msfjarvis/server-config
1
Fork 0
mirror of https://github.com/msfjarvis/server-config synced 2025-08-14 01:17:02 +05:30
Code Issues Projects Releases Packages Wiki Activity Actions
server-config/systemd_units/caddy.service
Harsh Shandilya 0c6ee8bc60
systemd/caddy: Cleanup exec and use systemd EnvironmentFile 
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-02-20 03:55:47 +05:30

39 lines
1,008 B
Desktop File
Raw Blame History

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-abnormal
User=caddy
Group=caddy
Environment=CADDYPATH=/etc/ssl/caddy
EnvironmentFile=/etc/caddy/env
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -email me@msfjarvis.dev -conf=/etc/caddy/Caddyfile
ExecReload=/bin/kill -USR1 $MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
ReadWriteDirectories=/etc/ssl/caddy /etc/logs
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
# Security
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
PrivateDevices=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target
Reference in a new issue View git blame Copy permalink