From 94eaf0e254c1d43f2d3dca3236c5cb9775d3a5a4 Mon Sep 17 00:00:00 2001 From: Jean Paul Galea Date: Tue, 29 Dec 2020 11:47:27 +0100 Subject: [PATCH] Modify systemd service file Better support to run miniflux with Let's Encrypt, without a reverse proxy. --- packaging/systemd/miniflux.service | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packaging/systemd/miniflux.service b/packaging/systemd/miniflux.service index a32075a4..d160b5e4 100644 --- a/packaging/systemd/miniflux.service +++ b/packaging/systemd/miniflux.service @@ -43,5 +43,13 @@ RestrictRealtime=true # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths= ReadWritePaths=/run +# Allow miniflux to bind to <1024 ports +# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities= +AmbientCapabilities=CAP_NET_BIND_SERVICE + +# Provide a private /tmp for CERT_CACHE (required when using Let's Encrypt) +# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp= +PrivateTmp=true + [Install] WantedBy=multi-user.target