How is caddy able to bind to port 80 and 443 on MacOS without root?

I’ve recently started using Caddy for development purposes on MacOS.

What an amazing piece of software! It just works!
I even installed the local certficate and then localhost automatically redirects and uses https for all the traffic.

One thing I don’t understand is, how is Caddy able to work on port 80 and 443 on MacOS without root. I’m not running it as root. When I try to run another http process on port 80 I get the expected permission denied.

Can someone explain this magic to me?

Aparently since MacOS Mojave unprivileged processes are allowed to bind privileged ports (making them not privileged anymore).

The reason my other process still got a permission denied error was because this only works when binding to 0.0.0.0 and in my other process I tried to bind to 127.0.0.1, hence still getting the error.

Mystery solved!

This topic was automatically closed after 30 days. New replies are no longer allowed.