summarylogtreecommitdiffstats
path: root/caddy.service
diff options
context:
space:
mode:
authorAlice Gaudon2020-05-15 22:51:17 +0200
committerAlice Gaudon2020-05-15 22:51:17 +0200
commit3ea2ecd045445fbea770e5e129cd9b74535dcacf (patch)
tree9c2fb8fc49bd0ff98f762ced0adabbfdae425be1 /caddy.service
parent1b9ca6d7254bfff460dd6db05ab5511f1a6967d7 (diff)
downloadaur-3ea2ecd045445fbea770e5e129cd9b74535dcacf.tar.gz
Make package closer to official package, provide caddy instead of caddy2 and move default Caddyfile in /etc/caddy (was /etc/caddy2)
Diffstat (limited to 'caddy.service')
-rw-r--r--caddy.service25
1 files changed, 17 insertions, 8 deletions
diff --git a/caddy.service b/caddy.service
index 74bff04f37ad..0e3800c31e0c 100644
--- a/caddy.service
+++ b/caddy.service
@@ -1,22 +1,31 @@
[Unit]
-Description=Caddy 2 HTTP/2 web server
-After=network-online.target
+Description=Caddy Web Server
+Documentation=https://caddyserver.com/docs/
+After=network.target
[Service]
User=http
Group=http
-ExecStart=/usr/bin/caddy run --config /etc/caddy2/Caddyfile --adapter caddyfile
-ExecReload=/usr/bin/caddy reload --config /etc/caddy2/Caddyfile --adapter caddyfile
+ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --resume --environ
+ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
ExecStop=/usr/bin/caddy stop
+TimeoutStopSec=5s
LimitNOFILE=1048576
-LimitNPROC=64
+LimitNPROC=512
+
+# Hardening options
PrivateTmp=true
+ProtectSystem=strict
PrivateDevices=true
ProtectHome=true
-ProtectSystem=strict
-ReadWritePaths=/var/lib/caddy2
+ReadWritePaths=/var/lib/caddy /var/log/caddy /srv/http
AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
[Install]
WantedBy=multi-user.target
-