grafana/bind-net-capabilities.md at f9df1f3051b85c6e575a9e28db17e159e743098c

mirror of https://github.com/grafana/grafana.git synced 2025-07-28 19:52:27 +08:00

Files

Christopher Moyer 13af5afaf3 docs: Updates installation instruction for Debian/Ubuntu (#64232 )

* draft changes

* Apply suggestions from code review

Co-authored-by: Dan Cech <dcech@grafana.com>

* reworks debian/ubuntu instructions, updates start server topic

* Apply suggestions from code review

Co-authored-by: Dan Cech <dcech@grafana.com>

* incorporates feedback; restructures to align with writers toolkit guidelines

* Apply suggestions from code review

Co-authored-by: Dan Cech <dcech@grafana.com>

* tweaks structure of server topic; renames directory, corrects relrefs

* corrects spelling

* Apply suggestions from code review

Co-authored-by: Dan Cech <dcech@grafana.com>

* removed web parameter

* removes unnecessary word

* incorporates feedback from internal reviewer

* updates alias

* updates alias

* adjust alias

---------

Co-authored-by: Dan Cech <dcech@grafana.com>

2023-03-22 12:41:17 -05:00

973 B

Raw Blame History

title
Serving Grafana on a port < 1024

If you are using systemd and want to start Grafana on a port that is lower than 1024, you must add a systemd unit override.

Run the following command to create an override file in your configured editor.

# Alternatively, create a file in /etc/systemd/system/grafana-server.service.d/override.conf
systemctl edit grafana-server.service

Add the following additional settings to grant the CAP_NET_BIND_SERVICE capability.

To learn more about capabilities, refer to capabilities(7) — Linux manual page.

[Service]
# Give the CAP_NET_BIND_SERVICE capability
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

# A private user cannot have process capabilities on the host's user
# namespace and thus CAP_NET_BIND_SERVICE has no effect.
PrivateUsers=false

973 B Raw Blame History

973 B

Raw Blame History