Octopus Deploy Documentation

Troubleshooting Access Denied Starting Http Listener

Last updated

Octopus requires certain permissions to launch the HTTP Listener - the web server that serves up the Octopus Portal.

When the user that launches Octopus does not have these permissions, you will receive an error:

An Access Denied error was received trying to start the HttpListener.

Linux

On Linux (and other *nix variants), elevated privileges are required to listen on ports lower than 1024. To resolve this issue, you have several options:

  1. Reconfigure your Octopus Server to use a higher number port. Ports higher than 1024 are not considered privileged, so can be used by userland processes. You can combine this with a reverse proxy (such as Nginx, HAProxy or even iptables) to expose your desired port.
  2. This superuser.com article has many suggestions, including
    1. Use CAP_NET_BIND_SERVICE to grant low-numbered port access to a process
    2. Use authbind to grant one-time access to allow acess to a specific user
  3. Finally, though not recommended, you can launch Octopus Server as the root user (for example, using sudo).

Windows

On Windows, users who are not part of the local Administrators group cannot listen on any port, unless a URL reservation is made.

This can be done via the following command:

netsh http add urlacl url=<URL> user=<USER>

For example:

netsh http add urlacl url=http://localhost:80 user=DOMAIN\user

Running netsh requires administrative rights.

While not recommended, you can also run your Octopus Server as a user who is part of the local Administrators group.

Need support? We're here to help.