Caddy - listen tcp :443: bind: permission denied
国内服务器很久没更新 web server 软件版本,刚刚从 github 下载最近的 caddy server 预编译二进制包替换掉旧的版本,但发现启动失败。本以为是 systemd 文件问题,替换了最新的也无济于事。
查看 systemd 日志,发现错误 listen tcp :443: bind: permission denied,找到如下解决方案。
解决方案
编辑 /etc/systemd/system/caddy.service,取消 CapabilityBoundingSet=CAP_NET_BIND_SERVICE 和 AmbientCapabilities=CAP_NET_BIND_SERVICE 的注释。
; The following additional security directives only work with systemd v229 or later.
; They further restrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true
重载 systemd 文件
$ sudo systemd daemon-reload
重启 caddy
$ sudo systemd restart caddy.service