Binding to ports lower than 1024 in Linux

2024-09-01

In all linux systems, you need to be root to bind to ports lower than 1024.

Here are a couple of ways you could handle this:

1. cap_net_bind_service capability

You can grant your application the cap_net_bind_service capability.

For this to work, the filesystem on which the executable resides needs to support capabilities.

setcap 'cap_net_bind_service=+eip' /path/to/executable

2. Systemd service

You can also launch the process as a systemd service with AmbientCapabilities .

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE

3. Port forwarding

You can start your application in a higher port.

Then setup firewall rules to forward traffic from the lower port to the higher port.

firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443

Use --permanent flag for persistence.