Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): 2.16.0
Describe the issue: I’m trying to start OpenSearch Dashboards with HTTPS in Port 443 using the Helm Charts but I get an error: “Error: listen EACCES: permission denied 0.0.0.0:443”
I was able to configure HTTPS with the certificates with the default port 5601 but now I’m trying to change the port and getting the error.
Configuration:
Here is my values.yaml:
opensearchHosts: "https://opensearch-cluster-2-16-0:9200"
replicaCount: 1
image:
repository: "opensearchproject/opensearch-dashboards"
tag: "2.16.0"
pullPolicy: "Always"
startupProbe:
tcpSocket:
port: 443
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 20
successThreshold: 1
initialDelaySeconds: 10
livenessProbe:
tcpSocket:
port: 443
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 10
successThreshold: 1
initialDelaySeconds: 10
readinessProbe:
tcpSocket:
port: 443
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 10
successThreshold: 1
initialDelaySeconds: 10
ingress:
enabled: true
ingressClassName: "azure-application-gateway"
annotations:
appgw.ingress.kubernetes.io/health-probe-port: "443"
appgw.ingress.kubernetes.io/backend-protocol: https
hosts:
- host: opensearch.myhost.com
paths:
- path: /
backend:
serviceName: os-dashboards-2-16-0-opensearch-dashboards
servicePort : 443
tls:
- hosts:
- opensearch.myhost.com
secretName: opensearch-dashboards-app-tls
config:
opensearch_dashboards.yml: |
opensearch.hosts: [https://opensearch-cluster-2-16-0:9200]
opensearch.ssl.verificationMode: none
opensearch.requestHeadersWhitelist: [authorization, securitytenant]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]
server.host: '0.0.0.0'
server.port: 443
server.ssl.enabled: true
server.ssl.key: /tmp/opensearch-dashboards.key
server.ssl.certificate: /tmp/opensearch-dashboards.crt
opensearch_security.cookie.secure: true
secretMounts:
- name: opensearch-dashboards-cert
secretName: opensearch-dashboards-cert
path: /tmp/opensearch-dashboards.crt
subPath: opensearch-dashboards.crt
- name: opensearch-dashboards-cert-key
secretName: opensearch-dashboards-cert-key
path: /tmp/opensearch-dashboards.key
subPath: opensearch-dashboards.key
Relevant Logs or Screenshots:
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["info","plugins-service"],"pid":1,"message":"Plugin \"applicationConfig\" is disabled."}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["info","plugins-service"],"pid":1,"message":"Plugin \"cspHandler\" is disabled."}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["info","plugins-service"],"pid":1,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["info","plugins-service"],"pid":1,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["info","plugins-service"],"pid":1,"message":"Plugin \"workspace\" is disabled."}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["warning","config","deprecation"],"pid":1,"message":"\"cpu.cgroup.path.override\" is deprecated and h
as been replaced by \"ops.cGroupOverrides.cpuPath\""}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["warning","config","deprecation"],"pid":1,"message":"\"cpuacct.cgroup.path.override\" is deprecated a
nd has been replaced by \"ops.cGroupOverrides.cpuAcctPath\""}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["warning","config","deprecation"],"pid":1,"message":"\"opensearch.requestHeadersWhitelist\" is deprec
ated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
{"type":"log","@timestamp":"2024-11-27T05:11:16Z","tags":["fatal","root"],"pid":1,"message":"Error: listen EACCES: permission denied 0.0.0.0:443\n at Server
.setupListenHandle [as _listen2] (node:net:1800:21)\n at listenInCluster (node:net:1865:12)\n at doListen (node:net:2014:7)\n at processTicksAndReject
ions (node:internal/process/task_queues:83:21) {\n code: 'EACCES',\n errno: -13,\n syscall: 'listen',\n address: '0.0.0.0',\n port: 443\n}"}
FATAL Error: listen EACCES: permission denied 0.0.0.0:443
Have you ever seen this before? any ideas? thanks in advance.