Port 443 doesn't work (i.e. https://local.example.com/ does not work)

[gaberogan]

Describe the bug

With port: 443 in the Vite config, The vite command errors with EACCES: permission denied 127.0.0.1:443. This means we're forced to use an explicit port such as 5173. Oddly when using http-server there is no such issue. This means https://local.example.com/ does not work.

Reproduction

N/A only reproduces locally

Steps to reproduce

Run yarn create vite

Run

brew install mkcert
mkcert -install
mkcert local.example.com # run from the project folder

Change the config to:

import fs from 'fs'
import { defineConfig } from 'vite'
export default defineConfig({
  server: {
    host: 'local.example.com',
    port: 443,
    https: {
      key: fs.readFileSync('./local.example.com-key.pem'),
      cert: fs.readFileSync('./local.example.com.pem'),
    },
  },
})

Run yarn start

System Info

System:
    OS: macOS 12.6
    CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
    Memory: 6.31 GB / 32.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 16.13.2 - ~/.nvm/versions/node/v16.13.2/bin/node
    Yarn: 1.22.15 - ~/.nvm/versions/node/v16.13.2/bin/yarn
    npm: 8.5.5 - ~/.nvm/versions/node/v16.13.2/bin/npm
    Watchman: 2022.03.14.00 - /usr/local/bin/watchman
  Browsers:
    Chrome: 108.0.5359.98
    Safari: 15.6.1
  npmPackages:
    vite: ^4.0.0 => 4.0.0

Used Package Manager

yarn

Logs

error when starting dev server:
Error: listen EACCES: permission denied 127.0.0.1:443
    at Http2SecureServer.setupListenHandle [as _listen2] (node:net:1317:21)
    at listenInCluster (node:net:1382:12)
    at GetAddrInfoReqWrap.doListen [as callback] (node:net:1520:7)
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:73:8)

Validations

• Follow our Code of Conduct
• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a Vite issue and not a framework-specific issue. For example, if it's a Vue SFC related bug, it should likely be reported to vuejs/core instead.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
• The provided reproduction is a minimal reproducible example of the bug.

[sapphi-red]

@gaberogan

Oddly when using http-server there is no such issue.

Would you write the actual command?
Does npx http-server -a local.example.com -p 443 --tls work?

[gaberogan]

That command looks for cert.pem, but it actually reproduces the error as well once I specify the certs:

npx http-server -a local.example.com -p 443 --tls -C local.example.com.pem -K local.example.com-key.pem

I get EACCES: permission denied 127.0.0.1:443

But this is the command that does work:

npx http-server . -S -C local.example.com.pem -K local.example.com-key.pem -p 443

The root cause seems to have something to do with the difference between those two commands.

[gaberogan]

It seems to be the -a or host flag. Perhaps I am missing something but what does it mean to listen on an IP other than 127.0.0.1?
https://www.w3schools.com/nodejs/met_server_listen.asp

[sapphi-red]

When -a is not set, Node.js listens to 0.0.0.0.

If you change, server.host to true, I guess it works without the permission denied error.
Closing as it's not a bug.

Showing the domain host in output when host: true + https is tracked in #8200.

[gaberogan]

Thanks! This works:

import fs from 'fs'
import { defineConfig } from 'vite'
export default defineConfig({
  server: {
    host: '0.0.0.0', // or true
    port: 443,
    https: {
      key: fs.readFileSync('./local.example.com-key.pem'),
      cert: fs.readFileSync('./local.example.com.pem'),
    },
  },
})

I would still like to understand why vite defaults to localhost, as this issue's solution is not very intuitive. Is it a security thing (link for anyone reading to understand the difference)? I think it's worth considering why Node.js http-server defaults to 0.0.0.0 and asking why Vite thinks localhost/127.0.0.1 is better. @sapphi-red

[sapphi-red]

Vite does behave the same with Node.js and http-server. As you see http-server errors with -a option.

About host defaulting to localhost instead of 0.0.0.0, which is not related to this issue, it is a security thing.

When you pass -a local.example.com, Node.js listens to 127.0.0.1 because DNS resolves local.example.com to 127.0.0.1.