OSX High Sierra: can't listen on port 80

[thom-nic]

I'm not sure what I'm doing wrong but puma-dev works fine on any port except for port 80:

This works as expected:

sudo puma-dev -dir /Users/me/.puma-dev --http-port 81 --https-port 443 -d dev:test:localhost 

This does not:

$ sudo puma-dev -dir /Users/me/.puma-dev --http-port 80 --https-port 443 -d dev:test:localhost
* Directory for apps: /Users/me/.puma-dev
* Domains: dev, test, localhost
* DNS Server port: 9253
* HTTP Server port: 80
* HTTPS Server port: 443
! Puma dev listening on http and https
^C! Shutdown requested

I get "connection refused":

curl -vH "Host: puma-dev" localhost/events
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connection failed
* connect to 127.0.0.1 port 80 failed: Connection refused
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 80 failed: Connection refused
* Failed to connect to localhost port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 80: Connection refused

lsof tells me nothing is listening on port 80 except for puma-dev:

$ sudo lsof -i 4tcp |grep ":http "
puma-dev   4383 root    5u  IPv4 0xdd95588c6c9e0223      0t0  TCP localhost:http (LISTEN)

[mrsweaters]

Mine consistently stops working and is fixed temporarily by running puma-dev -install.

[thom-nic]

Glad it's not just me. I can't figure out why this one piece of software would have trouble listening only on one particular port. (after confirming nothing else is listening on that port.)

[sailman]

Me too. Working in Chrome but not is Safari.

[thom-nic]

Me too. Working in Chrome but not is Safari

Well that might be a different problem then. In my case puma-dev can't listen on the port so it has nothing to do with what browser you're trying to use.

[bpollack]

We're seeing this on one machine and not on another, both on High Sierra. On both machines, lsof indicates that puma-dev is listening; it just doesn't actually listen on one of the machines, consistently returning "Connection refused" with any app we try with. 443 works fine on both, but isn't actually usable for work due to #127 / #139.

[bullfight]

Just to note, this isn't limited to High Sierra.

I am on Sierra 10.12.6 (16G1114) and have to use port 81

[Cian911]

Chrome is now forcing all .dev domains to HTTPS via pre-loaded HSTS. See here for further info: Related Article

Don't know if there's a quick fix to this other than changing your local domain ext from .dev to something like .test

[thom-nic]

@Cian911 this has nothing to do with Chrome. It does not work with curl or Firefox or telnet either. In fact it has nothing to do with the browser because the problem it's that puma-dev doesn't appear to ever listen on port 80.

Yes there's a problem with .dev and preloaded HSTS on Chrome but that's not the issue being described here.

[richardvenneman]

@Cian911 @thom-nic It seems this has been happening since the latest High Sierra update (http://blokspeed.net/2017/high-sierra-1032-forces-local-dev-sites-use-https). I spend some time trying to fix this but the easiest way is to just change your local domain ext.

[thom-nic]

the easiest way is to just change your local domain ext

I feel like I'm taking crazy pills because I keep saying this has nothing to do with .dev/ HSTS and then another person comments saying essentially "it doesn't work with .dev because HSTS."

So I did another sanity check. In one terminal:

$ sudo puma-dev -dir /Users/thom/.puma-dev --http-port 80 --https-port 443 -d test:localhost -timeout 15m0s
* Directory for apps: /Users/thom/.puma-dev
* Domains: test, localhost
* DNS Server port: 9253
* HTTP Server port: 80
* HTTPS Server port: 443
! Puma dev listening on http and https

Another terminal, note use of .test domain:

$ cat /etc/resolver/test 
# Generated by puma-dev
nameserver 127.0.0.1
port 9253

$ echo 8080 > ~/.puma-dev/foo

$ dig @127.0.0.1 -p 9253 foo.test           

; <<>> DiG 9.9.7-P3 <<>> @127.0.0.1 -p 9253 foo.test
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6863
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;foo.test.			IN	A

;; ANSWER SECTION:
foo.test.		0	IN	A	127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#9253(127.0.0.1)
;; WHEN: Thu Dec 21 15:30:46 EST 2017
;; MSG SIZE  rcvd: 50

$ curl -vk https://foo.test
* Rebuilt URL to: https://foo.test/
*   Trying 127.0.0.1...
*
* < snip TLS debug output ... >
* 
* Using Stream ID: 1 (easy handle 0x7fd521004600)
> GET / HTTP/2
> Host: foo.test
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/2 500 
< content-type: text/plain; charset=utf-8
< content-length: 0
< date: Thu, 21 Dec 2017 20:31:01 GMT
< 
* Connection #0 to host foo.test left intact

$ curl -v http://foo.test 
* Rebuilt URL to: http://foo.test/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connection failed
* connect to 127.0.0.1 port 80 failed: Connection refused
* Failed to connect to foo.test port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to foo.test port 80: Connection refused

I'm 99.9999999998% sure this has nothing to do with HSTS.

[thom-nic]

Ok so here's something: https://superuser.com/a/598287/220180

launchd listens on port 80, as evidenced by:

$ sudo lsof -i ':80'
Password:
COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
launchd     1 root   37u  IPv4 0x32e36f5b72225a51      0t0  TCP *:http (LISTEN)
puma-dev 2703 thom    6u  IPv4 0x32e36f5b72225a51      0t0  TCP *:http (LISTEN)

And puma-dev is designed to have port 80 "handed off" from launchd a la xinetd. However unlike in the SO thread, I'm not and have never run apache httpd on this machine.

It got me thinking, pow does not work via launchd and I think uses some firewall rules instead. As a last ditch, I made sure any trace of pow was removed from my system. ref: http://get.pow.cx/uninstall.sh

launchctl unload ~/Library/LaunchAgents/cx.pow.powd.plist 
rm -f ~/Library/LaunchAgents/cx.pow.powd.plist 
sudo pfctl -a "com.apple/250.PowFirewall" -F all
sudo launchctl unload /Library/LaunchDaemons/cx.pow.firewall.plist
sudo rm /Library/LaunchDaemons/cx.pow.firewall.plist

When I ran pfctl flush the last line of output was pfctl: Anchor or Ruleset does not exist. so I'm not sure that did anything pertinent. However at the moment I seem to now be able to curl http://foo.test with success!

@bpollack @bullfight since you sound like you're actually experiencing the same problem I was, suggest investigating whether any trace of pow remains on affected machine(s).

[elliottmason]

This might be related to #66 ? I remember having to run sudo pfctl -F all after every reboot before puma-dev would work.

[bullfight]

@thom-nic I did previously have pow installed and I think that may have been the source of my problems

After running your suggested code to remove pow

• removing the resolvers with rm -rf /etc/resover
• running sudo pfctl -F all
• uninstalling puma-dev with puma-dev -uninstall
• Re-setting up puma-dev sudo puma-dev -setup
• And then running puma-dev -install -d test

I was able to get puma dev to start working on port 80.

[dmc2015]

@thom-nic
I recently switched to High Sierra, it seems like something changed in the way they manage localhosts in the /etc/hosts (localhost is aliased in /etc/hosts~orig now) when the OS is first installed. Not sure if it is related to your issue but the errors seem related, I am just not using puma.

If puma uses eventmachine also this could help.

eventmachine/eventmachine#826

[sodabrew]

@dmc2015 Interesting thought on whether the change in localhost might be related. But re EventMachine, this project is written in Go - regular Puma is written in Ruby but has its own I/O event reactor, too.

[goofansu]

The same in 10.13.3. Just upgraded to 10.13.4 and the problem is gone

[dbourguignon]

Works now flawlessly on OS X 10.13.4

[mrsweaters]

Does not work on a new computer with OS X 10.13.4 for me.

[mrsweaters]

I tried everything to get this to work that I could find discussing this issue. No matter what I did I could not get puma-dev to listen on port 80. I did manage to get pow working with .test. I guess I'll have to use that for now.

[dmc2015]

@mrsweaters what is in your /etc/hosts file ? what error do you get ?

[mrsweaters]

/etc/hosts:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost

Something I tried returned a Connection Refused. Which is strange because I don't appear to have anything currently listening on port 80. No output from sudo lsof -i ':80'.

Also the launch process refuses to run on the new computer. This was very different on a computer that I had upgraded from Sierra to High Sierra that previously had .pow installed. That computer worked great. I'm not sure what is different here.

[bjensen]

I also have this exact issue. @thom-nic did you manage to get it working?

[thom-nic]

@bjensen yes, after going through the pow uninstall as I mentioned in my last comment, puma-dev seems happy now.

[evanphx]

Hi folks, be sure that pow is fully uninstalled. I'm going to see if there is a way to detect and report on this issue when -install is called.

[bjensen]

+1 on reopen. I uninstalled pow ages ago and have just accepted that puma-dev is broken 👎

On Tue, 21 Aug 2018 at 06.41, Evan Phoenix ***@***.***> wrote: Hi folks, be sure that pow is fully uninstalled. I'm going to see if there is a way to detect and report on this issue when -install is called. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#138 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AADSaQdk6QHk9RVdoZsIwozgZta0X93Cks5uS49qgaJpZM4QsEgn> .

-- Mvh Brian Jensen Nordplaner +45 607 12000 brianj@itnord.net

[nodatall]

The solution @bullfight shared worked for me!

[bjensen]

Yes @bullfight's solution works for me as well, but then after maybe 30 minutes I stuck with the same error again....

[bjensen]

Um why do you not get a permission error like me when trying to install without sudo?

➜  frontend git:(imp) ✗ puma-dev  -d dev:test:localhost
* Directory for apps: /Users/brianj/.puma-dev
* Domains: dev, test, localhost
* DNS Server port: 9253
* HTTP Server port: 9280
* HTTPS Server port: 9283
! Puma dev listening on http and https
2018/10/26 10:08:32 Error listening: listen tcp 127.0.0.1:9280: bind: operation not permitted
➜  frontend git:(imp) ✗

[nonrational]

See accepted answer for cleaning up old pow installations.

As pow's been deco'd for some time now, closing this issue.

[Daud112]

Why puma-dev permission denied?

Command: puma-dev -dir /home/teknuk/.puma-dev --http-port 80 --https-port 443 -d test:localhost -timeout 15m0s

2022/06/21 12:15:59 Existing valid puma-dev CA keypair found. Assuming previously trusted.
Directory for apps: /home/teknuk/.puma-dev
Domains: test, localhost
HTTP Server port: 80
HTTPS Server port: 443
! Puma dev listening on http and https
2022/06/21 12:15:59 Error listening: listen tcp :80: bind: permission denied

[Daud112]

Why Connect Reset by peer occur?

Command: puma-dev -dir /home/teknuk/.puma-dev

Error in terminal when refresh page: httputil: ReverseProxy read error during body copy: read tcp 127.0.0.1:49530->127.0.0.1:9283: read: connection reset by peer