1 files changed, 25 insertions, 0 deletions

diff --git a/systemd-unit-file.patch b/systemd-unit-file.patch
new file mode 100644
index 000000000000..4c9292a44d54
--- /dev/null
+++ b/systemd-unit-file.patch
@@ -0,0 +1,25 @@
+--- a/caddy/dist/init/linux-systemd/caddy.service
++++ b/caddy/dist/init/linux-systemd/caddy.service
+@@ -17,7 +17,7 @@ Group=www-data
+ Environment=CADDYPATH=/etc/ssl/caddy
+ 
+ ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
+-ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
++ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
+ ExecReload=/bin/kill -USR1 $MAINPID
+ 
+ ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
+@@ -40,9 +40,9 @@ ReadWriteDirectories=/etc/ssl/caddy
+ ; The following additional security directives only work with systemd v229 or later.
+ ; They further retrict privileges that can be gained by caddy. Uncomment if you like.
+ ; Note that you may have to add capabilities required by any plugins in use.
+-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+-;AmbientCapabilities=CAP_NET_BIND_SERVICE
+-;NoNewPrivileges=true
++CapabilityBoundingSet=CAP_NET_BIND_SERVICE
++AmbientCapabilities=CAP_NET_BIND_SERVICE
++NoNewPrivileges=true
+ 
+ [Install]
+ WantedBy=multi-user.target
+