.NET 5 - Unable to start Kestrel - System.Net.Sockets.SocketException (13): Permission denied

[igrwijaya]

Hi I want to deploy .NET 5 app to AWS Lambda using docker image container but after success deploy the app and testing using AWS API Gateway, I've an issue that I can't resolve. Here the detail of log information when starting the app:

==========================================

2021-01-02T15:32:01.708+08:00 - �[41m�[1m�[37mcrit�[39m�[22m�[49m: Microsoft.AspNetCore.Server.Kestrel[0]
-- - --
  - 2021-01-02T15:32:01.708+08:00 - Unable to start Kestrel.
  - 2021-01-02T15:32:01.708+08:00 - System.Net.Sockets.SocketException (13): Permission denied
  - 2021-01-02T15:32:01.708+08:00 - at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
  - 2021-01-02T15:32:01.708+08:00 - at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
  - 2021-01-02T15:32:01.708+08:00 - at System.Net.Sockets.Socket.Bind(EndPoint localEP)
  - 2021-01-02T15:32:01.708+08:00 - at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketConnectionListener.<Bind>g__BindSocket\|13_0(<>c__DisplayClass13_0& )
  - 2021-01-02T15:32:01.708+08:00 - at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketConnectionListener.Bind()
  - 2021-01-02T15:32:01.708+08:00 - at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransportFactory.BindAsync(EndPoint endpoint, CancellationToken cancellationToken)
  - 2021-01-02T15:32:01.708+08:00 - at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.TransportManager.BindAsync(EndPoint endPoint, ConnectionDelegate connectionDelegate, EndpointConfig endpointConfig)
  - 2021-01-02T15:32:01.708+08:00 - at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<>c__DisplayClass29_0`1.<<StartAsync>g__OnBind\|0>d.MoveNext()

==========================================

Docker configuration like below:

`FROM public.ecr.aws/lambda/dotnet:5.0 AS base
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:5.0-buster-slim AS build

WORKDIR /src
COPY StaviStudentRegistration.sln ./

COPY Stavi.Student.Registration.API/*.csproj ./Stavi.Student.Registration.API/

RUN dotnet clean
RUN dotnet restore

COPY . .

WORKDIR /src/Stavi.Student.Registration.API
RUN dotnet build -c Release -o /app/publish

FROM build AS publish
RUN dotnet publish \
    --configuration Release \ 
    --runtime linux-x64 \
    --output /app/publish \
    -p:PublishReadyToRun=true 

FROM base AS final
WORKDIR /usr/secret
COPY Secret/secret.json .

#for security reason, I hide the env name
ENV XXX=/usr/secret/secret.json

WORKDIR /var/task
COPY --from=publish /app/publish .

ENTRYPOINT ["/var/lang/bin/dotnet", "Stavi.Student.Registration.API.dll"]`

Here my program.cs :

public class Program
    {
        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }

        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.ConfigureKestrel(option =>
                    {
                        option.ListenAnyIP(80);
                    });

                    webBuilder.UseStartup<Startup>();
                });
    }

Here my startup.cs:

public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();
            services.AddSwaggerGen(c =>
            {
                c.SwaggerDoc("v1", new OpenApiInfo { Title = "Stavi.StudentRegistration.API", Version = "v1" });
            });

            services.InitiateThirdParty();
            services.AddDependency();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseSwagger();
                app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Stavi.StudentRegistration.API v1"));
            }

            app.UseHttpsRedirection();

            app.UseRouting();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }

I don't have any idea how to fix this, can someone help me? thank you..

[angelobreuer]

I am just looking around, but maybe this can help you:

I guess that either some other service is running on port 80, or the process does not have enough privileges to bind on that port (some operating systems need elevated privileges to bind on ports lower or equal to 1024).

In your error log, you can see that it tries to bind the socket to the endpoint and fails due to insufficient permissions.

If running with elevated privileges does not work, try to bind on a port that is above 1024.

Good luck! 👍

[igrwijaya]

thank you for the response, I've update the implementation on the AWS server to fix the issue