Last active
September 11, 2021 15:38
-
-
Save freeseacher/cea886134f94cac1b5bb24a4f65a630f to your computer and use it in GitHub Desktop.
confluence ne boley
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Non for production!!!! requires heavy testing | |
testted on 7.13.0 with | |
* login | |
* enter space | |
* edit page | |
* upload file | |
* logs are written ok | |
* index rebuild | |
* backup | |
* restore not tested | |
* several scheduled jobs | |
* plugin load/unload/update |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /run/systemd/generator.late/confluence.service | |
# Automatically generated by systemd-sysv-generator | |
[Unit] | |
Documentation=man:systemd-sysv-generator(8) | |
SourcePath=/etc/init.d/confluence | |
Before=multi-user.target | |
Before=multi-user.target | |
Before=multi-user.target | |
Before=graphical.target | |
Before=exim4.service | |
[Service] | |
Type=forking | |
Restart=no | |
TimeoutSec=5min | |
IgnoreSIGPIPE=no | |
KillMode=process | |
GuessMainPID=no | |
RemainAfterExit=yes | |
ExecStart=/etc/init.d/confluence start | |
ExecStop=/etc/init.d/confluence stop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/systemd/system/confluence.service.d/override.conf | |
[Unit] | |
After=postgresql.service | |
[Service] | |
User=confluence | |
PrivateDevices=true | |
DeviceAllow=/dev/stderr | |
DeviceAllow=/dev/stdin | |
DeviceAllow=/dev/stdout | |
DeviceAllow=/dev/random | |
DeviceAllow=/dev/urandom | |
DevicePolicy=strict | |
LockPersonality=true | |
PrivateMounts=true | |
PrivateTmp=true | |
ProtectClock=true | |
ProtectControlGroups=yes | |
ProtectHome=yes | |
ProtectKernelLogs=yes | |
ProtectKernelModules=yes | |
ProtectKernelTunables=yes | |
ProtectProc=noaccess | |
NoNewPrivileges=yes | |
ProtectSystem=strict | |
# confluence installed to /opt/confluence and confluence_home set to /mnt/confluence | |
ReadWriteDirectories=/mnt/confluence /opt/confluence/logs /opt/confluence/work /opt/confluence/temp | |
KillMode=control-group | |
CapabilityBoundingSet=CAP_NET_BIND_SERVICE | |
SystemCallFilter=@system-service | |
SystemCallFilter=~@privileged | |
SystemCallFilter=~@resources | |
RestrictNamespaces=true | |
ProtectHostname=true | |
UMask=0177 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment