search

SasukeFreestyle / XTLS-Iran-TLS

How to make a V2ray (XTLS) Server for bypassing internet censorship in Iran.
GNU Affero General Public License v3.0
74 stars 17 forks source link

Consider using systemd DynamicUser #3

Open markpash opened 1 year ago

markpash commented 1 year ago

https://0pointer.net/blog/dynamic-users-with-systemd.html

Using this, the user doesn't need to create a new user on the machine to run the service. Or need to use any existing user.

SasukeFreestyle commented 1 year ago

Hi!

I tried using Dynamicusers when I did my own first setup. I was unable to get it to work without editing user permissions of the letsencrypt folder. On some systems SELinux permission block also occurred.

Certbot does not recommend changing any permissions to letsencrypt folder as it can cause conflicts when updating the certificates.

I also tried using environmental variables for the certificates but got permissions errors.

If you have a solution that does not change the permission of the letsencrypt folder I will gladly implement it and rewrite the guide.