public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(contrib): revamped systemd service example (#2655)

This commit is contained in:
Konstantin Shalygin 2024-10-13 21:00:54 +03:00 committed by GitHub
parent 66f1063722
commit e00c7a7edd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
contrib/oauth2-proxy.service.example
View File

@ -1,22 +1,33 @@
# Systemd service file for oauth2-proxy daemon
#
# Date: Feb 9, 2016
# Author: Srdjan Grubor <sgnn7@sgnn7.org>
[Unit] [Unit]
Description=oauth2-proxy daemon service Description=oauth2-proxy daemon service
After=network.target After=network.target network-online.target nss-lookup.target basic.target
Wants=network-online.target nss-lookup.target
StartLimitIntervalSec=30
StartLimitBurst=3
[Service] [Service]
# www-data group and user need to be created before using these lines User=oauth2-proxy
User=www-data Group=oauth2-proxy
Group=www-data Restart=on-failure
RestartSec=30
ExecStart=/usr/local/bin/oauth2-proxy --config=/etc/oauth2-proxy.cfg WorkingDirectory=/etc/oauth2-proxy
ExecStart=/usr/bin/oauth2-proxy --config=/etc/oauth2-proxy/oauth2-proxy.cfg
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=65535
KillMode=process NoNewPrivileges=true
Restart=always ProtectHome=true
ProtectSystem=full
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
LockPersonality=true
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
PrivateDevices=yes
PrivateTmp=true
CapabilityBoundingSet=
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target