Error starting userland proxy: Bind for 0.0.0.0:80: unexpected error Permission denied

I am running the latest Docker CE, 17.09, under Windows 10 Pro, and using two different examples am getting Permission denied.

Docker site example: docker run -d -p 80:80 --name webserver nginx

AWS site Docker example: docker run -p 80:80 hello-world

both returned the same error.
> docker: Error response from daemon: driver failed programming external connectivity on endpoint XXXXX: Error starting userland proxy: Bind for 0.0.0.0:80: unexpected error Permission denied.

I solved my issue on Windows 10 Pro, turned out I had the World Wide Web Publishing Service turned on somehow. Took me a while to find that, after noting via netstat -a -n that I had a :80 listener somewhere/somehow. Silly me. Shut it down, and I was fine with port 80.

Change the port using these commands as follow:

docker container ls //show the container infos, note the ports info.

docker stop webserver

docker rm webserver  //shut down currently webserver

docker run -d -p 8080:80 --name webserver nginx (or 8000:80)

Finally, let's input localhost:8080 to show whether the connection is successful in the browser.

The problem is general-use ports like 80, 443, 22, .. (in general ports < 1024) are system-protected so you need privileges to use them, here it'll be enough to be a system administrator and execute command as a administrator.

If it doesn't have to be :80 try using other port, like :8080, if that doesn't help and the error doesn't change, the problem goes deeper.

On macOS Mojave Version 10.14.2 this command worked for me:

sudo apachectl stop

Before executing this command, run

sudo lsof -i -P | grep "LISTEN"

and check if httpd is the identifier of the listener on :80 e.g.:

If it is, then it's actually the Mac apache that causes the problem.

The First course of action that you should take is to run the command:

netstat -aon | findstr [port#]

This will tell you if a process is running on the given port. If that is the case then you can kill the process with the command:

taskkill /PID [PID] /F

This will kill the process using that port. You will then be able to bind a new process to the port.

I also had come across a time when netstat -aon did not return that a process was running for a port that I desired to use but it certianly had a process running on it was wasn't allowing me to run a new process on the port. I was able to remedy the problem with the following:

Start Windows in Safe Mode with Networking

In powershell/cmd run the command:

netsh int ipv4 add excludedportrange protocol=tcp startport=[PORT] numberofports=1

This will reserve the port so when you boot back into normal windows mode no application will steal the port before you can use it.

The reason I got this error was because the port was already in use. Changed to a different port and I no longer received this error.

On Windows 10 Pro running Docker command from a CMD Window with As Administrator, I still have the issues (as per @mikael-chudinov above). I really want to use port 80 so the other answers are not suitable for me.

Please see this blog post by Jens at www.jens79.de

From powershell, run the command:

Get-NetTCPConnection -LocalPort 80 | Format-List

This for me showed up a single process with pid = 4

In System monitor this is the "System" process, but as per the article listed above, it is actually IIS running as "World Wide Web Publishing Service".

Assuming that you don't need IIS running, in the Windows Services console, Stop and Disable "World Wide Web Publishing Service", then try again.

The port is in use by VisualStudio without debugging. Close VS then reopen.

I recently came across this issue while trying to load up a docker environment to maintain an old project. In my case, the default instance of Apache was running on my Mac after a recent OS update, and needed to be shut down before port 80 was available. You can shut it down with this command:

sudo /usr/sbin/apachectl stop

If you're still having trouble, you could use the following command to see the PIDs of what's running on a given port (in this case, 80):

lsof -t -i :80

You can attempt to shut down whatever is running on those ports with the kill command; just be sure you aren't going to kill anything important!

kill $(lsof -t -i :80)

This helped me. The port mentioned in the error message indeed was within one of reserved port ranges: https://stackoverflow.com/questions/54181219/windows-cant-bind-to-port-above-49690

Had same issue, my container just would not start and display following error msg when trying to start the container:

Error response from daemon: driver failed programming external connectivity on endpoint ..... Error starting userland proxy: Bind for 0.0.0.0:1521: unexpected error Permission denied.

with following command for starting a oracle container:

docker run -d -p 1521:1521 ...

For me i think its the result of a uninstalled oracle instance that is not properly uninstalled. Port still used or something. But simply changing to another port fixed the issue as shown below:

docker run -d -p 1523:1521 ...

Listening on a privileged port (lower then 1024) requires special capabilities from the kernel.

You have two options:

1 ) Run your container as root - don't do it.

2 ) Give the container the relevant capability only - in your case its the NET_BIND_SERVICE capability which bind a socket to privileged ports.

So if the image you use is running as root by default - make sure first to create a non root user and attach it to a group - add this line to your Dockerfile:

RUN set -x \
    && addgroup --system --gid 101 nginx \
    && adduser  --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx

And run the container with net_bind_service only:

docker run -it -p 8080:80 --cap-drop all --cap-add net_bind_service <image-name>:<tag>

I also have the same issue. If a proxy is already installed on your system, then the container port is surrounded by a proxy and you need to use a proxy to run the container once and you will not need to do this for the next time.

The problem is you are not having permission to run image in port 80. To do so add --user root in your docker run command. This will provide root privileges and it will run.

Verify if the nginx in the host machine is started and stop it.

sudo service nginx stop

1,docker run -p 80:80 nginx

If command 1 does’t work then try command 2.

2, docker run -d -p 8080:80 --name webserver nginx

After that go to browser and type localhost:8080

The above command will solve.