Using port 80 as non root user #943
Comments
|
While there's no callback for "post binding" in cohttp, you can avoid launching the binary as root on Linux by running: This will then allow it to bind to a low port as a non privileged user. |
|
Thank you Anil for the idea! |
balat
added a commit
to ocsigen/ocsigenserver
that referenced
this issue
Apr 26, 2024
This feature is not supported by cohttp. In mirage/ocaml-cohttp#943, Anil suggest to do that instead: setcap 'cap_net_bind_service=+ep' <binary file> to bind a low port to a non-priviledged user I keep OCSIGENUSER in Makefile for install
balat
added a commit
to ocsigen/ocsigenserver
that referenced
this issue
Apr 26, 2024
This feature is not supported by cohttp. In mirage/ocaml-cohttp#943, Anil suggest to do that instead: setcap 'cap_net_bind_service=+ep' <binary file> to bind a low port to a non-priviledged user I keep OCSIGENUSER in Makefile for install
balat
added a commit
to ocsigen/ocsigenserver
that referenced
this issue
Apr 26, 2024
This feature is not supported by cohttp. In mirage/ocaml-cohttp#943, Anil suggest to do that instead: setcap 'cap_net_bind_service=+ep' <binary file> to bind a low port to a non-priviledged user I keep OCSIGENUSER in Makefile for install
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
Ocsigen Server switched to cohttp recently. But there is still a regression:
For security reasons, we don't want to run the server as root user.
To bind port 80 or 443, the server needs to be launched as root, and we switch to another user after binding the ports.
But I don't see a way in cohttp to be alerted just after bind/listen (or to provide a callback to be executed at that moment).
This issue has been discussed here: https://discuss.ocaml.org/t/eliom-runtime-errors-zero-compile-time-errors/10537/14
Thanks by advance!
Vincent
The text was updated successfully, but these errors were encountered: