XTLS-Iran-TLS icon indicating copy to clipboard operation
XTLS-Iran-TLS copied to clipboard

Published 20 hours ago verified publisher icon SasukeFreestyle

Consider using systemd DynamicUser

Open markpash opened this issue 1 year ago • 1 comments

https://0pointer.net/blog/dynamic-users-with-systemd.html

Using this, the user doesn't need to create a new user on the machine to run the service. Or need to use any existing user.

markpash avatar Feb 28 '23 18:02 markpash

Hi!

I tried using Dynamicusers when I did my own first setup. I was unable to get it to work without editing user permissions of the letsencrypt folder. On some systems SELinux permission block also occurred.

Certbot does not recommend changing any permissions to letsencrypt folder as it can cause conflicts when updating the certificates.

I also tried using environmental variables for the certificates but got permissions errors.

If you have a solution that does not change the permission of the letsencrypt folder I will gladly implement it and rewrite the guide.

SasukeFreestyle avatar Feb 28 '23 19:02 SasukeFreestyle