Install libcap and run setcap cap_net_bind_service=+ep on caddy binary

abjugard · abjugard · commit b650917f3278 · 2023-01-27T18:35:32.000+01:00
Mitigates #104
diff --git a/2.6/alpine/Dockerfile b/2.6/alpine/Dockerfile
@@ -1,6 +1,9 @@
 FROM alpine:3.16
 
-RUN apk add --no-cache ca-certificates mailcap
+RUN apk add --no-cache \
+	ca-certificates \
+	libcap \
+	mailcap
 
 RUN set -eux; \
 	mkdir -p \
@@ -30,6 +33,7 @@ RUN set -eux; \
 	echo "$checksum  /tmp/caddy.tar.gz" | sha512sum -c; \
 	tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy; \
 	rm -f /tmp/caddy.tar.gz; \
+	setcap cap_net_bind_service=+ep /usr/bin/caddy; \
 	chmod +x /usr/bin/caddy; \
 	caddy version
 
diff --git a/Dockerfile.tmpl b/Dockerfile.tmpl
@@ -1,6 +1,9 @@
 {{ .base | strings.TrimSpace }}
 
-RUN apk add --no-cache ca-certificates mailcap
+RUN apk add --no-cache \
+	ca-certificates \
+	libcap \
+	mailcap
 
 RUN set -eux; \
 	mkdir -p \
@@ -30,6 +33,7 @@ RUN set -eux; \
 	echo "$checksum  /tmp/caddy.tar.gz" | sha512sum -c; \
 	tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy; \
 	rm -f /tmp/caddy.tar.gz; \
+	setcap cap_net_bind_service=+ep /usr/bin/caddy; \
 	chmod +x /usr/bin/caddy; \
 	caddy version
 
