86 lines
2.2 KiB
SYSTEMD
86 lines
2.2 KiB
SYSTEMD
|
# ============================================================================
|
||
|
|
# WebDAV Server Systemd Service
|
||
|
|
# Installation: sudo cp webdav.service /etc/systemd/system/
|
||
|
|
# Enable: sudo systemctl enable webdav
|
||
|
|
# Start: sudo systemctl start webdav
|
||
|
|
# Status: sudo systemctl status webdav
|
||
|
|
# Logs: sudo journalctl -u webdav -f
|
||
|
|
# ============================================================================
|
||
|
|
|
||
|
|
[Unit]
|
||
|
|
Description=WebDAV Server with aiohttp
|
||
|
|
Documentation=https://github.com/yourusername/webdav-server
|
||
|
|
After=network.target
|
||
|
|
|
||
|
|
[Service]
|
||
|
|
Type=notify
|
||
|
|
|
||
|
|
# User and group to run the service (create with: sudo useradd -r -s /bin/false webdav)
|
||
|
|
User=webdav
|
||
|
|
Group=webdav
|
||
|
|
|
||
|
|
# Working directory
|
||
|
|
WorkingDirectory=/opt/webdav-server
|
||
|
|
|
||
|
|
# Environment file
|
||
|
|
EnvironmentFile=/opt/webdav-server/.env
|
||
|
|
|
||
|
|
# Command to start the service (using Gunicorn for production)
|
||
|
|
ExecStart=/opt/webdav-server/venv/bin/gunicorn main:init_app \
|
||
|
|
--config /opt/webdav-server/gunicorn_config.py \
|
||
|
|
--bind 0.0.0.0:8080 \
|
||
|
|
--worker-class aiohttp.GunicornWebWorker \
|
||
|
|
--workers 4 \
|
||
|
|
--access-logfile /var/log/webdav/access.log \
|
||
|
|
--error-logfile /var/log/webdav/error.log \
|
||
|
|
--log-level info
|
||
|
|
|
||
|
|
# Alternative: Run with Python directly (for development)
|
||
|
|
# ExecStart=/opt/webdav-server/venv/bin/python /opt/webdav-server/main.py
|
||
|
|
|
||
|
|
# Restart policy
|
||
|
|
Restart=always
|
||
|
|
RestartSec=10
|
||
|
|
|
||
|
|
# Resource limits
|
||
|
|
LimitNOFILE=65536
|
||
|
|
LimitNPROC=4096
|
||
|
|
|
||
|
|
# Security hardening
|
||
|
|
NoNewPrivileges=true
|
||
|
|
PrivateTmp=true
|
||
|
|
ProtectSystem=strict
|
||
|
|
ProtectHome=true
|
||
|
|
ReadWritePaths=/opt/webdav-server/webdav /opt/webdav-server/logs /opt/webdav-server/backups /opt/webdav-server/webdav.db
|
||
|
|
ProtectKernelTunables=true
|
||
|
|
ProtectKernelModules=true
|
||
|
|
ProtectControlGroups=true
|
||
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||
|
|
RestrictNamespaces=true
|
||
|
|
RestrictRealtime=true
|
||
|
|
RestrictSUIDSGID=true
|
||
|
|
LockPersonality=true
|
||
|
|
MemoryDenyWriteExecute=true
|
||
|
|
SystemCallArchitectures=native
|
||
|
|
|
||
|
|
# Process properties
|
||
|
|
Nice=0
|
||
|
|
IOSchedulingClass=best-effort
|
||
|
|
IOSchedulingPriority=4
|
||
|
|
|
||
|
|
# Standard output and error
|
||
|
|
StandardOutput=journal
|
||
|
|
StandardError=journal
|
||
|
|
SyslogIdentifier=webdav-server
|
||
|
|
|
||
|
|
# Watchdog (for monitoring)
|
||
|
|
WatchdogSec=60s
|
||
|
|
|
||
|
|
# Kill mode
|
||
|
|
KillMode=mixed
|
||
|
|
KillSignal=SIGTERM
|
||
|
|
TimeoutStopSec=30s
|
||
|
|
|
||
|
|
[Install]
|
||
|
|
WantedBy=multi-user.target
|