These are containers, why on earth would you assume an app needs to run on a privileged port? You just run the app in the container on say 8080 or 8443 inside the container and expose it outside the container as 80 or 443 respectively.

Ha, i literally forgot about that. Despite using docker every other day. Thanks for correcting me

sudo apt-get install libcap2-bin # Debian/Ubuntu/etc sudo setcap 'cap_net_bind_service=+ep' /path/to/program

will allow program to bind low numbered ports by non-root user.

Just learned this deploying a new rails app behind caddy2 (which is running as the deploy user I setup).

You only need root to open the port. Once you do that you can drop privileges.

I'm not and what does it have to do with what I said? :) Do you know that nginx must be running as root, right?