I’m not sure what you’re saying; because setcap doesn’t open ports. It only sets file permissions. There must be another command you’re running to use up those ports.
Ah, so Caddy is listening on ports 80 and 443? In those commands you gave above, though, Caddy isn’t executed at all. That’s why I was confused.
You can change the HTTP port to something else by setting -http-port CLI option, but beware this will break the http ACME challenge (unless you know what you’re doing, like forwarding the port). But currently with automatic HTTPS, there has to be a redirect from HTTP to HTTPS, because browsers still request HTTP by default when no scheme is present.
were completely ignored during installation? I didn’t try yet, please advise.
In other words, the question might be, what and where exactly instructions to caddy to listen to specific ports?
I think it is only caddyfile, In my case all import nodes instructions are in the form https://sub.domain.com
On other note, I think no impact on ACME connections as at my side port 80 already blocked by ISP and yet I’m using ACME certificates and renewal normally with no issue.
I don’t think this can be used to disable the HTTP port, only to change it to something else.
If you did not run this command, Caddy would be unable to bind to privileged ports (any port below 1024). setcap is not going to help you change which ports Caddy listens on.
If you’re serving sites without Automatic HTTPS, Caddy will only bind to the ports you’ve nominated in your Caddyfile, or the default (:2015), but Caddy won’t manage your certificates for you.
If you want Caddy to manage your certificates, you need to either:
Let Caddy bind to :80 and :443, or;
Use the DNS challenge
If you can’t use the DNS challenge, and you want Caddy not to bind :80, but you want to serve HTTPS on port :443, you will need to provide your own valid certificate: