Skip to content

add CAP_NET_BIND_SERVICE to coder.service #2699

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 28, 2022
Merged

add CAP_NET_BIND_SERVICE to coder.service #2699

merged 3 commits into from
Jun 28, 2022

Conversation

johnstcn
Copy link
Member

Folks might want to run Coder on port 80/443; they'll need to add CAP_NET_BIND_SERVICE if they want to do that (or run as root, but this is definitely preferable).

@johnstcn johnstcn requested review from mafredri, khorne3 and bpmct June 28, 2022 10:52
@johnstcn johnstcn self-assigned this Jun 28, 2022
mafredri
mafredri approved these changes Jun 28, 2022
View reviewed changes
Copy link
Member

@mafredri mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great!

@johnstcn @mafredri
Update docs/install.md
0be2da4 
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
kylecarbs
kylecarbs reviewed Jun 28, 2022
View reviewed changes
docs/install.md Outdated
Comment on lines 44 to 54
> **Note:** If you wish to run Coder on a privileged port (lower than 1024),
> then you will need to edit `/usr/lib/systemd/system/coder.service` and
> make the following change:
>
> ```diff
> -AmbientCapabilities=CAP_IPC_LOCK
> +AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
> ```
>
> This will allow Coder to bind to ports lower than 1024.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we just change this in our systemd service? I feel like when I tried it just didn't work, but maybe I was doing something wrong.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wrong! Let's just add this to the service file so this isn't an issue anymore!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure thing! :D

@johnstcn johnstcn changed the title document adding CAP_NET_BIND_SERVICE to coder.service add CAP_NET_BIND_SERVICE to coder.service Jun 28, 2022
@johnstcn johnstcn requested a review from kylecarbs June 28, 2022 13:00
@johnstcn johnstcn merged commit 0052e6a into main Jun 28, 2022
@johnstcn johnstcn deleted the cj/docs-cap-net-bind-service branch June 28, 2022 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mafredri mafredri mafredri approved these changes

@kylecarbs kylecarbs kylecarbs approved these changes

@khorne3 khorne3 Awaiting requested review from khorne3

@bpmct bpmct Awaiting requested review from bpmct

Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnstcn @mafredri @kylecarbs