| Marc-Antoine Perennou | f825580 | 2013-02-13 09:28:50 +0100 | [diff] [blame] | 1 | [Unit] |
| 2 | Description=HAProxy Load Balancer |
| 3 | After=network.target |
| 4 | |
| 5 | [Service] |
| Pavlos Parissis | cc23a79 | 2016-06-14 13:28:20 +0200 | [diff] [blame] | 6 | Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" |
| 7 | ExecStartPre=@SBINDIR@/haproxy -f $CONFIG -c -q |
| Tim Duesterhus | d6942c8 | 2017-11-20 15:58:35 +0100 | [diff] [blame] | 8 | ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE |
| Pavlos Parissis | 68535bd | 2016-06-15 10:20:31 +0200 | [diff] [blame] | 9 | ExecReload=@SBINDIR@/haproxy -f $CONFIG -c -q |
| Marc-Antoine Perennou | f825580 | 2013-02-13 09:28:50 +0100 | [diff] [blame] | 10 | ExecReload=/bin/kill -USR2 $MAINPID |
| Apollon Oikonomopoulos | 74f0169 | 2014-10-08 15:14:41 +0300 | [diff] [blame] | 11 | KillMode=mixed |
| Marc-Antoine Perennou | f825580 | 2013-02-13 09:28:50 +0100 | [diff] [blame] | 12 | Restart=always |
| Vincent Bernat | 3b479bd | 2018-06-22 20:57:03 +0200 | [diff] [blame] | 13 | SuccessExitStatus=143 |
| Tim Duesterhus | d6942c8 | 2017-11-20 15:58:35 +0100 | [diff] [blame] | 14 | Type=notify |
| Marc-Antoine Perennou | f825580 | 2013-02-13 09:28:50 +0100 | [diff] [blame] | 15 | |
| Tim Duesterhus | 1ce8de2 | 2018-02-27 20:19:03 +0100 | [diff] [blame] | 16 | # The following lines leverage SystemD's sandboxing options to provide |
| 17 | # defense in depth protection at the expense of restricting some flexibility |
| 18 | # in your setup (e.g. placement of your configuration files) or possibly |
| 19 | # reduced performance. See systemd.service(5) and systemd.exec(5) for further |
| 20 | # information. |
| 21 | |
| Tim Duesterhus | 8a96592 | 2018-02-27 20:19:04 +0100 | [diff] [blame] | 22 | # NoNewPrivileges=true |
| 23 | # ProtectHome=true |
| 24 | # If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE, |
| 25 | # any state files and any other files written using 'ReadWritePaths' or |
| 26 | # 'RuntimeDirectory'. |
| 27 | # ProtectSystem=true |
| 28 | # ProtectKernelTunables=true |
| 29 | # ProtectKernelModules=true |
| 30 | # ProtectControlGroups=true |
| Tim Duesterhus | 2788a39 | 2018-02-27 20:19:05 +0100 | [diff] [blame] | 31 | # If your SystemD version supports them, you can add: @reboot, @swap, @sync |
| 32 | # SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io |
| Tim Duesterhus | 8a96592 | 2018-02-27 20:19:04 +0100 | [diff] [blame] | 33 | |
| Marc-Antoine Perennou | f825580 | 2013-02-13 09:28:50 +0100 | [diff] [blame] | 34 | [Install] |
| 35 | WantedBy=multi-user.target |