I want to use gitea via docker, but don't want to set up a reverse proxy as it is a minimal setup.
To enable the default, non-root user git in the gitea:latest docker-image to bind to port 80 and 443, followed the idea of this answer and created by own gitea image using the following Dockerfile:
FROM docker.io/gitea/gitea:latest
RUN setcap cap_net_bind_service=+ep /usr/local/bin/gitea
RUN setcap cap_net_bind_service=+ep /app/gitea/gitea
I verified that the executable are having the capabilities.
bash-5.1# getcap /usr/local/bin/gitea
/usr/local/bin/gitea cap_net_bind_service=ep
bash-5.1# getcap /app/gitea/gitea
/app/gitea/gitea cap_net_bind_service=ep
But during container startup, I still get the following message:
2022/11/05 11:19:39 cmd/web.go:220:listen() [I] [636646cb-48] Listen: https://0.0.0.0:443
2022/11/05 11:19:39 cmd/web.go:224:listen() [I] [636646cb-48] AppURL(ROOT_URL): https://gitea.localdomain:443/
2022/11/05 11:19:39 cmd/web.go:227:listen() [I] [636646cb-48] LFS server enabled
2022/11/05 11:19:39 cmd/web.go:69:runHTTPRedirector() [I] [636646cb-49] Redirecting: 0.0.0.0:80 to https://gitea.localdomain:443
2022/11/05 11:19:39 ...s/graceful/server.go:62:NewServer() [I] [636646cb-49] Starting new HTTP Redirector server: tcp:0.0.0.0:80 on PID: 10
2022/11/05 11:19:39 ...s/graceful/server.go:62:NewServer() [I] [636646cb-48] Starting new Web server: tcp:0.0.0.0:443 on PID: 10
2022/11/05 11:19:39 ...s/graceful/server.go:88:ListenAndServe() [E] [636646cb-49] Unable to GetListener: listen tcp 0.0.0.0:80: bind: permission denied
2022/11/05 11:19:39 cmd/web.go:81:runHTTPRedirector() [F] [636646cb-49] Failed to start port redirection: listen tcp 0.0.0.0:80: bind: permission denied
Starting gitea with the same configuration but using ports above 1024 works without any problems.
I'm using Fedora 36 server for the deployment. Could it be an issue with SELinux?
Thanks!
