diff options
author | Alice Gaudon | 2020-05-15 22:51:17 +0200 |
---|---|---|
committer | Alice Gaudon | 2020-05-15 22:51:17 +0200 |
commit | 3ea2ecd045445fbea770e5e129cd9b74535dcacf (patch) | |
tree | 9c2fb8fc49bd0ff98f762ced0adabbfdae425be1 /caddy.service | |
parent | 1b9ca6d7254bfff460dd6db05ab5511f1a6967d7 (diff) | |
download | aur-3ea2ecd045445fbea770e5e129cd9b74535dcacf.tar.gz |
Make package closer to official package, provide caddy instead of caddy2 and move default Caddyfile in /etc/caddy (was /etc/caddy2)
Diffstat (limited to 'caddy.service')
-rw-r--r-- | caddy.service | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/caddy.service b/caddy.service index 74bff04f37ad..0e3800c31e0c 100644 --- a/caddy.service +++ b/caddy.service @@ -1,22 +1,31 @@ [Unit] -Description=Caddy 2 HTTP/2 web server -After=network-online.target +Description=Caddy Web Server +Documentation=https://caddyserver.com/docs/ +After=network.target [Service] User=http Group=http -ExecStart=/usr/bin/caddy run --config /etc/caddy2/Caddyfile --adapter caddyfile -ExecReload=/usr/bin/caddy reload --config /etc/caddy2/Caddyfile --adapter caddyfile +ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --resume --environ +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile ExecStop=/usr/bin/caddy stop +TimeoutStopSec=5s LimitNOFILE=1048576 -LimitNPROC=64 +LimitNPROC=512 + +# Hardening options PrivateTmp=true +ProtectSystem=strict PrivateDevices=true ProtectHome=true -ProtectSystem=strict -ReadWritePaths=/var/lib/caddy2 +ReadWritePaths=/var/lib/caddy /var/log/caddy /srv/http AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +NoNewPrivileges=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +LockPersonality=true [Install] WantedBy=multi-user.target - |