From ea3506c352ee8354268a320f417998380d9c5a70 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 9 May 2017 01:29:23 +0000 Subject: [PATCH] fix #18 use node binary and don't list files and dirs that don't exist --- etc/systemd/system/goldilocks.service | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/etc/systemd/system/goldilocks.service b/etc/systemd/system/goldilocks.service index da32141..12e8a39 100644 --- a/etc/systemd/system/goldilocks.service +++ b/etc/systemd/system/goldilocks.service @@ -23,7 +23,7 @@ User=www-data Group=www-data # If we need to pass environment variables in the future -; Environment=GOLDILOCKS_PATH=/opt/goldilocks +Environment=GOLDILOCKS_PATH=/srv/www # Set a sane working directory, sane flags, and specify how to reload the config file WorkingDirectory=/srv/www @@ -46,11 +46,12 @@ ProtectSystem=full # … except TLS/SSL, ACME, and Let's Encrypt certificates # and /var/log/goldilocks, because we want a place where logs can go. # This merely retains r/w access rights, it does not add any new. Must still be writable on the host! -ReadWriteDirectories=/etc/goldilocks /etc/acme /etc/letsencrypt /etc/ssl /var/log/goldilocks /opt/goldilocks /srv/www +ReadWriteDirectories=/etc/goldilocks /etc/ssl /srv/www /var/log/goldilocks +# you may also want to add other directories such as /opt/goldilocks /etc/acme /etc/letsencrypt # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories ; ReadWritePaths=/etc/goldilocks /var/log/goldilocks -; + # The following additional security directives only work with systemd v229 or later. # They further retrict privileges that can be gained. # Note that you may have to add capabilities required by any plugins in use. @@ -65,4 +66,4 @@ NoNewPrivileges=true ; NoNewPrivileges=true [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file