mirror of
https://github.com/traefik/traefik.git
synced 2025-10-31 08:21:27 +01:00
42 lines
1.2 KiB
Desktop File
42 lines
1.2 KiB
Desktop File
[Unit]
|
|
Description=Traefik
|
|
Documentation=https://doc.traefik.io/traefik/
|
|
#After=network-online.target
|
|
#AssertFileIsExecutable=/usr/bin/traefik
|
|
#AssertPathExists=/etc/traefik/traefik.toml
|
|
|
|
[Service]
|
|
# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
|
|
#User=traefik
|
|
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
# configure service behavior
|
|
Type=notify
|
|
#ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
|
|
Restart=always
|
|
WatchdogSec=1s
|
|
|
|
# lock down system access
|
|
# prohibit any operating system and configuration modification
|
|
#ProtectSystem=strict
|
|
# create separate, new (and empty) /tmp and /var/tmp filesystems
|
|
#PrivateTmp=true
|
|
# make /home directories inaccessible
|
|
#ProtectHome=true
|
|
# turns off access to physical devices (/dev/...)
|
|
#PrivateDevices=true
|
|
# make kernel settings (procfs and sysfs) read-only
|
|
#ProtectKernelTunables=true
|
|
# make cgroups /sys/fs/cgroup read-only
|
|
#ProtectControlGroups=true
|
|
|
|
# allow writing of acme.json
|
|
#ReadWritePaths=/etc/traefik/acme.json
|
|
# depending on log and entrypoint configuration, you may need to allow writing to other paths, too
|
|
|
|
# limit number of processes in this unit
|
|
#LimitNPROC=1
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|