62 lines
1.8 KiB
Django/Jinja
62 lines
1.8 KiB
Django/Jinja
#
|
|
# Systemd unit file for Apache Tomcat
|
|
#
|
|
|
|
[Unit]
|
|
Description=Apache Tomcat {{ tomcat_version}} Web Application Server
|
|
After=syslog.target network.target
|
|
StartLimitIntervalSec=500
|
|
StartLimitBurst=5
|
|
RequiresMountsFor={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} {{ item.instance_path }}
|
|
|
|
[Service]
|
|
{% if limits_nofile_value is defined %}
|
|
LimitNOFILE={{ limits_nofile_value }}
|
|
{% endif %}
|
|
Environment="CATALINA_HOME=/usr/share/tomcat{{ tomcat_version }}"
|
|
Environment="CATALINA_BASE={{ item.instance_path }}"
|
|
Environment="CATALINA_TMPDIR={{ item.catalina_tmp_directory }}"
|
|
Environment="JAVA_HOME={{ item.java_home }}"
|
|
Environment="JRE_HOME={{ item.java_home }}"
|
|
Type=simple
|
|
ExecStartPre=+/usr/libexec/tomcat{{ tomcat_version}}/tomcat-update-policy.sh
|
|
ExecStart=/bin/sh /usr/libexec/tomcat{{ tomcat_version }}/tomcat-instance-{{ item.http_port }}-start.sh
|
|
SuccessExitStatus=143 0
|
|
RestartSec=10
|
|
Restart=on-failure
|
|
# Logging
|
|
SyslogIdentifier=tomcat{{ tomcat_version }}
|
|
|
|
User={{ item.user }}
|
|
Group={{ item.user }}
|
|
{% if tomcat_systemd_security %}
|
|
PrivateTmp=yes
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
NoNewPrivileges=true
|
|
CacheDirectory={{ tomcat_m_cache_base }}/{{ item.http_port }}
|
|
CacheDirectoryMode=750
|
|
ProtectSystem=strict
|
|
ReadWritePaths={{ item.instance_path }}/conf/Catalina/
|
|
ReadWritePaths={{ item.instance_path }}/webapps
|
|
ReadWritePaths={{ item.instance_path }}/lib
|
|
ReadWritePaths={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }}
|
|
{% for path in tomcat_systemd_additional_rw_paths %}
|
|
ReadWritePaths={{ path }}
|
|
{% endfor %}
|
|
|
|
{% if tomcat_systemd_security_enhanced %}
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
PrivateDevices=yes
|
|
PrivateUsers=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelLogs=yes
|
|
RestrictAddressFamilies=AF_INET6 AF_INET
|
|
SystemCallArchitectures=native
|
|
SystemCallFilter=@system-service
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|