Hacker News new | comments | show | ask | jobs | submit login

Random question: is there a way to start Caddy as root so it can bind to port 80 (for example) then change the user so a non-root user can send a `USR1` signal to Caddy to get it to reload the configuration?

At least with systemd caddy starts as a non-root user, if you use the provided unit-file: https://github.com/mholt/caddy/tree/master/dist/init/linux-s...

Is there something like `setcap` for macOS?

    Give the caddy binary the ability to bind to privileged ports (e.g. 80, 443) as a non-root user:

        sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

There isn't. There's a port of authbind, but I don't think anyone was able to get it working with caddy. The only solution I've heard of working is using the pf firewall to port forward, for example, 8080 to 80. Like this: https://salferrarello.com/mac-pfctl-port-forwarding/

Better systemd integration would use the LISTEN_FDS mechanism, letting the service management subsystem open the privileged-access listening socket as instructed by a socket unit.

Yes. From their GitHub readme:

Running as root: We advise against this. You can still listen on ports < 1024 using setcap like so: sudo setcap cap_net_bind_service=+ep ./caddy

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact