Overview
Enabling web server encryption following Dremio's wire encryption documentation can cause the coordinator to fail on start up with a failure to bind to the port 443.
Applies To
All versions of Dremio where the process runs as a non root user (recommended)
Details
Configuring Web Server encryption by editing demio.conf per the following:
# Web server encryption
services.coordinator.web.ssl.enabled: true
services.coordinator.web.ssl.auto-certificate.enabled: true
services.coordinator.web.port: 443
Restart the dremio service
$ sudo service dremio restart
Error observed seen in the server.log
2022-12-30 16:33:25,466 [main] ERROR ROOT - Dremio is exiting. Failure while starting services.
com.dremio.dac.server.ServerErrorException: Server error Failed to bind to 0.0.0.0/0.0.0.0:443
at com.dremio.dac.server.DremioServer.startDremioServer(DremioServer.java:109)
at com.dremio.dac.server.WebServer.start(WebServer.java:143)
at com.dremio.service.SingletonRegistry$AbstractServiceReference.start(SingletonRegistry.java:137)
...
Caused by: java.io.IOException: Failed to bind to 0.0.0.0/0.0.0.0:443
at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:349)
at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:310)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
...
Caused by: java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:461)
at sun.nio.ch.Net.bind(Net.java:453)
...
Cause
The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you.
Workaround
Use a port above 1024, such as 8080 or 9047
# Web server encryption
services.coordinator.web.ssl.enabled: true
services.coordinator.web.ssl.auto-certificate.enabled: true
services.coordinator.web.port: 9047
Solution
Speak with your security team to work on a solution as this is enabled as a security feature. If you need to use port 443, then there may be solutions that can be employed such as using a firewall to forward traffic from a privileged port to a non-privileged port.