Replace debian stock nginx with custom optimized nginx
This commit is contained in:
Daniel Winzen
33
etc/systemd/system/nginx.service
Normal file
33
etc/systemd/system/nginx.service
Normal file
@ -0,0 +1,33 @@
|
||||
[Unit]
|
||||
Description=A high performance web server and a reverse proxy server
|
||||
After=network.target nss-lookup.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/nginx.pid
|
||||
LimitNOFILE=100000
|
||||
TimeoutStartSec=600
|
||||
TimeoutStopSec=5
|
||||
KillMode=mixed
|
||||
ExecStop=-/sbin/start-stop-daemon --quiet --stop --pidfile /run/nginx.pid
|
||||
ExecStartPre=/usr/bin/install -Z -m 02755 -o www-data -g www-data -d /run/nginx
|
||||
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
|
||||
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
|
||||
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
|
||||
ProtectSystem=strict
|
||||
PrivateTmp=true
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelModules=true
|
||||
ProtectControlGroups=true
|
||||
LockPersonality=true
|
||||
SystemCallArchitectures=native
|
||||
BindPaths=/var/log/nginx/
|
||||
BindPaths=/var/lib/nginx/
|
||||
BindPaths=/var/www/var/run/
|
||||
BindPaths=/run/
|
||||
InaccessiblePaths=/root/
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user