[Unit]
Description=The PHP 7.3 FastCGI Process Manager (instance %i)
Documentation=man:php-fpm7.3(8)
After=network.target
PartOf=php7.3-fpm.service
ReloadPropagatedFrom=php7.3-fpm.service

[Service] 
Type=notify
PIDFile=/run/php/php7.3-fpm-%i.pid
ExecStart=/usr/sbin/php-fpm7.3 --nodaemonize --fpm-config /etc/php/7.3/fpm/php-fpm-%i.conf
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000
TimeoutStartSec=300
ProtectSystem=strict
PrivateTmp=true
# sendmail requires it... enable once chrooted
#NoNewPrivileges=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
SystemCallArchitectures=native
ReadWritePaths=-/var/log/
ReadWritePaths=-/var/run/
ReadWritePaths=-/run/
InaccessiblePaths=-/root/
CPUQuota=100%
MemoryHigh=25%
MemoryMax=35%
RuntimeDirectory=php

[Install]
WantedBy=multi-user.target