Sign in Subscribe
caddy

Caddy security recommendation

Jordan Ostreff

1 min read
Caddy security recommendation

Use security/portacl-rc to enable privileged port binding:

# portmaster security/portacl-rc
# sysrc portacl_users+=www
# sysrc portacl_user_www_tcp="http https"
# sysrc portacl_user_www_udp="https"
# service portacl enable
# service portacl start

Configure caddy to run as www:www

# sysrc caddy_user=www caddy_group=www

Note if Caddy has been started as root previously, files in
/var/log/caddy, /var/db/caddy, and /var/run/caddy may require their ownership
changing manually.

# chown -R www:www /var/log/caddy && chown -R www:www /var/db/caddy && chown -R www:www /var/run/caddy