Created
July 4, 2020 16:52
-
-
Save esmerino/3501f849ac35d75c4f4313cab4281973 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Advanced key-value store | |
| After=network.target | |
| Documentation=http://redis.io/documentation, man:redis-server(1) | |
| [Service] | |
| Type=forking | |
| ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --supervised systemd --daemonize no | |
| ExecStop=/bin/kill -s TERM $MAINPID | |
| PIDFile=/var/run/redis/redis-server.pid | |
| TimeoutStopSec=0 | |
| Restart=always | |
| User=redis | |
| Group=redis | |
| RuntimeDirectory=redis | |
| RuntimeDirectoryMode=2755 | |
| UMask=007 | |
| PrivateTmp=yes | |
| LimitNOFILE=65535 | |
| PrivateDevices=yes | |
| ProtectHome=yes | |
| ReadOnlyDirectories=/ | |
| ReadWriteDirectories=-/var/lib/redis | |
| ReadWriteDirectories=-/var/log/redis | |
| ReadWriteDirectories=-/var/run/redis | |
| NoNewPrivileges=true | |
| CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE | |
| RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX | |
| MemoryDenyWriteExecute=true | |
| ProtectKernelModules=true | |
| ProtectKernelTunables=true | |
| ProtectControlGroups=true | |
| RestrictRealtime=true | |
| RestrictNamespaces=true | |
| # redis-server can write to its own config file when in cluster mode so we | |
| # permit writing there by default. If you are not using this feature, it is | |
| # recommended that you replace the following lines with "ProtectSystem=full". | |
| ProtectSystem=true | |
| ReadWriteDirectories=-/etc/redis | |
| [Install] | |
| WantedBy=multi-user.target | |
| Alias=redis.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment