If you are running systemd and linux, then you can simply add to the server unit file:
# /etc/systemd/system/http_server.service# ...[Service]# ...AmbientCapabilities = CAP_NET_BIND_SERVICEAnd, if, in addition, you want your web server to never gain additional capabilities, you may also add:
CapabilityBoundingSet = CAP_NET_BIND_SERVICEAlso see
- the - rather involved - man page
capabilities(7) - the Unix SE question What is the difference between AmbientCapabilities and CapabilityBoundingSet?.
systemd.exec(5)
for a description of those systemd service unit file configuration options, which define the execution environment of spawned processes.