:orphan: Running on Privileged Ports =========================== For production, you might want to: - make Crossbar.io listen on ports 80/443, which are the standard ports for both HTTP(S) and (secure) WebSocket - run Crossbar.io under a dedicated non-root service user However, Unix-like operating system by default do not allow programs that run non-root to listen on TCP/IP ports <1024. There are different ways of achieving above, and those ways depend on the OS flavor you use (Linux, FreeBSD, etc). Linux ----- Here we describe one way that works using `Linux Capabilities `__ on kernels >= 2.6.24. Install ``libcap2``: :: sudo apt-get install libcap2-bin Now allow the Crossbar.io and PyPy executables to bind privileged ports: :: sudo setcap cap_net_bind_service=+ep `which crossbar` sudo setcap cap_net_bind_service=+ep `which pypy` Note that with above, any user on the host that is able to execute PyPy (or Crossbar) will be able to bind privileged ports *with any Python script*. If the host is used by others as well, you might want to restrict *execution permissions* on the binaries again. Also note that using capabilities will disable searching directories for shared libraries from ``LD_LIBRARY_PATH``. See `here `__ FreeBSD ------- On FreeBSD, the range of privileged ports which only may be opened by root-owned processes may be modified by the ``net.inet.ip.portrange.reservedlow`` and ``net.inet.ip.portrange.reservedhigh`` **sysctl** settings. The values default to the traditional range, ``0`` through ``IPPORT_RESERVED - 1`` (``0`` through ``1023``), respectively. To temporarily allow non-root process to bind ports <1024: :: sysctl net.inet.ip.portrange.reservedhigh=0 To make that setting persist reboots: :: echo "net.inet.ip.portrange.reservedhigh=0" >> /etc/sysctl.conf