Unable to Access JIRA due to BindException Permission Denied
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
JIRA is running, but isn't accessible in the browser.
The following appears in the atlassian-jira.log:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
...
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
...
Caused by: java.net.BindException: Permission denied <null>:80
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
...
Caused by: java.net.BindException: Permission denied
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:383)
...Cause
Linux restricts the first 1024 ports to the root user only. If JIRA is running on port below 1024 as a non-root user, then you will get the above error. For more information on this Linux restriction, please have a look at First 1024 ports restricted to root user in Linux.
Resolution
Running JIRA as the root user is not at all recommended. This introduces a critical security risk as an attacker could gain control of the rest of the server through Tomcat with superuser permissions if it is breached.
There are several options to handle this:
Run JIRA on port a port greater than 1024, but through a reverse proxy so that JIRA can be accessed on 80. Further information can be found in the following documentation:
Using Linux, you can reroute port 80 to redirect to other ports. For example this will cause port 80 to route to port 8080 and means you can run Tomcat on 8080 and users can connect to it from port 80:
1iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080Run JIRA on Windows as there are no restrictions on ports under 1024.
If JIRA has been started by the root user, you may encounter the following error due to the root user altering the file permissions: Actions in Jira server fails with FileNotFoundException in the Jira logs.
Additionally, the points in Confluence's Permission denied error when binding a port KB apply to JIRA as well.
Was this helpful?