added "CAP_NET_BIND_SERVICE" to debian service to allow low range ports for non root user "www-data"

This commit is contained in:
Oscar Krause 2022-12-27 18:51:20 +01:00
parent cefee22202
commit 11a2c1d129

View File

@ -102,9 +102,6 @@ volumes:
Tested on `Debian 11 (bullseye)`, Ubuntu may also work. Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
**We are running on port `9443` because we are running service as `www-data`-user and non-root users are not allowed to
use ports below 1024!**
**Install requirements** **Install requirements**
```shell ```shell
@ -153,7 +150,7 @@ su - www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fast
```shell ```shell
cat <<EOF > /etc/fastapi-dls.env cat <<EOF > /etc/fastapi-dls.env
DLS_URL=127.0.0.1 DLS_URL=127.0.0.1
DLS_PORT=9443 DLS_PORT=443
LEASE_EXPIRE_DAYS=90 LEASE_EXPIRE_DAYS=90
DATABASE=sqlite:////opt/fastapi-dls/app/db.sqlite DATABASE=sqlite:////opt/fastapi-dls/app/db.sqlite
@ -171,6 +168,7 @@ After=network.target
[Service] [Service]
User=www-data User=www-data
Group=www-data Group=www-data
AmbientCapabilities=CAP_NET_BIND_SERVICE
WorkingDirectory=/opt/fastapi-dls/app WorkingDirectory=/opt/fastapi-dls/app
EnvironmentFile=/etc/fastapi-dls.env EnvironmentFile=/etc/fastapi-dls.env
ExecStart=/opt/fastapi-dls/venv/bin/uvicorn main:app \ ExecStart=/opt/fastapi-dls/venv/bin/uvicorn main:app \