balki-aur/caddy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

next: reduce diff to v1, add go hardening

Browse Source
This commit is contained in:
Levente Polyak
2020-05-16 00:15:22 +00:00
parent a4ae059ffc
commit 4d4473add2
3 changed files with 49 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
next/caddy.service
View File

@ -24,6 +24,8 @@ StartLimitBurst=10
[Service]
User=caddy
Group=caddy
Environment=XDG_DATA_HOME=/var/lib
Environment=XDG_CONFIG_HOME=/etc
ExecStart=/usr/bin/caddy run --adapter caddyfile --environ --config /etc/caddy/caddy.conf
ExecReload=/usr/bin/caddy reload --adapter caddyfile --config /etc/caddy/caddy.conf
@ -39,19 +41,19 @@ TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
# Hardening options
PrivateTmp=true
ProtectSystem=strict
ProtectKernelModules=true
NoNewPrivileges=true
LockPersonality=true
ProtectKernelTunables=true
ProtectHome=true
ReadWritePaths=/var/lib/caddy /var/log/caddy
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/caddy /var/log/caddy
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
[Install]
WantedBy=multi-user.target