diff --git a/setup.sh b/setup.sh
index d464002..6a4fd28 100644
--- a/setup.sh
+++ b/setup.sh
@@ -70,9 +70,6 @@ fi
 
 chown -R www-data:www-data /srv/taiko-web
 
-echo "为 Python 进程授予 80 端口绑定权限..."
-setcap 'cap_net_bind_service=+ep' /srv/taiko-web/.venv/bin/python3 || true
-
 echo "创建 systemd 服务..."
 cat >/etc/systemd/system/taiko-web.service <<'EOF'
 [Unit]
@@ -87,6 +84,8 @@ ExecStart=/srv/taiko-web/.venv/bin/gunicorn -b 0.0.0.0:80 app:app
 Restart=always
 User=www-data
 Group=www-data
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target