diff options
Diffstat (limited to 'systemd-unit-file.patch')
-rw-r--r-- | systemd-unit-file.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/systemd-unit-file.patch b/systemd-unit-file.patch new file mode 100644 index 000000000000..4c9292a44d54 --- /dev/null +++ b/systemd-unit-file.patch @@ -0,0 +1,25 @@ +--- a/caddy/dist/init/linux-systemd/caddy.service ++++ b/caddy/dist/init/linux-systemd/caddy.service +@@ -17,7 +17,7 @@ Group=www-data + Environment=CADDYPATH=/etc/ssl/caddy + + ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. +-ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ++ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp + ExecReload=/bin/kill -USR1 $MAINPID + + ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. +@@ -40,9 +40,9 @@ ReadWriteDirectories=/etc/ssl/caddy + ; The following additional security directives only work with systemd v229 or later. + ; They further retrict privileges that can be gained by caddy. Uncomment if you like. + ; Note that you may have to add capabilities required by any plugins in use. +-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE +-;AmbientCapabilities=CAP_NET_BIND_SERVICE +-;NoNewPrivileges=true ++CapabilityBoundingSet=CAP_NET_BIND_SERVICE ++AmbientCapabilities=CAP_NET_BIND_SERVICE ++NoNewPrivileges=true + + [Install] + WantedBy=multi-user.target + |