[Unit] Description=Caddy HTTP/2 web server Documentation=https://caddyserver.com/docs After=network-online.target Wants=network-online.target systemd-networkd-wait-online.service [Service] Restart=on-abnormal User=caddy Group=caddy Environment=CADDYPATH=/etc/ssl/caddy EnvironmentFile=/etc/caddy/env ExecStart=/usr/local/bin/caddy -log stdout -agree=true -email me@msfjarvis.dev -conf=/etc/caddy/Caddyfile ExecReload=/bin/kill -USR1 $MAINPID KillMode=mixed KillSignal=SIGQUIT TimeoutStopSec=5s LimitNOFILE=1048576 LimitNPROC=512 ReadWriteDirectories=/etc/ssl/caddy /etc/logs CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE # Security PrivateTmp=true ProtectSystem=full ProtectHome=true NoNewPrivileges=true ProtectControlGroups=true ProtectKernelModules=true ProtectKernelTunables=true PrivateDevices=true RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictNamespaces=true RestrictRealtime=true SystemCallArchitectures=native [Install] WantedBy=multi-user.target