blob: 88f22e5cf2a1b566fbaf869dda6733a423435569 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[Unit]
Description=Webmap CGI (Common Gateway Interface)
After=syslog.target network.target postgresql.service
[Service]
DynamicUser=yes
User=_webmap-cgi
# Note: the "WARNING: you have enabled harakiri without post buffering" can
# be ignored because body requests are in fact buffered on the nginx side
ExecStart=/usr/bin/uwsgi -M -p2 \
--single-interpreter --die-on-term \
--close-on-exec --close-on-exec2 \
--max-requests 1000 \
--max-worker-lifetime 86400 \
--max-worker-lifetime-delta 11 \
--harakiri 60 \
--lazy-apps \
--plugins python3 \
--pythonpath /usr/local/share/webmap \
--wsgi-file /usr/libexec/webmap-cgi
Nice=10
RestartSec=15s
Restart=always
# Hardening
NoNewPrivileges=yes
ProtectHome=yes
ProtectSystem=strict
PrivateDevices=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX
[Install]
WantedBy=multi-user.target
|
