If you are running systemd and linux, then you can simply add to the server unit file:
# /etc/systemd/system/http_server.service
# ...
[Service]
# ...
AmbientCapabilities=AmbientCapabilities = CAP_NET_BIND_SERVICE
And, if, in addition, you want your web server to never gain additional capabilities, you may also add:
CapabilityBoundingSet=CapabilityBoundingSet = CAP_NET_BIND_SERVICE
Read more at - the rather involved - man page, capabilities(7)
, https://man7.org/linux/man-pages/man7/capabilities.7.html, and also at https://unix.stackexchange.com/questions/580597/what-is-the-difference-between-ambientcapabilities-and-capabilityboundingset. AndAlso see systemd.exec(5)
, https://www.man7.org/linux/man-pages/man5/systemd.exec.5.html,
- the - rather involved - man page
capabilities(7)
- the Unix SE question What is the difference between AmbientCapabilities and CapabilityBoundingSet?.
systemd.exec(5)
for a description of those systemd service unit file configuration options, which define the execution environment of spawned processes.