dynamoip

Why sudo?

Why dynamoip requires sudo and how to avoid it.

Max mode does not require sudo. "tunnel": true in your config creates an outbound Cloudflare Tunnel — no ports 80/443 binding, no root required. Run npm run dev:proxy directly.

The rest of this page applies to Pro mode and Quick mode.

The short answer: dynamoip binds to ports 80 and 443 by default in Pro and Quick modes, and Unix kernels restrict binding to ports below 1024 to root only.

When you try to listen() on port 443 or 80 without root, the OS returns EACCES. The proxy handles this explicitly:

if (err.code === 'EACCES') {
  console.error(`Permission denied on port ${proxyPort}.`);
  console.error(`Run with sudo, or set a higher port in your config.`);
}

Avoiding sudo

Pass --port 8443 (or any port above 1024) — your URLs will include the port number (e.g. https://app.local:8443).

Quick mode: a second reason

In Quick mode, mkcert -install installs a local CA into the system keychain. dynamoip handles this by re-running mkcert as the original user (via SUDO_USER) so the CA ends up in your browser-trusted keychain, not root's.

Always invoke through your package manager

Never run sudo dynamoip directly. sudo's restricted PATH won't find the binary. Always use:

sudo npm run dev:proxy
sudo pnpm run dev:proxy

Running in Docker

How to run dynamoip inside a Docker container, including platform-specific LAN IP handling.

For AI / LLMs

Instructions for AI assistants and LLMs on how to use dynamoip correctly and what mistakes to avoid.

On this page

Avoiding sudoQuick mode: a second reasonAlways invoke through your package manager