Skip to content

Instantly share code, notes, and snippets.

@totoCZ
Last active August 1, 2018 21:31
Show Gist options
  • Save totoCZ/cba23c3e0e36227d7a13e8a5d742e510 to your computer and use it in GitHub Desktop.
Save totoCZ/cba23c3e0e36227d7a13e8a5d742e510 to your computer and use it in GitHub Desktop.
caddy for SELinux
setcap cap_net_bind_service=+ep /usr/local/bin/caddy
nano /etc/systemd/system/caddy.service
semanage fcontext -a -t httpd_exec_t /usr/local/bin/caddy
restorecon /usr/local/bin/caddy
chown www-data:www-data /etc/ssl/caddy/
semanage fcontext -a -t httpd_sys_rw_content_t /etc/ssl/caddy
restorecon /etc/ssl/caddy
chown www-data:www-data /var/log/caddy/
semanage fcontext -a -t httpd_log_t "/var/log/caddy(/.*)?"
chcon system_u:object_r:httpd_log_t:s0 /var/log/caddy
semanage port -a -t http_port_t -p tcp 5033
setsebool -P httpd_can_network_connect 1
@jeanthom
Copy link

jeanthom commented Aug 1, 2018

Doing setsebool -P httpd_can_network_connect 1 was pretty helpful for fixing "permission denied" errors when connecting to Lets Encrypt.

Thank's for sharing your script 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment