You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Optionally you can create a systemd service and enable it. You can use the example service file ``scion-caddy.service`` in the `examples <https://github.com/scionproto-contrib/http-proxy/tree/main/_examples>`__.
49
61
50
62
- You can use the ``forward.json`` file in `examples <https://github.com/scionproto-contrib/http-proxy/blob/main/_examples/scion-caddy-forward-proxy.json>`__ folder as reference configuration file.
@@ -80,6 +92,12 @@ Then, you can follow the steps below to install the plugin:
80
92
81
93
chmod +x scion-caddy
82
94
95
+
- If you intend to configure the proxy to run on well-known ports, add network capabilities to the binary:
- Add a data directory for the plugin to store its data:
84
102
85
103
.. code-block:: bash
@@ -177,7 +195,13 @@ For more information, see the `Caddy TLS configuration <https://caddyserver.com/
177
195
Running the SCION HTTP Forward Proxy locally
178
196
--------------------------------------------
179
197
End users can run the SCION HTTP Forward Proxy locally by following the installation steps above.
180
-
To ensure interoperability with their browser navigation, the user is required to add an entry to resolve the configured name for the forward proxy to the local IP address, e.g., by adding the following line to the ``/etc/hosts`` file:
198
+
For smooth running experience, grant DAC capabilities to the binary:
199
+
200
+
.. code-block:: bash
201
+
202
+
sudo setcap cap_dac_override=+ep scion-caddy
203
+
204
+
If you do not want to grant those privileges, you can run the binary without them but you will have to manually add the following line to your ``/etc/hosts`` before running the SCION HTTP Forward Proxy:
0 commit comments