Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This caddy commit[1] adds --force flag, which helps to reload tls certificates from disk when the config does not change. This patch add this flag to ExecReload so that we can get this benefit when using systemctl reload. [1]: caddyserver/caddy@2772ede
36 lines (33 sloc)
1.01 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# caddy.service | |
# | |
# For using Caddy with a config file. | |
# | |
# Make sure the ExecStart and ExecReload commands are correct | |
# for your installation. | |
# | |
# See https://caddyserver.com/docs/install for instructions. | |
# | |
# WARNING: This service does not use the --resume flag, so if you | |
# use the API to make changes, they will be overwritten by the | |
# Caddyfile next time the service is restarted. If you intend to | |
# use Caddy's API to configure it, add the --resume flag to the | |
# `caddy run` command or use the caddy-api.service file instead. | |
[Unit] | |
Description=Caddy | |
Documentation=https://caddyserver.com/docs/ | |
After=network.target network-online.target | |
Requires=network-online.target | |
[Service] | |
Type=notify | |
User=caddy | |
Group=caddy | |
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile | |
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force | |
TimeoutStopSec=5s | |
LimitNOFILE=1048576 | |
LimitNPROC=512 | |
PrivateTmp=true | |
ProtectSystem=full | |
AmbientCapabilities=CAP_NET_BIND_SERVICE | |
[Install] | |
WantedBy=multi-user.target |