Title
#fleet
r

ryan

08/03/2021, 2:30 PM
is there a way to run fleet on the standard https port (443)?
2:55 PM
when I use server_address=0.0.0.0:443 I get a
permission error
as normal user (expected since it’s a priv port) and then
Failed to start: initializing service: initializing osquery logging: create filesystem status logger: create new raw logger: open /tmp/osquery_status: permission denied
if I run via sudo
Mystery Incorporated

Mystery Incorporated

08/03/2021, 3:44 PM
@ryan yeh honestly I'd set up a reverse proxy using nginx. I'm going to do this myself, gives you a bit more control for e.g. you can split the SSL termination to present a Let's encrypt certificate for the web UI, yet still use your self signed cert for osquery daemons, etc.
zwass

zwass

08/05/2021, 4:08 PM
Your first error is expected, however the second is very unusual -- A permission error on a file in
/tmp
when running as root? Can you share the full command and output?
zwass

zwass

08/05/2021, 10:34 PM
Can you
sudo ls -l /tmp/osquery_status
and show the results? We are looking to see if there are unusual permissions on that file.