go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-11-27 22:38:39 +02:00
Code Issues Releases Activity

fix(contrib): revamped systemd service example (#2655)

Browse Source
This commit is contained in:
Konstantin Shalygin
2024-10-13 21:00:54 +03:00
committed by GitHub
parent 66f1063722
commit e00c7a7edd
1 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
contrib/oauth2-proxy.service.example
View File

@@ -1,22 +1,33 @@
# Systemd service file for oauth2-proxy daemon
#
# Date: Feb 9, 2016
# Author: Srdjan Grubor <sgnn7@sgnn7.org>
[Unit] [Unit]
Description=oauth2-proxy daemon service Description=oauth2-proxy daemon service
After=network.target After=network.target network-online.target nss-lookup.target basic.target
Wants=network-online.target nss-lookup.target
StartLimitIntervalSec=30
StartLimitBurst=3
[Service] [Service]
# www-data group and user need to be created before using these lines User=oauth2-proxy
User=www-data Group=oauth2-proxy
Group=www-data Restart=on-failure
RestartSec=30
ExecStart=/usr/local/bin/oauth2-proxy --config=/etc/oauth2-proxy.cfg WorkingDirectory=/etc/oauth2-proxy
ExecStart=/usr/bin/oauth2-proxy --config=/etc/oauth2-proxy/oauth2-proxy.cfg
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=65535
KillMode=process NoNewPrivileges=true
Restart=always ProtectHome=true
ProtectSystem=full
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
LockPersonality=true
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
PrivateDevices=yes
PrivateTmp=true
CapabilityBoundingSet=
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target