diff --git a/docs/server/security/authentication/certificate-management.mdx b/docs/server/security/authentication/certificate-management.mdx
index 89b93aa909..80929aac5b 100644
--- a/docs/server/security/authentication/certificate-management.mdx
+++ b/docs/server/security/authentication/certificate-management.mdx
@@ -295,7 +295,7 @@ b. **Upload** ([import](../../../server/security/authentication/certificate-mana
- 1. Click **Manage Server** and select **Certificates** to access the Studio - Certificates Management screen.
+ 1. Click **Manage Server** and select **Certificates** to access Studio - Certificates Management screen.
2. Click **Server certificates** in the source server.
* **Export server certificates**
@@ -353,7 +353,7 @@ When uploading a `.pfx` file with multiple certificates, RavenDB will add all of
and will allow access to all these certificates explicitly by their thumbprint.
### Generating Client Certificates Via Command Line Interface
-* RavenDB provides an intuitive certificates management GUI in the Studio.
+* RavenDB provides an intuitive certificates management GUI in Studio.
* All of the operations which are described below are also available in Command Line Interface (CLI).
- Be sure to configure the `SecurityClearance` for each client certificate because the default is [cluster admin](../../../server/security/authorization/security-clearance-and-permissions.mdx#cluster-admin) which has full access.
@@ -385,7 +385,7 @@ and is explained here only to show how to view the full chain in Windows. The ri
-Because client certificates are managed by RavenDB directly and not through any PKI infrastructure **this is perfectly acceptable**.
+Because client certificates are managed by RavenDB directly and [not through any PKI infrastructure](../overview.mdx#important) **this is perfectly acceptable**.
Authenticating a client certificate is done explicitly by looking for the thumbprint in the registered certificates list in the server
and not by validating the chain of trust.
diff --git a/docs/server/security/overview.mdx b/docs/server/security/overview.mdx
index 663daf9016..8f3c0d6489 100644
--- a/docs/server/security/overview.mdx
+++ b/docs/server/security/overview.mdx
@@ -31,10 +31,10 @@ Registering a certificate means one of the following:
* The certificate was registered explicitly by an administrator.
* The certificate was registered implicitly for having the same [Public Key Pinning Hash](authentication/certificate-renewal-and-rotation.mdx#implicit-trust-by-public-key-pinning-hash) as a registered certificate.
-In any case, it must appear in the certificates view in the studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
+In any case, it must appear in the certificates view in Studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
-In the Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
+In Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
**Read more:**
diff --git a/docs/start/installation/setup-wizard/configure-node-addresses.mdx b/docs/start/installation/setup-wizard/configure-node-addresses.mdx
index 9cc31d86e3..41535f1d09 100644
--- a/docs/start/installation/setup-wizard/configure-node-addresses.mdx
+++ b/docs/start/installation/setup-wizard/configure-node-addresses.mdx
@@ -52,7 +52,20 @@ import Panel from '@site/src/components/Panel';
Enter the private HTTPS port that the node will listen on (used by clients and browsers to connect to this server).
By default, this is set to `443`.
When using port 443, make sure it is not already used by other applications (such as IIS, Apache, Skype, etc.).
+
+
On Linux, you might need to allow non-root processes to listen on port 443.
+ Run the following command to grant the server permission to bind to privileged ports:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
+
+ Note that this must be re-applied after every upgrade, as Linux does not preserve file capabilities when a binary is replaced.
+
+
If you choose a different port, remember to include it in the URL when accessing the server
(for example, `https://a.yourdomainname.development.run:8443`).
3. **TCP port**:
diff --git a/docs/start/installation/upgrading-to-new-version.mdx b/docs/start/installation/upgrading-to-new-version.mdx
index f71b05b860..5e34efe3f7 100644
--- a/docs/start/installation/upgrading-to-new-version.mdx
+++ b/docs/start/installation/upgrading-to-new-version.mdx
@@ -36,7 +36,19 @@ Upgrading a RavenDB instance to a new version is very simple. To do so:
* These steps are strictly necessary when updating to version 5.1.
To update to lower versions, overriding the old binaries may be sufficient - although removing them is recommended.
-4. Copy the new binaries.
+4. Copy the new binaries.
+
+
+
+ On Linux, if the server uses a privileged port (below 1024, e.g. port `443`),
+ re-apply the `setcap` capability to the new binary.
+ Linux does not preserve file capabilities when a binary is replaced:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
5. Restart the server.
@@ -53,7 +65,7 @@ However, sometimes our adjustments require changing the file format ("schema ver
If RavenDB finds during startup that the stored database uses an old format, it
will automatically perform this kind of migration.
-
+
Migrating data files is only one type of migration.
If you try to downgrade to an older RavenDB version after making any changes in data files
format, RavenDB will fail to start with a detailed error message.
diff --git a/versioned_docs/version-6.2/server/security/authentication/certificate-management.mdx b/versioned_docs/version-6.2/server/security/authentication/certificate-management.mdx
index 6e77b42c75..20c7509084 100644
--- a/versioned_docs/version-6.2/server/security/authentication/certificate-management.mdx
+++ b/versioned_docs/version-6.2/server/security/authentication/certificate-management.mdx
@@ -294,7 +294,7 @@ b. **Upload** ([import](../../../server/security/authentication/certificate-mana
- 1. Click **Manage Server** and select **Certificates** to access the Studio - Certificates Management screen.
+ 1. Click **Manage Server** and select **Certificates** to access Studio - Certificates Management screen.
2. Click **Server certificates** in the source server.
* **Export server certificates**
@@ -352,7 +352,7 @@ When uploading a `.pfx` file with multiple certificates, RavenDB will add all of
and will allow access to all these certificates explicitly by their thumbprint.
### Generating Client Certificates Via Command Line Interface
-* RavenDB provides an intuitive certificates management GUI in the Studio.
+* RavenDB provides an intuitive certificates management GUI in Studio.
* All of the operations which are described below are also available in Command Line Interface (CLI).
- Be sure to configure the `SecurityClearance` for each client certificate because the default is [cluster admin](../../../server/security/authorization/security-clearance-and-permissions.mdx#cluster-admin) which has full access.
@@ -384,7 +384,7 @@ and is explained here only to show how to view the full chain in Windows. The ri
-Because client certificates are managed by RavenDB directly and not through any PKI infrastructure **this is perfectly acceptable**.
+Because client certificates are managed by RavenDB directly and [not through any PKI infrastructure](../overview.mdx#important) **this is perfectly acceptable**.
Authenticating a client certificate is done explicitly by looking for the thumbprint in the registered certificates list in the server
and not by validating the chain of trust.
diff --git a/versioned_docs/version-6.2/server/security/overview.mdx b/versioned_docs/version-6.2/server/security/overview.mdx
index 94e6c5c243..d6a090f6eb 100644
--- a/versioned_docs/version-6.2/server/security/overview.mdx
+++ b/versioned_docs/version-6.2/server/security/overview.mdx
@@ -30,10 +30,10 @@ Registering a certificate means one of the following:
* The certificate was registered explicitly by an administrator.
* The certificate was registered implicitly for having the same [Public Key Pinning Hash](authentication/certificate-renewal-and-rotation.mdx#implicit-trust-by-public-key-pinning-hash) as a registered certificate.
-In any case, it must appear in the certificates view in the studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
+In any case, it must appear in the certificates view in Studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
-In the Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
+In Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
**Read more:**
diff --git a/versioned_docs/version-6.2/start/installation/setup-wizard/configure-node-addresses.mdx b/versioned_docs/version-6.2/start/installation/setup-wizard/configure-node-addresses.mdx
index 47922f33e3..494521db36 100644
--- a/versioned_docs/version-6.2/start/installation/setup-wizard/configure-node-addresses.mdx
+++ b/versioned_docs/version-6.2/start/installation/setup-wizard/configure-node-addresses.mdx
@@ -51,7 +51,20 @@ import Panel from '@site/src/components/Panel';
Enter the private HTTPS port that the node will listen on (used by clients and browsers to connect to this server).
By default, this is set to `443`.
When using port 443, make sure it is not already used by other applications (such as IIS, Apache, Skype, etc.).
+
+
On Linux, you might need to allow non-root processes to listen on port 443.
+ Run the following command to grant the server permission to bind to privileged ports:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
+
+ Note that this must be re-applied after every upgrade, as Linux does not preserve file capabilities when a binary is replaced.
+
+
If you choose a different port, remember to include it in the URL when accessing the server
(for example, `https://a.yourdomainname.development.run:8443`).
3. **TCP port**:
diff --git a/versioned_docs/version-6.2/start/installation/upgrading-to-new-version.mdx b/versioned_docs/version-6.2/start/installation/upgrading-to-new-version.mdx
index d09d42cf27..80f1ed6f9a 100644
--- a/versioned_docs/version-6.2/start/installation/upgrading-to-new-version.mdx
+++ b/versioned_docs/version-6.2/start/installation/upgrading-to-new-version.mdx
@@ -35,7 +35,19 @@ Upgrading a RavenDB instance to a new version is very simple. To do so:
* These steps are strictly necessary when updating to version 5.1.
To update to lower versions, overriding the old binaries may be sufficient - although removing them is recommended.
-4. Copy the new binaries.
+4. Copy the new binaries.
+
+
+
+ On Linux, if the server uses a privileged port (below 1024, e.g. port `443`),
+ re-apply the `setcap` capability to the new binary.
+ Linux does not preserve file capabilities when a binary is replaced:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
5. Restart the server.
@@ -52,7 +64,7 @@ However, sometimes our adjustments require changing the file format ("schema ver
If RavenDB finds during startup that the stored database uses an old format, it
will automatically perform this kind of migration.
-
+
Migrating data files is only one type of migration.
If you try to downgrade to an older RavenDB version after making any changes in data files
format, RavenDB will fail to start with a detailed error message.
diff --git a/versioned_docs/version-7.0/server/security/authentication/certificate-management.mdx b/versioned_docs/version-7.0/server/security/authentication/certificate-management.mdx
index 6e77b42c75..20c7509084 100644
--- a/versioned_docs/version-7.0/server/security/authentication/certificate-management.mdx
+++ b/versioned_docs/version-7.0/server/security/authentication/certificate-management.mdx
@@ -294,7 +294,7 @@ b. **Upload** ([import](../../../server/security/authentication/certificate-mana
- 1. Click **Manage Server** and select **Certificates** to access the Studio - Certificates Management screen.
+ 1. Click **Manage Server** and select **Certificates** to access Studio - Certificates Management screen.
2. Click **Server certificates** in the source server.
* **Export server certificates**
@@ -352,7 +352,7 @@ When uploading a `.pfx` file with multiple certificates, RavenDB will add all of
and will allow access to all these certificates explicitly by their thumbprint.
### Generating Client Certificates Via Command Line Interface
-* RavenDB provides an intuitive certificates management GUI in the Studio.
+* RavenDB provides an intuitive certificates management GUI in Studio.
* All of the operations which are described below are also available in Command Line Interface (CLI).
- Be sure to configure the `SecurityClearance` for each client certificate because the default is [cluster admin](../../../server/security/authorization/security-clearance-and-permissions.mdx#cluster-admin) which has full access.
@@ -384,7 +384,7 @@ and is explained here only to show how to view the full chain in Windows. The ri
-Because client certificates are managed by RavenDB directly and not through any PKI infrastructure **this is perfectly acceptable**.
+Because client certificates are managed by RavenDB directly and [not through any PKI infrastructure](../overview.mdx#important) **this is perfectly acceptable**.
Authenticating a client certificate is done explicitly by looking for the thumbprint in the registered certificates list in the server
and not by validating the chain of trust.
diff --git a/versioned_docs/version-7.0/server/security/overview.mdx b/versioned_docs/version-7.0/server/security/overview.mdx
index 94e6c5c243..d6a090f6eb 100644
--- a/versioned_docs/version-7.0/server/security/overview.mdx
+++ b/versioned_docs/version-7.0/server/security/overview.mdx
@@ -30,10 +30,10 @@ Registering a certificate means one of the following:
* The certificate was registered explicitly by an administrator.
* The certificate was registered implicitly for having the same [Public Key Pinning Hash](authentication/certificate-renewal-and-rotation.mdx#implicit-trust-by-public-key-pinning-hash) as a registered certificate.
-In any case, it must appear in the certificates view in the studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
+In any case, it must appear in the certificates view in Studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
-In the Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
+In Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
**Read more:**
diff --git a/versioned_docs/version-7.0/start/installation/setup-wizard/configure-node-addresses.mdx b/versioned_docs/version-7.0/start/installation/setup-wizard/configure-node-addresses.mdx
index 47922f33e3..494521db36 100644
--- a/versioned_docs/version-7.0/start/installation/setup-wizard/configure-node-addresses.mdx
+++ b/versioned_docs/version-7.0/start/installation/setup-wizard/configure-node-addresses.mdx
@@ -51,7 +51,20 @@ import Panel from '@site/src/components/Panel';
Enter the private HTTPS port that the node will listen on (used by clients and browsers to connect to this server).
By default, this is set to `443`.
When using port 443, make sure it is not already used by other applications (such as IIS, Apache, Skype, etc.).
+
+
On Linux, you might need to allow non-root processes to listen on port 443.
+ Run the following command to grant the server permission to bind to privileged ports:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
+
+ Note that this must be re-applied after every upgrade, as Linux does not preserve file capabilities when a binary is replaced.
+
+
If you choose a different port, remember to include it in the URL when accessing the server
(for example, `https://a.yourdomainname.development.run:8443`).
3. **TCP port**:
diff --git a/versioned_docs/version-7.0/start/installation/upgrading-to-new-version.mdx b/versioned_docs/version-7.0/start/installation/upgrading-to-new-version.mdx
index d09d42cf27..80f1ed6f9a 100644
--- a/versioned_docs/version-7.0/start/installation/upgrading-to-new-version.mdx
+++ b/versioned_docs/version-7.0/start/installation/upgrading-to-new-version.mdx
@@ -35,7 +35,19 @@ Upgrading a RavenDB instance to a new version is very simple. To do so:
* These steps are strictly necessary when updating to version 5.1.
To update to lower versions, overriding the old binaries may be sufficient - although removing them is recommended.
-4. Copy the new binaries.
+4. Copy the new binaries.
+
+
+
+ On Linux, if the server uses a privileged port (below 1024, e.g. port `443`),
+ re-apply the `setcap` capability to the new binary.
+ Linux does not preserve file capabilities when a binary is replaced:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
5. Restart the server.
@@ -52,7 +64,7 @@ However, sometimes our adjustments require changing the file format ("schema ver
If RavenDB finds during startup that the stored database uses an old format, it
will automatically perform this kind of migration.
-
+
Migrating data files is only one type of migration.
If you try to downgrade to an older RavenDB version after making any changes in data files
format, RavenDB will fail to start with a detailed error message.
diff --git a/versioned_docs/version-7.1/server/security/authentication/certificate-management.mdx b/versioned_docs/version-7.1/server/security/authentication/certificate-management.mdx
index 6e77b42c75..20c7509084 100644
--- a/versioned_docs/version-7.1/server/security/authentication/certificate-management.mdx
+++ b/versioned_docs/version-7.1/server/security/authentication/certificate-management.mdx
@@ -294,7 +294,7 @@ b. **Upload** ([import](../../../server/security/authentication/certificate-mana
- 1. Click **Manage Server** and select **Certificates** to access the Studio - Certificates Management screen.
+ 1. Click **Manage Server** and select **Certificates** to access Studio - Certificates Management screen.
2. Click **Server certificates** in the source server.
* **Export server certificates**
@@ -352,7 +352,7 @@ When uploading a `.pfx` file with multiple certificates, RavenDB will add all of
and will allow access to all these certificates explicitly by their thumbprint.
### Generating Client Certificates Via Command Line Interface
-* RavenDB provides an intuitive certificates management GUI in the Studio.
+* RavenDB provides an intuitive certificates management GUI in Studio.
* All of the operations which are described below are also available in Command Line Interface (CLI).
- Be sure to configure the `SecurityClearance` for each client certificate because the default is [cluster admin](../../../server/security/authorization/security-clearance-and-permissions.mdx#cluster-admin) which has full access.
@@ -384,7 +384,7 @@ and is explained here only to show how to view the full chain in Windows. The ri
-Because client certificates are managed by RavenDB directly and not through any PKI infrastructure **this is perfectly acceptable**.
+Because client certificates are managed by RavenDB directly and [not through any PKI infrastructure](../overview.mdx#important) **this is perfectly acceptable**.
Authenticating a client certificate is done explicitly by looking for the thumbprint in the registered certificates list in the server
and not by validating the chain of trust.
diff --git a/versioned_docs/version-7.1/server/security/overview.mdx b/versioned_docs/version-7.1/server/security/overview.mdx
index 94e6c5c243..d6a090f6eb 100644
--- a/versioned_docs/version-7.1/server/security/overview.mdx
+++ b/versioned_docs/version-7.1/server/security/overview.mdx
@@ -30,10 +30,10 @@ Registering a certificate means one of the following:
* The certificate was registered explicitly by an administrator.
* The certificate was registered implicitly for having the same [Public Key Pinning Hash](authentication/certificate-renewal-and-rotation.mdx#implicit-trust-by-public-key-pinning-hash) as a registered certificate.
-In any case, it must appear in the certificates view in the studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
+In any case, it must appear in the certificates view in Studio. Visit the [Certificate Management](authentication/certificate-management.mdx) section for more information.
-In the Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
+In Studio, administrators can use the [Certificates View](../../server/security/authentication/certificate-configuration.mdx) to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.
**Read more:**
diff --git a/versioned_docs/version-7.1/start/installation/setup-wizard/configure-node-addresses.mdx b/versioned_docs/version-7.1/start/installation/setup-wizard/configure-node-addresses.mdx
index 47922f33e3..494521db36 100644
--- a/versioned_docs/version-7.1/start/installation/setup-wizard/configure-node-addresses.mdx
+++ b/versioned_docs/version-7.1/start/installation/setup-wizard/configure-node-addresses.mdx
@@ -51,7 +51,20 @@ import Panel from '@site/src/components/Panel';
Enter the private HTTPS port that the node will listen on (used by clients and browsers to connect to this server).
By default, this is set to `443`.
When using port 443, make sure it is not already used by other applications (such as IIS, Apache, Skype, etc.).
+
+
On Linux, you might need to allow non-root processes to listen on port 443.
+ Run the following command to grant the server permission to bind to privileged ports:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
+
+ Note that this must be re-applied after every upgrade, as Linux does not preserve file capabilities when a binary is replaced.
+
+
If you choose a different port, remember to include it in the URL when accessing the server
(for example, `https://a.yourdomainname.development.run:8443`).
3. **TCP port**:
diff --git a/versioned_docs/version-7.1/start/installation/upgrading-to-new-version.mdx b/versioned_docs/version-7.1/start/installation/upgrading-to-new-version.mdx
index d09d42cf27..80f1ed6f9a 100644
--- a/versioned_docs/version-7.1/start/installation/upgrading-to-new-version.mdx
+++ b/versioned_docs/version-7.1/start/installation/upgrading-to-new-version.mdx
@@ -35,7 +35,19 @@ Upgrading a RavenDB instance to a new version is very simple. To do so:
* These steps are strictly necessary when updating to version 5.1.
To update to lower versions, overriding the old binaries may be sufficient - although removing them is recommended.
-4. Copy the new binaries.
+4. Copy the new binaries.
+
+
+
+ On Linux, if the server uses a privileged port (below 1024, e.g. port `443`),
+ re-apply the `setcap` capability to the new binary.
+ Linux does not preserve file capabilities when a binary is replaced:
+
+ ```bash
+ sudo setcap CAP_NET_BIND_SERVICE=+eip ./RavenDB/Server/Raven.Server
+ ```
+
+
5. Restart the server.
@@ -52,7 +64,7 @@ However, sometimes our adjustments require changing the file format ("schema ver
If RavenDB finds during startup that the stored database uses an old format, it
will automatically perform this kind of migration.
-
+
Migrating data files is only one type of migration.
If you try to downgrade to an older RavenDB version after making any changes in data files
format, RavenDB will fail to start with a detailed error message.