From eb57c9456d355783e73e2e5d26cf0c0dd0192ba3 Mon Sep 17 00:00:00 2001
From: Clint Armstrong <clint@clintarmstrong.net>
Date: Fri, 15 Feb 2019 00:05:25 -0500
Subject: [PATCH] allow binding gitea to privileged port, gated behind
 environment variable

Signed-off-by: Clint Armstrong <clint@clintarmstrong.net>
---
 Dockerfile                                         | 3 ++-
 docker/etc/s6/gitea/setup                          | 1 +
 docs/content/doc/installation/with-docker.en-us.md | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 78c93edb5d0db..314a4ba281d87 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,7 +34,8 @@ RUN apk --no-cache add \
     s6 \
     sqlite \
     su-exec \
-    tzdata
+    tzdata \
+    libcap
 
 RUN addgroup \
     -S -g 1000 \
diff --git a/docker/etc/s6/gitea/setup b/docker/etc/s6/gitea/setup
index 2b0fb6c37bb36..74178b4ea15b0 100755
--- a/docker/etc/s6/gitea/setup
+++ b/docker/etc/s6/gitea/setup
@@ -44,3 +44,4 @@ if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${U
 if ! [[ $(ls -ld /app/gitea  | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea;  fi
 if ! [[ $(ls -ld /data/git   | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git;   fi
 chmod 0755 /data/gitea /app/gitea /data/git
+if [[ "${ALLOW_PRIVILEGED_PORT}" = 1 ]]; then setcap 'cap_net_bind_service=+ep' /app/gitea/gitea; fi
diff --git a/docs/content/doc/installation/with-docker.en-us.md b/docs/content/doc/installation/with-docker.en-us.md
index 08e6e7c452770..6462bfe696b50 100644
--- a/docs/content/doc/installation/with-docker.en-us.md
+++ b/docs/content/doc/installation/with-docker.en-us.md
@@ -259,6 +259,7 @@ You can configure some of Gitea's settings via environment variables:
 * `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page.
 * `USER_UID`: **1000**: The UID (Unix user ID) of the user that runs Gitea within the container. Match this to the UID of the owner of the `/data` volume if using host volumes (this is not necessary with named volumes).
 * `USER_GID`: **1000**: The GID (Unix group ID) of the user that runs Gitea within the container. Match this to the GID of the owner of the `/data` volume if using host volumes (this is not necessary with named volumes).
+* `ALLOW_PRIVILEGED_PORT`: **0**: Set to 1 to allow the gitea service to run on a port < 1024.
 
 # Customization