Ask Your Question

switching SAIO system to SSL: cannot start proxy-server (socket-error permission denied)

asked 2012-07-05 17:06:42 -0500

kcalmond gravatar image

I have a working SAIO system configured to use regular HTTP. I need to switch it to use HTTPS.
I made changes to the config based on the guidance here: (

and further troubleshooting guidance about setting default-swift_cluster here: (


When starting the proxy server I get this traceback:

Traceback (most recent call last): File "/usr/local/bin/swift-proxy-server", line 7, in <module> execfile(__file__) File "/home/saio/swift/bin/swift-proxy-server", line 22, in <module> run_wsgi(conf_file, 'proxy-server', default_port=8080, **options) File "/home/saio/swift/swift/common/", line 128, in run_wsgi sock = get_socket(conf, default_port=kwargs.get('default_port', 8080)) File "/home/saio/swift/swift/common/", line 77, in get_socket family=address_family) File "/usr/lib/pymodules/python2.6/eventlet/", line 40, in listen sock.bind(addr) File "<string>", line 1, in bind socket.error: [Errno 13] Permission denied

WORKAROUND?... I can start the proxy server as root without any errors. But when I try this (to reset the default ADMIN_URL and then add a new admin user) I get another error:

saio@swift-saio-0:/var/run/swift$ sudo swauth-prep -K swauthkey -A Auth subsystem prep failed: 403 Forbidden

So I'm stuck mucking through a SAIO conversion from http to https. I've exhausted google on this one. Can anyone help?

P.S. To convert SAIO to https, do I need to run the resetswift script? I did not do that. (I did run remakerings successfully).

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2012-07-06 04:35:52 -0500

notmyname gravatar image

The reason you got permission denied is because you changed the bind_port to 443 (a privileged port). Either run as root to bind to 443 or change the port to something >1024 to run as non-root (eg 4430).

Note that SSL support directly in swift is for testing purposes only. It is not suitable for production use.

edit flag offensive delete link more

answered 2012-07-09 22:07:53 -0500

kcalmond gravatar image


Thanks for this pointer. I was not considering using a port other than the default 443. I've worked past this problem now.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2012-07-05 17:06:42 -0500

Seen: 273 times

Last updated: Jul 09 '12