Update service file with some security features

This commit is contained in:
Wilfried OLLIVIER 2020-03-20 14:32:45 +01:00
parent dc8d6f48ba
commit aa0fbef9ab

View file

@ -4,14 +4,22 @@ Documentation=https://caddyserver.com/docs
After=network.target After=network.target
[Service] [Service]
# Service config and instructions
WorkingDirectory={{ caddy_home }} WorkingDirectory={{ caddy_home }}
User=caddy User=caddy
LimitNOFILE=8192 LimitNOFILE=8192
PIDFile={{ caddy_home }}/caddy.pid ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -pidfile={{ caddy_home }}/caddy.pid
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
Restart=on-failure Restart=on-failure
StartLimitInterval=600 StartLimitInterval=600
TimeoutStopSec=5s
KillSignal=SIGQUIT
# Service security
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
ReadWritePaths={{ caddy_home }}
ReadWriteDirectories={{ caddy_home }}
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target