fix #18 use node binary and don't list files and dirs that don't exist

2017-05-09 01:29:23 +00:00 · 2017-05-09 01:29:23 +00:00 · ea3506c352
parent 388733568d
commit ea3506c352
1 changed files with 5 additions and 4 deletions
--- a/etc/systemd/system/goldilocks.service
+++ b/etc/systemd/system/goldilocks.service
@ -23,7 +23,7 @@ User=www-data
 Group=www-data

 # If we need to pass environment variables in the future
-; Environment=GOLDILOCKS_PATH=/opt/goldilocks
+Environment=GOLDILOCKS_PATH=/srv/www

 # Set a sane working directory, sane flags, and specify how to reload the config file
 WorkingDirectory=/srv/www
@ -46,11 +46,12 @@ ProtectSystem=full
 # … except TLS/SSL, ACME, and Let's Encrypt certificates
 #   and /var/log/goldilocks, because we want a place where logs can go.
 #   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
-ReadWriteDirectories=/etc/goldilocks /etc/acme /etc/letsencrypt /etc/ssl /var/log/goldilocks /opt/goldilocks /srv/www
+ReadWriteDirectories=/etc/goldilocks /etc/ssl /srv/www /var/log/goldilocks
+# you may also want to add other directories such as /opt/goldilocks /etc/acme /etc/letsencrypt

 # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
 ; ReadWritePaths=/etc/goldilocks /var/log/goldilocks
-;
+
 # The following additional security directives only work with systemd v229 or later.
 # They further retrict privileges that can be gained.
 # Note that you may have to add capabilities required by any plugins in use.