Hacker News new | comments | show | ask | jobs | submit login

At least with systemd caddy starts as a non-root user, if you use the provided unit-file: https://github.com/mholt/caddy/tree/master/dist/init/linux-s...



Is there something like `setcap` for macOS?

    Give the caddy binary the ability to bind to privileged ports (e.g. 80, 443) as a non-root user:

        sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy


There isn't. There's a port of authbind, but I don't think anyone was able to get it working with caddy. The only solution I've heard of working is using the pf firewall to port forward, for example, 8080 to 80. Like this: https://salferrarello.com/mac-pfctl-port-forwarding/


Better systemd integration would use the LISTEN_FDS mechanism, letting the service management subsystem open the privileged-access listening socket as instructed by a socket unit.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: