tlstunnel/contrib/systemd/tlstunnel.service

30 lines
622 B
SYSTEMD

[Unit]
Description=tlstunnel reverse proxy
Documentation=https://sr.ht/~emersion/tlstunnel
After=network.target
[Service]
User=tlstunnel
ExecStart=/usr/bin/tlstunnel
ExecReload=kill -HUP $MAINPID
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
# Hardening options
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/tlstunnel
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
[Install]
WantedBy=multi-user.target