summarylogtreecommitdiffstats
path: root/caddy-systemd-service.patch
blob: b921c6982b43f2451070325bb963c5e66cdae484 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
diff -aur init.pristine/linux-systemd/caddy.service init.new/linux-systemd/caddy.service
--- init.pristine/linux-systemd/caddy.service	2017-01-24 22:53:51.936956151 +0100
+++ init.new/linux-systemd/caddy.service	2017-01-24 22:55:11.580292966 +0100
@@ -10,14 +10,14 @@
 StartLimitBurst=5
 
 ; User and group the process will run as.
-User=www-data
-Group=www-data
+User=http
+Group=http
 
 ; Letsencrypt-issued certificates will be written to this directory.
 Environment=CADDYPATH=/etc/ssl/caddy
 
 ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
-ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
+ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
 ExecReload=/bin/kill -USR1 $MAINPID
 
 ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
@@ -40,9 +40,9 @@
 ; The following additional security directives only work with systemd v229 or later.
 ; They further retrict privileges that can be gained by caddy. Uncomment if you like.
 ; Note that you may have to add capabilities required by any plugins in use.
-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-;AmbientCapabilities=CAP_NET_BIND_SERVICE
-;NoNewPrivileges=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target