(2021 Jul 23, 03:04 PM)astrogerard Wrote: Running programs as a non-root user is a (very) good practice. But a non privileged user is by default not allowed to start a socket on the lower ports like 80 or 443. Another good practice is to run a non privileged program on a higher port (e.g. 8080) and use a rev proxy (HAproxy, Squid, Apache2, NGinx etc.) for (SSL/TLS) offloading and adding a little more security.
--Gerard
Thank you Gerard.
Your answer clears my puzzle about socket restriction for non-root user.
I will also look into SSL/TLS layer protocol for pi. I tried a few months ago to run an SSL micro-webserver on esp32 via micro-python but unfortunately micro-python requires a non-free version of SSL certificates. A reversed proxy is beyond the computing power of esp32. I am curious to know if I may have better luck with the pi. I will search the topic in this forum.
Paul
(2021 Jul 23, 06:15 PM)dan Wrote: Thank you Gerard. Good advice.Hi Dan,
@Paul,
I did not intend to suggest that you log in as Root.
I do that in my particular software development environment for various reasons but it is not recommended as a general practice.
Dan
Thank you for your help. Thank you also for putting together this software. It's a joy to work with.
Paul