I am deploying Mattermost in my AWS environment using ansible. I am trying to set a secure https connection, but I keep getting this error when I go into the logs:

{:"commands/server.go:112","msg":"listen tcp :443: bind: permission denied"}
{:"app/app.go:257","msg":"Stopping Server..."}
{:"app/web_hub.go:120","msg":"stopping websocket hub connections"}
{:"app/web_hub.go:125","msg":"We appear to have already sent the stop checking for deadlocks 

I sort of have an idea that its some sort of permissions error, but I am not sure how to move forward from this. Can anyone help?

3 Answers 3


In a Linux, only root can bind to ports below 1024. A typical Ansible use case is not running as root.

See https://docs.ansible.com/ansible/2.4/become.html about privilege escalation in Ansible.

See https://superuser.com/a/892391/155147 for possible solutions for allowing privileged port binding.


I had similar issues with Grafana, after upgrading Grafana to a new version.

sudo service grafana-server status was printing out:

grafana-vm systemd[1]: grafana-server.service: Main process exited, code=exited, status=1/FAILURE
grafana-vm systemd[1]: grafana-server.service: Unit entered failed state.
grafana-vm systemd[1]: grafana-server.service: Failed with result 'exit-code'.
grafana-vm systemd[1]: grafana-server.service: Service hold-off time over, scheduling restart.
grafana-vm systemd[1]: Stopped Grafana instance.
grafana-vm systemd[1]: grafana-server.service: Start request repeated too quickly.
grafana-vm systemd[1]: Failed to start Grafana instance.
grafana-vm systemd[1]: grafana-server.service: Unit entered failed state.
grafana-vm systemd[1]: grafana-server.service: Failed with result 'start-limit-hit'.

Excerpt from the log:

lvl=eror msg="Stopped HTTPServer" logger=server reason="failed to open listener on address listen tcp bind: permission denied"
lvl=eror msg="A service failed" logger=server err="failed to open listener on address listen tcp bind: permission denied"
lvl=eror msg="Server shutdown" logger=server reason="failed to open listener on address listen tcp bind: permission denied"

It turns out this is a fix:

sudo setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server

More: https://grafana.com/docs/grafana/latest/administration/configuration/#http_port


Probably, too late to reply, however this can help someone. I absolutely agree with @Danko's answer, but I have rather found a better way of doing this.

If you have the systemd file of that service, than you can place the below into your grafana.service file for example.

AmbientCapabilities = CAP_NET_BIND_SERVICE
CapabilityBoundingSet = CAP_NET_BIND_SERVICE

If you want to know the reason behind using this, you can go through this answer. https://unix.stackexchange.com/a/581337/258106

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .