我試圖用非root用戶在docker映像(繼承自microsoft/aspnetcore)內運行一個veery簡單的hello world aspnetcore應用程序,並且出現此錯誤:Aspnetcode與非root用戶在Linux中運行
crit: Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.AggregateException: One or more errors occurred. (Error -13 EACCES permission denied) ---> Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -13 EACCES permission denied at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.ThrowError(Int32 statusCode) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.tcp_bind(UvTcpHandle handle, SockAddr& addr, Int32 flags) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvTcpHandle.Bind(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.TcpListenerPrimary.CreateListenSocket() at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Listener.b__8_0(Object state) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.ListenerPrimary.d__12.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelEngine.CreateServer(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.KestrelServer.Start[TContext](IHttpApplication`1 application) ---> (Inner Exception #0) Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -13 EACCES permission denied at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.ThrowError(Int32 statusCode) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.tcp_bind(UvTcpHandle handle, SockAddr& addr, Int32 flags) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvTcpHandle.Bind(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.TcpListenerPrimary.CreateListenSocket() at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Listener.b__8_0(Object state) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.ListenerPrimary.d__12.MoveNext()<---
似乎aspnetcore不能沒有root權限運行,而且在某些情況下具有非常有限的安全策略root用戶不允許運行泊塢窗圖像的主要過程。
是否有任何方式在非root用戶的Linux中運行aspnetcore應用程序?
由於相同的安全策略,Sudo選項無效。
謝謝,
這就是Linux的工作原理。對於所有端口<= 1024,您需要root綁定到 – Tseng
在附註上,您絕不應該在端口80上運行ASP.NET Core,因爲這是大多數Web服務器用作默認端口的端口。這個問題表明你可能會嘗試直接將ASP.NET Core應用程序暴露給互聯網。 **不要這樣做** Kestrel(現在)不應該作爲面向互聯網的服務器,並且總是在反向代理(apache,nginx,iis)之後運行,唯一的例外是WebListener被批准用於IFS ,但它僅限於Windows – Tseng