45 lines
1.1 KiB
Desktop File
45 lines
1.1 KiB
Desktop File
[Unit]
|
|
Description=Caddy HTTP/2 web server
|
|
Documentation=https://caddyserver.com/docs
|
|
After=network-online.target
|
|
Wants=network-online.target systemd-networkd-wait-online.service
|
|
StartLimitIntervalSec=14400
|
|
StartLimitBurst=10
|
|
|
|
[Service]
|
|
User=http
|
|
Group=http
|
|
Environment=CADDYPATH=/var/lib/caddy
|
|
EnvironmentFile=-/etc/caddy/envfile
|
|
ExecStart=/usr/bin/caddy -log stdout -agree -conf /etc/caddy/caddy.conf -root=/usr/share/caddy
|
|
ExecReload=/usr/bin/kill -USR1 $MAINPID
|
|
|
|
# Do not allow the process to be restarted in a tight loop. If the
|
|
# process fails to start, something critical needs to be fixed.
|
|
Restart=on-abnormal
|
|
|
|
# Use graceful shutdown with a reasonable timeout
|
|
KillMode=mixed
|
|
KillSignal=SIGQUIT
|
|
TimeoutStopSec=5s
|
|
|
|
LimitNOFILE=1048576
|
|
LimitNPROC=512
|
|
|
|
# Hardening options
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
ProtectHome=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/var/lib/caddy /var/log/caddy
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
NoNewPrivileges=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
LockPersonality=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|