diff options
| -rw-r--r-- | systemd/tlsrouter.service | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/systemd/tlsrouter.service b/systemd/tlsrouter.service new file mode 100644 index 0000000..e1e5fa0 --- /dev/null +++ b/systemd/tlsrouter.service @@ -0,0 +1,25 @@ +[Unit] +Description=TLS SNI proxy +Documentation=https://github.com/google/tlsrouter + +[Service] +WorkingDirectory=/tmp +ExecStart=/usr/bin/tlsrouter -conf /etc/tlsrouter.conf +Restart=always +User=nobody +Group=nobody +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +PrivateTmp=true +PrivateDevices=true +ProtectSystem=strict +ProtectHome=true +ProtectKernelTunables=true +ProtectControlGroups=true +ProtectKernelModules=true +NoNewPrivileges=true +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX + +[Install] +WantedBy=multi-user.target |