Gunicorn can't bind port 80

Question

I (want to) have a Google Cloud server running a Gunicorn server, however it refuses to bind to port 80, despite it being free.

Here's the command I'm using to start it:

gunicorn -w 4 -b 0.0.0.0:80 app:app

But I get the following error:

[2023-08-05 22:52:35 +0000] [8093] [INFO] Starting gunicorn 21.2.0
[2023-08-05 22:52:35 +0000] [8093] [ERROR] Retrying in 1 second.
[2023-08-05 22:52:36 +0000] [8093] [ERROR] Retrying in 1 second.
[2023-08-05 22:52:37 +0000] [8093] [ERROR] Retrying in 1 second.
[2023-08-05 22:52:38 +0000] [8093] [ERROR] Retrying in 1 second.
[2023-08-05 22:52:39 +0000] [8093] [ERROR] Retrying in 1 second.
[2023-08-05 22:52:40 +0000] [8093] [ERROR] Can't connect to ('0.0.0.0', 80)

But when I run netstat there doesn't seem to be anything else using that port:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      867/sshd: /usr/sbin 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      466/systemd-resolve 
tcp6       0      0 :::22                   :::*                    LISTEN      867/sshd: /usr/sbin 
udp        0      0 127.0.0.53:53           0.0.0.0:*                           466/systemd-resolve 
udp        0      0 10.152.0.5:68           0.0.0.0:*                           462/systemd-network 
udp        0      0 127.0.0.1:323           0.0.0.0:*                           1331/chronyd        
udp6       0      0 ::1:323                 :::*                                1331/chronyd

If I use any other port it "works" fine, however I cannot seem to be able to access it from either a TCP scanner or web browser. I enabled HTTP/S on Google Cloud and I have another VM running Apache just fine.

@JohnHanley Whenever I try to run it as sudo it can't seem to find the command: 'sudo: gunicorn: command not found'. Do I need to add it to PATH or something? — llama-for3ver, Aug 06 '23 at 00:49

score 2 · Answer 1 · answered Aug 06 '23 at 02:26

When you run sudo, it replaces your $PATH with a known "safe" path (to avoid security issues when someone places a malicious command named ls somewhere in your user $PATH and suddenly you're running it as root).

You may be able just run:

sudo $(which gunicorn) -w 4 ...

That puts the fully qualified path to gunicorn on the command line so that $PATH doesn't matter.

It's also possible to configure things so that an unprivileged process can bind low numbered ports. This article suggests some granular per-program or per-port options; you can also set the net.ipv4.ip_unprivileged_port_start sysctl to 0 to get rid of "privileged ports" altogether.

Gunicorn can't bind port 80

1 Answers1