1
1
mirror of https://git.sr.ht/~emersion/tlstunnel synced 2024-11-19 15:53:50 +01:00
tlstunnel/contrib/systemd/tlstunnel.service

30 lines
622 B
SYSTEMD
Raw Normal View History

2021-07-24 15:40:24 +02:00
[Unit]
Description=tlstunnel reverse proxy
Documentation=https://sr.ht/~emersion/tlstunnel
After=network.target
[Service]
User=tlstunnel
ExecStart=/usr/bin/tlstunnel
ExecReload=kill -HUP $MAINPID
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
# Hardening options
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/tlstunnel
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
[Install]
WantedBy=multi-user.target