Cannot run Caddy on Google Cloud VM

[hyperduc]

Hello, I've been following the installation guide and have been struggling to run Caddy on my VM instance.

I've configured a VM through Google Compute and have purchased a domain from Google Domains and added an A record. Confirmed that I've registered my A record correctly with a curl request:

{
  "Status":0,
  "TC":false,
  "RD":true,
  "RA":true,
  "AD":false,
  "CD":false,
  "Question":[
    {
      "name":"example.dev",
      "type":1
    }
  ],
  "Answer":[
    {
      "name":"example.dev",
      "type":1,
      "TTL":300,
      "data":"xxx.xxx.xxx.162"
    }
  ]
}

I've also created a Caddyfile:

example.dev

reverse_proxy 127.0.0.1:8080

The issue that I've been having is running Caddy, specifically in granting permissions to listen to port 443. Example output below:

caddy run --config /etc/caddy/Caddyfile
2020/11/09 20:22:33.539 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2020/11/09 20:22:33.541 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false,
"origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2020/11/09 20:22:33.541 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS    {"server_name": "srv0", "https_port": 443}
2020/11/09 20:22:33.541 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2020/11/09 20:22:33.541 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000444770"}
run: loading initial config: loading new config: http app module: start: tcp: listening on :443: listen tcp :443: bind: permission denied

Any tips would be super welcome, and thanks in advance!

[code-asher]

Ports below 1024 are privileged and require permissions. A few options: 1. Use root (for example with sudo). 2. Add the cap_net_bind_service capability. 3. Use ports higher than 1024. For 2 I think something like this should work: sudo setcap 'cap_net_bind_service=+ep' $(which caddy) I haven't tested it myself though; I pulled that from line from the v1 Caddy docs: https://github.com/caddyserver/caddy/blob/v1/dist/init/linux-systemd/README.md#instructions A better method may be to use a systemd service with the capability set. See https://github.com/caddyserver/dist/blob/master/init/caddy.service If you go the service route here's more info on that: https://caddyserver.com/docs/install#linux-service