Synology Permission Issues

1. The problem I’m having:

I am trying to run Caddy (embedded within a Docker app) on my Synology device as a non-root account, however I am unable to do so. I am able to get Caddy to properly work when I use my root account. If I use a non-root account (even if it has full admin permissions) it does not work.

The Docker app within question is called Pocket ID:

I 100% understand this might be an issue with my Synology (due to how they do permissions) and NOT an issue with Caddy whatsoever but I figured I would ask. I should also reiterate that Pocket ID is currently working (so therefore Caddy is working).

2. Error messages and/or full log output:

Creating user and group...

passwd: password for pocket-id is unchanged

Changing password for pocket-id

New password: 

Starting frontend...

Starting backend...

Starting Caddy...

2025/01/12 01:08:26 GeoLite2 City database is up-to-date.

WRN | ts=1736644106.8758528 msg=failed to set GOMAXPROCS error=open /sys/fs/cgroup/cpu/cpu.cfs_quota_us: no such file or directory 

WRN | ts=1736644106.9430258 msg=failed to set GOMAXPROCS error=open /sys/fs/cgroup/cpu/cpu.cfs_quota_us: no such file or directory 

INF | ts=1736644106.9432714 msg=using config from file file=/etc/caddy/Caddyfile.trust-proxy 

INF | ts=1736644106.945159 msg=adapted config to JSON adapter=caddyfile 

INF | ts=1736644106.946377 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"] 

WRN | ts=1736644106.9467092 logger=http.auto_https msg=server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server server_name=srv0 http_port=80 

INF | ts=1736644106.9467788 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc000052280 

INF | ts=1736644106.9474592 logger=tls.cache.maintenance msg=stopped background certificate maintenance cache=0xc000052280 

Error: loading initial config: loading new config: http app module: start: listening on :80: listen tcp :80: bind: permission denied

Error: caddy process exited with error: exit status 1

Listening on 0.0.0.0:3002

3. Caddy version:

Within Pocket ID → v2.9.1

4. How I installed and ran Caddy:

I am currently running Caddy within Pocket ID via Docker Compose (that was deployed with Portainer).

a. System environment:

My Environment:

  • Portainer → 20.10.23 (API: 1.41)
  • DSM 7.2.2-72806 Update 2
  • Synology DS1621+

c. Service/unit/compose file:

services:
  pocket-id:
    image: stonith404/pocket-id  # or ghcr.io/stonith404/pocket-id
    restart: unless-stopped
    env_file:
      - stack.env
    ports:
      - 3002:80
    volumes:
      - "/volume1/docker/storage/pocket-id/data:/app/backend/data"
    # Optional healthcheck  
    healthcheck:
      test: "curl -f http://localhost/health"
      interval: 1m30s
      timeout: 5s
      retries: 2
      start_period: 10s

5. Links to relevant resources:

The original discussion surrounding my problem:

They’ve already given you the correct answer:

However, you need to change the internal Caddy port to something above 1024. For example, 8080 looks like a nice number.

Only root can bind to ports below 1024.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.