Summary
This article explains the issue of the Dremio coordinator failing to start up after enabling web server encryption due to a failure to bind to port 443. It provides the cause, troubleshooting steps and a workaround to resolve the issue.
Reported Issue
Enabling web server encryption by configuring SSL in dremio.conf and setting the web server port to 443 causes the Dremio coordinator to fail on startup with an error message indicating a failure to bind to port 443.
Relevant Versions
All versions of Dremio where the process runs as a non-root user (recommended).
Troubleshooting Steps
Check the server.log for an error similar to the following:
2022-12-30 16:33:25,466 [main] ERROR ROOT - Dremio is exiting. Failure while starting services. com.dremio.dac.server.ServerErrorException: Server error Failed to bind to 0.0.0.0/0.0.0.0:443 ... Caused by: java.net.SocketException: Permission denied
Steps to Resolve
TCP/IP port numbers below 1024 are treated with additional security, and non admin users are not by default, allowed to run up services using them. This is a security feature to ensure that services running on these ports are genuine and not fake services set up by hackers.
If you use a port above 1024, such as 8080 or 9047, instead of port 443, Dremio will start. Edit dremio.conf and change the web server port:
# Web server encryption services.coordinator.web.ssl.enabled: true services.coordinator.web.ssl.auto-certificate.enabled: true services.coordinator.web.port: 9047
Restart the Dremio service:
$ sudo service dremio restart
Next Steps
Consult with your security team to explore solutions if you need to use port 443. One potential solution could be using a firewall to forward traffic from a privileged port to a non-privileged port.
Additional Resources
Restart the Dremio service:
$ sudo service dremio restart