Caddy "listen tcp :443: bind: permission denied"

Solution 1:

It's not a caddy issue, nor a user-permissions issue. Linux doesn't allow processes to listen on low-level ports by default.

To grant access:

sudo setcap CAP_NET_BIND_SERVICE=+eip $(which caddy)

source: superuser: Allow non-root process to bind to port 80 and 443?

Solution 2:

If you're running systemd v229 or later, you can do this without giving the binary capabilities intrinsically:

AmbientCapabilities=CAP_NET_BIND_SERVICE