go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-27 12:32:10 +02:00
Code Issues Releases Activity

fix(contrib): revamped systemd service example (#2655)

Browse Source
This commit is contained in:
Konstantin Shalygin 2024-10-13 21:00:54 +03:00 committed by GitHub
parent 66f1063722
commit e00c7a7edd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
contrib/oauth2-proxy.service.example
View File

@ -1,22 +1,33 @@
# Systemd service file for oauth2-proxy daemon
#
# Date: Feb 9, 2016
# Author: Srdjan Grubor <sgnn7@sgnn7.org>
[Unit]
Description=oauth2-proxy daemon service
After=network.target
After=network.target network-online.target nss-lookup.target basic.target
Wants=network-online.target nss-lookup.target
StartLimitIntervalSec=30
StartLimitBurst=3
[Service]
# www-data group and user need to be created before using these lines
User=www-data
Group=www-data
ExecStart=/usr/local/bin/oauth2-proxy --config=/etc/oauth2-proxy.cfg
User=oauth2-proxy
Group=oauth2-proxy
Restart=on-failure
RestartSec=30
WorkingDirectory=/etc/oauth2-proxy
ExecStart=/usr/bin/oauth2-proxy --config=/etc/oauth2-proxy/oauth2-proxy.cfg
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
LimitNOFILE=65535
NoNewPrivileges=true
ProtectHome=true
ProtectSystem=full
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
LockPersonality=true
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
PrivateDevices=yes
PrivateTmp=true
CapabilityBoundingSet=
[Install]
WantedBy=multi-user.target