Unprivileged Caddy tries to listen on port 443

[Lemimouth]

Hi,

I've set up Caddy plugin and bound it to a specific interface by following the doc here : https://docs.opnsense.org/manual/how-tos/caddy.html#bind-caddy-to-interfaces. It works fine.

Now, I'm trying to run it unprivileged (https://docs.opnsense.org/manual/how-tos/caddy.html#run-caddy-process-unprivileged), but even if I change the ports to 8080 and 8443 in the Advanced Settings page, it tries to listen on port 443 when applying the change and restarting.

In the logs :

Code Select Expand

Error: loading initial config: loading new config: http app module: start: listening on 10.0.0.5:443: listen tcp 10.0.0.5:443: bind: permission denied
And in Caddy > Diagnotics > JSON Configuration, I see that it specifically tries to listen to port 443 :

Code Select Expand

{
  "apps": {
    "http": {
      "grace_period": 10000000000,
      "http_port": 8080,
      "https_port": 8443,
      "servers": {
        "srv0": {
          "automatic_https": {
            "disable": true
          },
          "listen": [
            "10.0.0.5:443"
          ],
Any idea ? Are these 2 features (binding to a specific interface and running unprivileged) imcompatible with each other ?

[Monviech (Cedrik)]

I don't know for sure. The default bind thing is not something that I test with while maintaining this plugin.

So for me it is unsupported in the scope of the os-caddy plugin.

You can try out the Caddy forum instead with your Caddyfile and ask what to do differently.

https://caddy.community/

[Lemimouth]

Thanks for your answer. I managed to get it working, I stupidely forgot that I have an other custom config file in /usr/local/etc/caddy/caddy.d, and it was listing to 443... I changed it to 8443 (same port as defined in Advanced Settings) and now everything's fine.

Sorry for this useless post !

[Monviech (Cedrik)]

Its okay Im glad you figured this out. No shame for asking something after all. :)