Launch Grafana On Port 443
If you just run grafana on 443, you can immediately catch the error Fail to start server. error: listen tcp 0.0.0.0:443: bind: permission denied
.
This is due to the OS security system.
This “misunderstanding” can be corrected in two ways - “with a crutch” and “correctly”.
The crutch method is to give the file the appropriate privileges:
setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server
BUT, this is temporary, until the next update…
The correct method is to edit systemd
. Well, how to “edit”…. redefine (redefine)…
Click systemctl edit grafana-server
and enter the following into the editor:
[Service]
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
After which systemd
will create the file /etc/systemd/system/grafana-server.service.d/override.conf
with the required config.
In this case, you don’t even need to reload systemd
- just restart Grafana:
systemctl restart grafana-server.service