Created
September 19, 2016 02:39
-
-
Save naokij/2e129a1af0032a507140331e51d27b20 to your computer and use it in GitHub Desktop.
caddy systemd unit file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Caddy HTTP/2 web server | |
| Documentation=https://caddyserver.com/docs | |
| After=network-online.target | |
| Wants=network-online.target systemd-networkd-wait-online.service | |
| [Service] | |
| Restart=on-failure | |
| ; User and group the process will run as. | |
| User=www-data | |
| Group=www-data | |
| WorkingDirectory=/var/www | |
| ; Letsencrypt-issued certificates will be written to this directory. | |
| Environment=HOME=/etc/ssl/caddy | |
| ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. | |
| ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/var/www/Caddyfile -root=/var/www | |
| ExecReload=/bin/kill -USR1 $MAINPID | |
| ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. | |
| LimitNOFILE=1048576 | |
| ; Unmodified caddy is not expected to use more than that. | |
| LimitNPROC=64 | |
| ; Drop all other capabilities. Important if you run caddy as privileged user (which you should not). | |
| ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE | |
| ; … but permit caddy to open ports reserved for system services. | |
| ; This could be redundant here, but is needed in case caddy runs as nobody:nogroup. | |
| ;AmbientCapabilities=CAP_NET_BIND_SERVICE | |
| ; … and prevent gaining any new privileges. | |
| ;NoNewPrivileges=true | |
| ; Caveat: Some plugins need additional capabilities. Add them to both above lines. | |
| ; - plugin "upload" needs: CAP_LEASE | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment