elastic:run_kibana_on_standard

Let Kibana (debian) run on standard ports (HTTP :80 or HTTPS :443)

Without changing the default configuration, Kibana is listening at port 5601 for either HTTP or HTTPS.
In kibana.yml the line server.port: 5601 is setting this explicit.

When the standard port for HTTP (:443) is configured for Kibana in kibana.yml
server.port: 443
Kibana fails to start the next time with:
FATAL Error: listen EACCES: permission denied 0.0.0.0:443

When running this as root, the service starts.
The problem is that Kibana is lacking the permissions to bind to the standard ports by default.

NOTE: The following solution needs to be repeated when Kibana is updated by apt.

Solution

As root or with sudo run:

setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-plugin
setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-keystore
# Before version 8.15
# setcap cap_net_bind_service=+epi /usr/share/kibana/node/bin/node
# Since version 8.15
setcap cap_net_bind_service=+epi /usr/share/kibana/node/glibc-217/bin/node