cody0704/caddy1.service

## caddy1.service
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=on-abnormal

; User and group the process will run as.
User=caddy
Group=caddy

; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy

; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID

; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s

; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=512

; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWriteDirectories=/etc/ssl/caddy

; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

## caddy2.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
	[Unit]
	Description=Caddy HTTP/2 web server
	Documentation=https://caddyserver.com/docs
	After=network-online.target
	Wants=network-online.target systemd-networkd-wait-online.service

	[Service]
	Restart=on-abnormal

	; User and group the process will run as.
	User=caddy
	Group=caddy

	; Letsencrypt-issued certificates will be written to this directory.
	Environment=CADDYPATH=/etc/ssl/caddy

	; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
	ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
	ExecReload=/bin/kill -USR1 $MAINPID

	; Use graceful shutdown with a reasonable timeout
	KillMode=mixed
	KillSignal=SIGQUIT
	TimeoutStopSec=5s

	; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
	LimitNOFILE=1048576
	; Unmodified caddy is not expected to use more than that.
	LimitNPROC=512

	; Use private /tmp and /var/tmp, which are discarded after caddy stops.
	PrivateTmp=true
	; Use a minimal /dev
	PrivateDevices=true
	; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
	ProtectHome=true
	; Make /usr, /boot, /etc and possibly some more folders read-only.
	ProtectSystem=full
	; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
	; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
	ReadWriteDirectories=/etc/ssl/caddy

	; The following additional security directives only work with systemd v229 or later.
	; They further retrict privileges that can be gained by caddy. Uncomment if you like.
	; Note that you may have to add capabilities required by any plugins in use.
	;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
	;AmbientCapabilities=CAP_NET_BIND_SERVICE
	;NoNewPrivileges=true

	[Install]
	WantedBy=multi-user.target
	# caddy.service
	#
	# For using Caddy with a config file.
	#
	# Make sure the ExecStart and ExecReload commands are correct
	# for your installation.
	#
	# See https://caddyserver.com/docs/install for instructions.
	#
	# WARNING: This service does not use the --resume flag, so if you
	# use the API to make changes, they will be overwritten by the
	# Caddyfile next time the service is restarted. If you intend to
	# use Caddy's API to configure it, add the --resume flag to the
	# `caddy run` command or use the caddy-api.service file instead.

	[Unit]
	Description=Caddy
	Documentation=https://caddyserver.com/docs/
	After=network.target

	[Service]
	User=caddy
	Group=caddy
	ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
	ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
	TimeoutStopSec=5s
	LimitNOFILE=1048576
	LimitNPROC=512
	PrivateTmp=true
	ProtectSystem=full
	AmbientCapabilities=CAP_NET_BIND_SERVICE

	[Install]
	WantedBy=multi-user.target