redirection

GCP: HTTP to HTTPS redirection using HTTPS LB Ingress

It is not necessary to create an independent GCP HTTPS LB or other improvisation to redirect insecure HTTP traffic to your HTTPS load balancer.  The existing public Ingress can reference a FrontendConfig object that specifies redirection to HTTPS. Below is a FrontendConfig definition that can redirect the insecure traffic. apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: GCP: HTTP to HTTPS redirection using HTTPS LB Ingress

iptables: Running service as non-root, iptables to forward from privileged port

There are multiple approaches to allowing a process to run as a non-root user but still provide access to privileged ports (<1024). There are applications like Apache that handle this by starting the master process as root, and then worker processes as a less privileged user.  Another way is setting the privilege on a binary iptables: Running service as non-root, iptables to forward from privileged port