diff options
author | Antoni Sawicki <tenox@google.com> | 2022-03-24 01:23:11 -0700 |
---|---|---|
committer | Antoni Sawicki <tenox@google.com> | 2022-03-24 01:23:11 -0700 |
commit | 1aa6a1a8852625f370a904c315a3a3f5de8304ef (patch) | |
tree | a6515ad161a19055a556e3a86a8bbdbda9c3e826 | |
parent | af8f944cd6a504c011f6fee40597909d5d511e35 (diff) | |
download | wfm-1aa6a1a8852625f370a904c315a3a3f5de8304ef.tar.gz |
service file fix
-rw-r--r-- | TODO.md | 2 | ||||
-rw-r--r-- | service/systemd/wfm.service | 4 | ||||
-rw-r--r-- | wfm.go | 2 |
3 files changed, 3 insertions, 5 deletions
@@ -19,8 +19,6 @@ user * garbage collect old f2b entries * f2b ddos prevention, sleep on too many bans? -* Chroot and User in Systemd Unit -* Security Hardening in Systemd Unit ## ACME / Auto Cert Manager * acme dir with key/cert is exposed inside chroot dir diff --git a/service/systemd/wfm.service b/service/systemd/wfm.service index 854b2ba..e3e7046 100644 --- a/service/systemd/wfm.service +++ b/service/systemd/wfm.service @@ -5,9 +5,9 @@ After=network.target [Service] User=root ExecStart=/usr/local/sbin/wfm \ - -addr=:80 + -addr=:80 \ -chroot=/datadir \ - -setuid=myuser + -setuid=myuser Restart=on-failure SuccessExitStatus=3 4 RestartForceExitStatus=3 4 @@ -40,7 +40,7 @@ var ( acmBind = flag.String("acm_addr", "", "autocert manager listen address, eg: :80") acmWhlist multiString // this flag set in main f2bEnabled = flag.Bool("f2b", true, "ban ip addresses on user/pass failures") - f2bDump = flag.String("f2b_dump", "", "enable f2b dump at this prefix, eg. /f2bdump") + f2bDump = flag.String("f2b_dump", "", "enable f2b dump at this prefix, eg. /f2bdump (default no)") favIcn = genFavIcon() ) |