diff options
| author | Alice Gaudon | 2020-07-02 15:53:16 +0200 |
|---|---|---|
| committer | Alice Gaudon | 2020-07-02 16:01:57 +0200 |
| commit | 9401e800408cde5d4fb4d8a866dd604463c5a2ac (patch) | |
| tree | 48cc13c9596fdf0370f608d9d499bf1a7f3e8d05 /caddy.service | |
| parent | d6a801c8ca2282b118d4f66c4b301f091349b982 (diff) | |
| download | aur-9401e800408cde5d4fb4d8a866dd604463c5a2ac.tar.gz | |
Remove caddy2.install and base the rest of the package on official current `next` branch
Diffstat (limited to 'caddy.service')
| -rw-r--r-- | caddy.service | 50 |
1 files changed, 39 insertions, 11 deletions
diff --git a/caddy.service b/caddy.service index 0e3800c31e0c..70c7ee075de9 100644 --- a/caddy.service +++ b/caddy.service @@ -1,26 +1,54 @@ +# caddy.service +# +# For using Caddy with a config file. +# +# Make sure the ExecStart and ExecReload commands are correct +# for your installation. +# +# See https://caddyserver.com/docs/install for instructions. +# +# WARNING: This service does not use the --resume flag, so if you +# use the API to make changes, they will be overwritten by the +# Caddyfile next time the service is restarted. If you intend to +# use Caddy's API to configure it, add the --resume flag to the +# `caddy run` command or use the caddy-api.service file instead. + [Unit] -Description=Caddy Web Server +Description=Caddy webserver Documentation=https://caddyserver.com/docs/ -After=network.target +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 [Service] -User=http -Group=http -ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --resume --environ -ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile -ExecStop=/usr/bin/caddy stop +User=caddy +Group=caddy +Environment=XDG_DATA_HOME=/var/lib +Environment=XDG_CONFIG_HOME=/etc +ExecStart=/usr/bin/caddy run --adapter caddyfile --environ --config /etc/caddy/caddy.conf +ExecReload=/usr/bin/caddy reload --adapter caddyfile --config /etc/caddy/caddy.conf + +# Do not allow the process to be restarted in a tight loop. If the +# process fails to start, something critical needs to be fixed. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +KillMode=mixed +KillSignal=SIGQUIT TimeoutStopSec=5s + LimitNOFILE=1048576 LimitNPROC=512 # Hardening options PrivateTmp=true -ProtectSystem=strict PrivateDevices=true ProtectHome=true -ReadWritePaths=/var/lib/caddy /var/log/caddy /srv/http -AmbientCapabilities=CAP_NET_BIND_SERVICE +ProtectSystem=strict +ReadWritePaths=/var/lib/caddy /var/log/caddy CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE NoNewPrivileges=true ProtectKernelTunables=true ProtectKernelModules=true @@ -28,4 +56,4 @@ ProtectControlGroups=true LockPersonality=true [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target
\ No newline at end of file |