diff options
Diffstat (limited to 'caddy.service')
-rw-r--r-- | caddy.service | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/caddy.service b/caddy.service index 74bff04f37ad..0e3800c31e0c 100644 --- a/caddy.service +++ b/caddy.service @@ -1,22 +1,31 @@ [Unit] -Description=Caddy 2 HTTP/2 web server -After=network-online.target +Description=Caddy Web Server +Documentation=https://caddyserver.com/docs/ +After=network.target [Service] User=http Group=http -ExecStart=/usr/bin/caddy run --config /etc/caddy2/Caddyfile --adapter caddyfile -ExecReload=/usr/bin/caddy reload --config /etc/caddy2/Caddyfile --adapter caddyfile +ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --resume --environ +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile ExecStop=/usr/bin/caddy stop +TimeoutStopSec=5s LimitNOFILE=1048576 -LimitNPROC=64 +LimitNPROC=512 + +# Hardening options PrivateTmp=true +ProtectSystem=strict PrivateDevices=true ProtectHome=true -ProtectSystem=strict -ReadWritePaths=/var/lib/caddy2 +ReadWritePaths=/var/lib/caddy /var/log/caddy /srv/http AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +NoNewPrivileges=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +LockPersonality=true [Install] WantedBy=multi-user.target - |