aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntoni Sawicki <tenox@google.com>2022-03-24 01:23:11 -0700
committerAntoni Sawicki <tenox@google.com>2022-03-24 01:23:11 -0700
commit1aa6a1a8852625f370a904c315a3a3f5de8304ef (patch)
treea6515ad161a19055a556e3a86a8bbdbda9c3e826
parentaf8f944cd6a504c011f6fee40597909d5d511e35 (diff)
downloadwfm-1aa6a1a8852625f370a904c315a3a3f5de8304ef.tar.gz
service file fix
Diffstat
-rw-r--r--TODO.md2
-rw-r--r--service/systemd/wfm.service4
-rw-r--r--wfm.go2
3 files changed, 3 insertions, 5 deletions
diff --git a/TODO.md b/TODO.md
index b797c71..10e4c90 100644
--- a/TODO.md
+++ b/TODO.md
@@ -19,8 +19,6 @@
user
* garbage collect old f2b entries
* f2b ddos prevention, sleep on too many bans?
-* Chroot and User in Systemd Unit
-* Security Hardening in Systemd Unit
## ACME / Auto Cert Manager
* acme dir with key/cert is exposed inside chroot dir
diff --git a/service/systemd/wfm.service b/service/systemd/wfm.service
index 854b2ba..e3e7046 100644
--- a/service/systemd/wfm.service
+++ b/service/systemd/wfm.service
@@ -5,9 +5,9 @@ After=network.target
[Service]
User=root
ExecStart=/usr/local/sbin/wfm \
- -addr=:80
+ -addr=:80 \
-chroot=/datadir \
- -setuid=myuser
+ -setuid=myuser
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
diff --git a/wfm.go b/wfm.go
index fadc477..1c81711 100644
--- a/wfm.go
+++ b/wfm.go
@@ -40,7 +40,7 @@ var (
acmBind = flag.String("acm_addr", "", "autocert manager listen address, eg: :80")
acmWhlist multiString // this flag set in main
f2bEnabled = flag.Bool("f2b", true, "ban ip addresses on user/pass failures")
- f2bDump = flag.String("f2b_dump", "", "enable f2b dump at this prefix, eg. /f2bdump")
+ f2bDump = flag.String("f2b_dump", "", "enable f2b dump at this prefix, eg. /f2bdump (default no)")
favIcn = genFavIcon()
)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 11:11:51 +0000