CentOS comes with systemd version 219, which does not support the
AmbientCapabilities=CAP_NET_BIND_SERVICE option. As a result, I must use setcap to allow binding to port 80.
The problem is that after an upgrade of the caddy package the option set by setcap is removed, as a new binary is installed. When systemd tries to restart Caddy it fails.
This is particularly annoying since I’m using a cron job to upgrade the system automatically, so my websites go offline and I don’t even know it.
I guess I’ll have to disable the automatic system upgrades or at least set up a systemd service which sends me an email when the service fails to restart.
But I wonder if there’s a better solution.
Upgrading systemd is not an option. I’ll have to wait for CentOS 8 release…
Thanks in advance for any hint