[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network.target

[Service]
Restart=on-failure

User=www-data
Group=www-data
Environment=HOME=/var/lib/caddy

ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile

TimeoutStopSec=5s
LimitNOFILE=8192
LimitNPROC=64

StartLimitInterval=600
;StartLimitBurst=5
RestartSec=60
PermissionsStartOnly=true

PrivateTmp=true
;PrivateDevices=true
;ProtectHome=true
ProtectSystem=full

AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target