use more variables instead of hard-coding (fixes #3)
This commit is contained in:
parent
d48064a7e3
commit
04686de59c
15 changed files with 101 additions and 70 deletions
44
templates/caddy.service
Normal file
44
templates/caddy.service
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
[Unit]
|
||||
Description=Caddy HTTP/2 web server
|
||||
Documentation=https://caddyserver.com/docs
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Restart=on-abnormal
|
||||
|
||||
User=www-data
|
||||
Group=www-data
|
||||
Environment=CADDYPATH=/etc/ssl/caddy
|
||||
|
||||
PIDFile=/run/caddy.pid
|
||||
ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
|
||||
KillMode=mixed
|
||||
KillSignal=SIGQUIT
|
||||
TimeoutStopSec=5s
|
||||
|
||||
LimitNOFILE=8192
|
||||
LimitNPROC=64
|
||||
|
||||
StartLimitInterval=600
|
||||
;StartLimitBurst=5
|
||||
RestartSec=60
|
||||
PermissionsStartOnly=true
|
||||
|
||||
PrivateTmp=true
|
||||
;PrivateDevices=true
|
||||
;ProtectHome=true
|
||||
;ProtectSystem=full
|
||||
ReadWriteDirectories=/etc/ssl/caddy
|
||||
|
||||
; The following additional security directives only work with systemd v229 or later.
|
||||
; They further restrict privileges that can be gained by caddy.
|
||||
; Note that you may have to add capabilities required by any plugins in use.
|
||||
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
;AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
;NoNewPrivileges=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Add table
Add a link
Reference in a new issue