Hi! I have installed Vault on OpenBSD 7.1 using pkg_add vault
. I’d like to have it bind to the standard HTTPS port 443 (so I can do https://vault.example.com), and I have the following config that does this:
log_level = "Info"
plugin_directory = "/var/vault/plugins/"
ui = "true"
disable_mlock = "true"
listener "tcp" {
address = "1.2.3.4:443"
tls_cert_file = "/etc/ssl/server/cert.pem"
tls_key_file = "/etc/ssl/server/cert.key"
}
storage "file" {
path = "/var/vault/storage/"
}
However that requires running Vault as root so that it has permission to bind to that port, which isn’t something that I’d like to do. Somebody here made a comment
The other daemons launch as root not to read certificates but to bind to privileged ports, which Vault doesn’t do
which I’m assuming means it isn’t normal to set the port of the listener in the config to 443. Is there a way this is normally achieved in a production environment, or is it more normal to just let it run over a non-standard port? This is for personal use, if it matters.