blob: b921c6982b43f2451070325bb963c5e66cdae484 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
diff -aur init.pristine/linux-systemd/caddy.service init.new/linux-systemd/caddy.service
--- init.pristine/linux-systemd/caddy.service 2017-01-24 22:53:51.936956151 +0100
+++ init.new/linux-systemd/caddy.service 2017-01-24 22:55:11.580292966 +0100
@@ -10,14 +10,14 @@
StartLimitBurst=5
; User and group the process will run as.
-User=www-data
-Group=www-data
+User=http
+Group=http
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
-ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
+ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
@@ -40,9 +40,9 @@
; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-;AmbientCapabilities=CAP_NET_BIND_SERVICE
-;NoNewPrivileges=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
|