[sslh] Extend sslh.service
Thomas Weißschuh
thomas_weissschuh at lavabit.com
Wed Aug 22 20:29:27 CEST 2012
Hi,
it may be useful *add* following directives to their respective sections
in the sslh.service systemd unitfile:
[Unit]
After=network.target
As all network services are supposed to start after network.target sslh
isn't really useful before.
The following is only useful for sslh-fork but shouldn't harm
sslh-select.
[Service]
KillMode=process
Explained in systemd.kill(5)
This makes `systemctl restart` kill *only* the main process.
The forked children and therefore their associated connections are kept alive.
This makes upgrades *not* break running connections.
If killing all processes is desired, e.g. for security upgrades, one can
use `systemctl kill` prior to `systemctl restart` to terminate all
processes.
As a sidenote:
One can do `systemctl kill --kill-who=main` to kill the listening
process and therefore prevent new connections while preserving already
running connections.
Thank you for sslh and regards,
Thomas
More information about the sslh
mailing list