Why sudo?
Why dynamoip requires sudo and how to avoid it.
Pro and Quick modes need sudo. Max mode does not. Pro and Quick bind to ports 80 and 443 — Unix kernels restrict ports below 1024 to root. Max mode only makes outbound connections through cloudflared, so no privileged ports and no sudo are required.
Don't run Max mode with sudo. Doing so writes tunnel credentials to
~/.localmap/tunnels/as root-owned files, which then force sudo on every later run. Run Max mode as your normal user.
For Pro and Quick modes: when you try to listen() on port 443 or 80 without root, the OS returns EACCES. The proxy handles this explicitly:
if (err.code === 'EACCES') {
console.error(`Permission denied on port ${proxyPort}.`);
console.error(`Run with sudo, or set a higher port in your config.`);
}Avoiding sudo
Pass --port 8443 (or any port above 1024) — your URLs will include the port number (e.g. https://app.local:8443).
Quick mode: a second reason
In Quick mode, mkcert -install installs a local CA into the system keychain. dynamoip handles this by re-running mkcert as the original user (via SUDO_USER) so the CA ends up in your browser-trusted keychain, not root's.
Always invoke through your package manager
Never run sudo dynamoip directly. sudo's restricted PATH won't find the binary. For Pro and Quick modes, always use:
sudo npm run dev:proxy
sudo pnpm run dev:proxyFor Max mode, run without sudo:
npm run dev:proxy