Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Since Traefik is directly connected to the internet, it makes sense to apply various lock down measures to keep the system as safe as possible. Includes mounting most of the directories as read-only or even making them inaccessible, restricting kernel modifications and limiting the number of processes the unit may spawn. Also add checks at service startup to ensure all required files are present. Additionally documents how to set up a separate user for traefik and run the service as that user.
- Loading branch information