From 18e481d76eb7285779fd109cc81a09b715d719f7 Mon Sep 17 00:00:00 2001
From: "backport-actions-token[bot]"
 <87506591+backport-actions-token[bot]@users.noreply.github.com>
Date: Thu, 19 Aug 2021 21:37:33 -0700
Subject: [PATCH] document binding service to 443 (#2487) (#2499)

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
---
 docs/docs/install/binary.md | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/docs/docs/install/binary.md b/docs/docs/install/binary.md
index b7f534029..c2d2459d6 100644
--- a/docs/docs/install/binary.md
+++ b/docs/docs/install/binary.md
@@ -45,11 +45,17 @@ You can also set some or all of your configuration keys as environment variables
 
 ### OS Package
 
-Enable and start the service:
+1. The following command allows the Pomerium systemd service to bind to [privileged port] `443`:
 
-```bash
-sudo systemctl enable --now pomerium.service
-```
+   ```bash
+   echo -e "[Service]\nAmbientCapabilities=CAP_NET_BIND_SERVICE" | sudo SYSTEMD_EDITOR=tee systemctl edit pomerium
+   ```
+
+1. Enable and start the service:
+
+   ```bash
+   sudo systemctl enable --now pomerium.service
+   ```
 
 ### Manual Installation
 
@@ -70,4 +76,5 @@ Browse to `external-verify.your.domain.example`. Connections between you and [ve
 [tls certificates]: /docs/topics/certificates.md
 [Cloudsmith]: https://cloudsmith.io
 [cloudsmith-repo]: https://cloudsmith.io/~pomerium/repos/pomerium/groups/
-[Reference]: /reference/readme.md
\ No newline at end of file
+[Reference]: /reference/readme.md
+[privileged port]: https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html
\ No newline at end of file