Allow rootless Podman to bind ports 80 and 443
Rootless processes cannot bind privileged ports (<1024) by default. Lower net.ipv4.ip_unprivileged_port_start to 80 at startup, and persist it to /etc/sysctl.conf so the setting survives reboots. https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
This commit is contained in:
Claude
parent
d2cba788ab
commit
dae5fd3b53
1 changed files with 9 additions and 0 deletions
|
|
@ -59,6 +59,15 @@ EOF
|
||||||
|
|
||||||
echo "[hiy] Generated proxy/caddy.json for ${DOMAIN_SUFFIX}"
|
echo "[hiy] Generated proxy/caddy.json for ${DOMAIN_SUFFIX}"
|
||||||
|
|
||||||
|
# ── Allow rootless processes to bind ports 80/443 ─────────────────────────────
|
||||||
|
# Rootless Podman cannot bind privileged ports (<1024) by default.
|
||||||
|
# Lower the threshold to 80 for this boot, and persist it across reboots.
|
||||||
|
if [ "$(sysctl -n net.ipv4.ip_unprivileged_port_start)" -gt 80 ]; then
|
||||||
|
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80
|
||||||
|
grep -qxF 'net.ipv4.ip_unprivileged_port_start=80' /etc/sysctl.conf 2>/dev/null \
|
||||||
|
|| echo 'net.ipv4.ip_unprivileged_port_start=80' | sudo tee -a /etc/sysctl.conf > /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
# ── Ensure Podman socket is active ────────────────────────────────────────────
|
# ── Ensure Podman socket is active ────────────────────────────────────────────
|
||||||
# Podman rootless resets XDG_RUNTIME_DIR to /run/user/<uid> if that directory
|
# Podman rootless resets XDG_RUNTIME_DIR to /run/user/<uid> if that directory
|
||||||
# exists (regardless of what the caller set). So we must ensure that directory
|
# exists (regardless of what the caller set). So we must ensure that directory
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue