theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Service adjustments
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m42s
Details
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m19s
Details

Browse Source
This commit is contained in:
root
2026-05-20 04:47:34 +00:00
parent a8966ac108
commit 61d2ca2df8
4 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
static/Trixie/nginx.service
+4 -6
View File
@@ -31,12 +31,6 @@ BindReadOnlyPaths=/bin
BindReadOnlyPaths=/sbin
BindReadOnlyPaths=/etc
# Read-only: vhost docroots + app projects. Add a new line here when you
# add a vhost whose root isn't under one of these parents.
BindReadOnlyPaths=/raweb
BindReadOnlyPaths=/srv
BindReadOnlyPaths=/hostdata
# Read-write: nginx runtime state.
# /run nginx.pid, nginx.lock, /run/nginx/temp/*, PHP-FPM sock
# /var/log/nginx access.log, error.log
@@ -44,6 +38,10 @@ BindReadOnlyPaths=/hostdata
BindPaths=/run
BindPaths=/var/log/nginx
BindPaths=/nginx
BindPaths=/var/cache/nginx
BindPaths=/srv
BindPaths=/hostdata
BindPaths=/raweb
NoNewPrivileges=true
ProtectKernelTunables=true