would try this:
https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports

ss reports that 443 is bound (I presume correctly) by docker-proxy on the host, the problem is the apache instance inside the docker container