| Description=HAProxy Load Balancer |
| After=network-online.target |
| Wants=network-online.target |
| EnvironmentFile=-/etc/default/haproxy |
| EnvironmentFile=-/etc/sysconfig/haproxy |
| Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" |
| ExecStartPre=@SBINDIR@/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS |
| ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS |
| ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS |
| ExecReload=/bin/kill -USR2 $MAINPID |
| # The following lines leverage SystemD's sandboxing options to provide |
| # defense in depth protection at the expense of restricting some flexibility |
| # in your setup (e.g. placement of your configuration files) or possibly |
| # reduced performance. See systemd.service(5) and systemd.exec(5) for further |
| # If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE, |
| # any state files and any other files written using 'ReadWritePaths' or |
| # ProtectKernelTunables=true |
| # ProtectKernelModules=true |
| # ProtectControlGroups=true |
| # If your SystemD version supports them, you can add: @reboot, @swap, @sync |
| # SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io |
| WantedBy=multi-user.target |