blob: 29a037cd42eb138a1de7ef8d75df9f84dca886d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[Unit]
Description=TLS Redirector
[Service]
ExecStart=/usr/bin/tls-redirector
# Use SystemD activation
Environment=PORT=systemd
Environment=ACME_CHALLENGE_DIR=%C/acme-challenge/.well-known/acme-challenge
# Security
DynamicUser=yes
ProtectHome=tmpfs
PrivateDevices=yes
ProtectHostname=yes
## No need to be able to bind to sockets
CapabilityBoundingSet=
RestrictNamespaces=
|