0

i have built a nodejs application using docker. The image is pushed to a private ACR repository. I want to deploy it to an Azure ContainerApp in a vnet.

In the Docker File i have opened port 80 Contents:

FROM node:16-alpine
WORKDIR /app
COPY --from=build /app/package*.json ./ 
RUN npm ci --omit-dev --ignore-scripts
RUN npm audit fix
COPY --from=build /app/build ./build

EXPOSE 80
USER node
ENV PORT=80
CMD ["node", "./build/index.js"]

The existing containerApp in Azure is deployed in a Virtual Network and has ingress enabled on port 80. I tested the containerApp after deploying public

image running on port 80: 'mcr.microsoft.com/azuredocs/aci-helloworld'

and page works.

I update the containerApp revision manually by editing the containerApp enter image description here

The containerApp pulls the image from ACR successfully, but the revision failsenter image description here

In ContainerApp System logs

Successfully pulled image
Created container xy-app
startup probe failed: connection refused
startup probe failed: connection refused
Persistent Failiure to start container
Container 'xy-app' was terminated with exit code '1'

In ContainerApp Console logs

Error: listen EACCES: permission denied 0.0.0.0:80
2023-07-14T15:46:07.354907334Z     at Server.setupListenHandle [as _listen2] (node:net:1446:21)
2023-07-14T15:46:07.354911202Z     at listenInCluster (node:net:1511:12)
2023-07-14T15:46:07.354914899Z     Emitted 'error' event on Server instance    code: 'EACCES',
 port: 80

My assumption that the container cannot open port 80(which needs root access). Even if i try giving su in Command Override input box, it fails with the same error: enter image description here

Update

I updated the Docker file as per the answer given below:

FROM node:16-alpine as build

WORKDIR /app
COPY . .
RUN npm ci
RUN npm audit fix
RUN npm run build


FROM node:16-alpine
WORKDIR /app
COPY --from=build /app/package*.json ./ 
RUN npm ci --omit-dev --ignore-scripts
RUN npm audit fix
COPY --from=build /app/build ./build
RUN apk add libcap2
RUN setcap 'cap_net_bind_service=+ep' $(which node)
EXPOSE 80
USER node
ENV PORT=80
CMD ["node", "./build/index.js"]

When the docker image is getting built i am getting this error as shown: enter image description here

/bin/sh: setcap: not found
The command '/bin/sh -c setcap 'cap_net_bind_service=+ep' $(which node)' returned a non-zero code: 127
##[error]The command '/bin/sh -c setcap 'cap_net_bind_service=+ep' $(which node)' returned a non-zero code: 127
##[error]The process '/usr/bin/docker' failed with exit code 127
Coder
  • 39
  • 6

1 Answers1

0

non-root users, USER node can't listen to ports <1024 by default. Listen to a different port > 1024 or set something like

RUN apk add libcap2 && \
    setcap 'cap_net_bind_service=+ep' $(which node)
ahmelsayed
  • 7,125
  • 3
  • 28
  • 40
  • Thanks, I have updated the DockerFile with the above code and getting the error as updated in the question above – Coder Jul 15 '23 at 14:03