-
Notifications
You must be signed in to change notification settings - Fork 35
Secure systemd deployment
Vladislav Yarmak edited this page Jun 4, 2024
·
4 revisions
A bit more secure deployment of dumbproxy with SystemD, using maximum system isolation. Configuration files:
/etc/systemd/system/dumbproxy.service
[Unit]
Description=Dumb Proxy
Documentation=https://github.com/SenseUnit/dumbproxy/
After=network.target network-online.target
Requires=network-online.target
[Service]
EnvironmentFile=/etc/default/dumbproxy
DynamicUser=yes
StateDirectory=dumbproxy
Environment=HOME=%S/dumbproxy
ExecStart=/usr/local/bin/dumbproxy --bind-address='' $OPTIONS
TimeoutStopSec=5s
PrivateTmp=true
ProtectSystem=full
[Install]
WantedBy=default.target
/etc/systemd/system/dumbproxy.socket
[Socket]
ListenStream=443
[Install]
WantedBy=sockets.target
/etc/default/dumbproxy
OPTIONS=-auth basicfile://?path=/var/lib/dumbproxy/dumbproxy.htpasswd \
-autocert
Enable service:
systemctl daemon-reload
systemctl enable dumbproxy.socket
systemctl start dumbproxy.socket