Caddy "listen tcp :443: bind: permission denied"

Question

Caddy server would not start and displayed this error after upgrading to v0.9.3:

listen tcp :443: bind: permission denied

I was running caddy with systemd as user caddy. I checked that the binary was, in fact, owned by caddy.

score 29 · Answer 1 · edited Jun 01 '20 at 01:34

29

It's not a caddy issue, nor a user-permissions issue. Linux doesn't allow processes to listen on low-level ports by default.

To grant access:

sudo setcap CAP_NET_BIND_SERVICE=+eip $(which caddy)

edited Jun 01 '20 at 01:34

Community

answered Oct 08 '16 at 16:36

ki9

score 12 · Accepted Answer · answered Mar 05 '18 at 05:12

12

If you're running systemd v229 or later, you can do this without giving the binary capabilities intrinsically:

AmbientCapabilities=CAP_NET_BIND_SERVICE

answered Mar 05 '18 at 05:12

Dessa Simpson

The [caddy systemd example config](https://github.com/mholt/caddy/blob/master/dist/init/linux-systemd/caddy.service) also mentions using `CapabilityBoundingSet=CAP_NET_BIND_SERVICE`. – ki9 Aug 28 '18 at 19:41

2 Answers2