From 9c04243f33ebbbecba4a617ddc4bd7b1a9bd3cfb Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Thu, 17 Oct 2019 19:03:45 +0200 Subject: [PATCH] Simplify nginx systemd unit and add RuntimeDirectory option to php --- etc/nginx/nginx.conf | 1 + etc/systemd/system/nginx.service | 10 +++++----- etc/systemd/system/php7.2-fpm@.service | 1 + etc/systemd/system/php7.2-fpm@default.service | 1 + etc/systemd/system/php7.3-fpm@.service | 1 + etc/systemd/system/php7.3-fpm@default.service | 1 + etc/systemd/system/php7.4-fpm@.service | 1 + etc/systemd/system/php7.4-fpm@default.service | 1 + 8 files changed, 12 insertions(+), 5 deletions(-) diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 72389b4..726af16 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -1,3 +1,4 @@ +daemon on; user www-data; worker_processes auto; pid /run/nginx.pid; diff --git a/etc/systemd/system/nginx.service b/etc/systemd/system/nginx.service index 402eb7a..e1e5512 100644 --- a/etc/systemd/system/nginx.service +++ b/etc/systemd/system/nginx.service @@ -9,11 +9,10 @@ LimitNOFILE=100000 TimeoutStartSec=600 TimeoutStopSec=5 KillMode=mixed -ExecStop=-/sbin/start-stop-daemon --quiet --stop --pidfile /run/nginx.pid -ExecStartPre=/usr/bin/install -Z -m 02755 -o www-data -g www-data -d /run/nginx -ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' -ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;' -ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload +ExecStop=/usr/sbin/nginx -s stop +ExecStartPre=/usr/sbin/nginx -t -q +ExecStart=/usr/sbin/nginx +ExecReload=/usr/sbin/nginx -s reload ProtectSystem=strict PrivateTmp=true NoNewPrivileges=true @@ -28,6 +27,7 @@ ReadWritePaths=-/var/lib/nginx/ ReadWritePaths=-/var/www/var/run/ ReadWritePaths=-/run/ InaccessiblePaths=-/root/ +RuntimeDirectory=nginx [Install] WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.2-fpm@.service b/etc/systemd/system/php7.2-fpm@.service index e0bdbdc..fc8b406 100644 --- a/etc/systemd/system/php7.2-fpm@.service +++ b/etc/systemd/system/php7.2-fpm@.service @@ -29,6 +29,7 @@ InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% +RuntimeDirectory=php [Install] WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.2-fpm@default.service b/etc/systemd/system/php7.2-fpm@default.service index aa04eac..e6947b8 100644 --- a/etc/systemd/system/php7.2-fpm@default.service +++ b/etc/systemd/system/php7.2-fpm@default.service @@ -31,6 +31,7 @@ InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% +RuntimeDirectory=php [Install] WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.3-fpm@.service b/etc/systemd/system/php7.3-fpm@.service index 298c878..647b652 100644 --- a/etc/systemd/system/php7.3-fpm@.service +++ b/etc/systemd/system/php7.3-fpm@.service @@ -29,6 +29,7 @@ InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% +RuntimeDirectory=php [Install] WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.3-fpm@default.service b/etc/systemd/system/php7.3-fpm@default.service index 3d0a20d..7b07eca 100644 --- a/etc/systemd/system/php7.3-fpm@default.service +++ b/etc/systemd/system/php7.3-fpm@default.service @@ -31,6 +31,7 @@ InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% +RuntimeDirectory=php [Install] WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.4-fpm@.service b/etc/systemd/system/php7.4-fpm@.service index e376881..fde0114 100644 --- a/etc/systemd/system/php7.4-fpm@.service +++ b/etc/systemd/system/php7.4-fpm@.service @@ -29,6 +29,7 @@ InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% +RuntimeDirectory=php [Install] WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.4-fpm@default.service b/etc/systemd/system/php7.4-fpm@default.service index b1f356c..de7d1c0 100644 --- a/etc/systemd/system/php7.4-fpm@default.service +++ b/etc/systemd/system/php7.4-fpm@default.service @@ -31,6 +31,7 @@ InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% +RuntimeDirectory=php [Install] WantedBy=multi-user.target