mirror of
https://github.com/grafana/grafana.git
synced 2024-12-30 10:47:30 -06:00
0d6e911fff
This doc fragment is included on multiple pages including this one: https://grafana.com/docs/grafana/latest/setup-grafana/installation/debian/ the only flaw is it's missing "sudo". Modern linux practice suggests using sudo for all administrative edits like this, and this change reinforces parallel structure in the target docs page. There may potentially be some other context this fragment is used in where sudo isn't appropriate, but this makes it easier to copy/paste the command and have it work on modern linuxes.
32 lines
1.0 KiB
Markdown
32 lines
1.0 KiB
Markdown
---
|
|
labels:
|
|
products:
|
|
- enterprise
|
|
- oss
|
|
title: Serving Grafana on a port < 1024
|
|
---
|
|
|
|
If you are using `systemd` and want to start Grafana on a port that is lower than 1024, you must add a `systemd` unit override.
|
|
|
|
1. Run the following command to create an override file in your configured editor.
|
|
|
|
```bash
|
|
# Alternatively, create a file in /etc/systemd/system/grafana-server.service.d/override.conf
|
|
sudo systemctl edit grafana-server.service
|
|
```
|
|
|
|
1. Add the following additional settings to grant the `CAP_NET_BIND_SERVICE` capability.
|
|
|
|
To learn more about capabilities, refer to [capabilities(7) — Linux manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html).
|
|
|
|
```
|
|
[Service]
|
|
# Give the CAP_NET_BIND_SERVICE capability
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
# A private user cannot have process capabilities on the host's user
|
|
# namespace and thus CAP_NET_BIND_SERVICE has no effect.
|
|
PrivateUsers=false
|
|
```
|