国内服务器很久没更新 web server 软件版本,刚刚从 github 下载最近的 caddy server 预编译二进制包替换掉旧的版本,但发现启动失败。本以为是 systemd 文件问题,替换了最新的也无济于事。

查看 systemd 日志,发现错误 listen tcp :443: bind: permission denied,找到如下解决方案。

解决方案

编辑 /etc/systemd/system/caddy.service,取消 CapabilityBoundingSet=CAP_NET_BIND_SERVICEAmbientCapabilities=CAP_NET_BIND_SERVICE 的注释。

; The following additional security directives only work with systemd v229 or later.
; They further restrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true

重载 systemd 文件

$ sudo systemd daemon-reload

重启 caddy

$ sudo systemd restart caddy.service

Reference