AnthonyDuan/taiko-web-without-tjaf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(setup): 使用 systemd AmbientCapabilities 授权绑定 80,移除 setcap 需求

Browse Source
This commit is contained in:
AnthonyDuan
2025-11-22 21:56:23 +08:00
parent c40b0ed998
commit c8837f07d6
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
setup.sh
View File

@@ -70,9 +70,6 @@ fi
chown -R www-data:www-data /srv/taiko-web chown -R www-data:www-data /srv/taiko-web
echo "为 Python 进程授予 80 端口绑定权限..."
setcap 'cap_net_bind_service=+ep' /srv/taiko-web/.venv/bin/python3 || true
echo "创建 systemd 服务..." echo "创建 systemd 服务..."
cat >/etc/systemd/system/taiko-web.service <<'EOF' cat >/etc/systemd/system/taiko-web.service <<'EOF'
[Unit] [Unit]
@@ -87,6 +84,8 @@ ExecStart=/srv/taiko-web/.venv/bin/gunicorn -b 0.0.0.0:80 app:app
Restart=always Restart=always
User=www-data User=www-data
Group=www-data Group=www-data
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target