Is there a way to make all https connections happen on a high numbered port?

I’m trying to get caddy to work in a userspace docker container (I have other containers which I’d prefer to keep well isolated), so I can’t set_cap, as docker build is run as a userspace user, and doesn’t have permissions for that.

So I start caddy like this in Docker:

/usr/local/bin/caddy -agree -email email@example.com -ca https://acme-staging-v02.api.letsencrypt.org/directory -conf /etc/Caddyfile -http-port 8080 -https-port 4433

And Docker maps port 8080 to 80, and 4433 to 443.

The thing is, it activates privacy features (meaning, that letsencrypt can access my server at port 80). The issue is that right afterwards it says:

listen tcp :443: bind: permission denied

Of course it doesn’t work. It’s run as a regular user! But I just set -https-port to 4433, not 443. Is there a way to get this to work (to get caddy to use 4433 as the secure port)?

Does it say that after starting up and serving sites? Does the server still function normally after this message?

I wonder if Caddy’s trying to start a listener after the fact as an implementation of the TLS-ALPN solver. Off the top of my head, unless you’ve written :443 somewhere in your Caddyfile, setting the -https-port shouldn’t result in Caddy trying to bind the default port at all.

:man_facepalming:

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.