Understanding Config

Understanding the config

[Unit]
 Description=myServer
[Service]
 ExecStart=bash index.sh
 SocketBindAllow=3000
 IOWeight=500
 MemoryMax=128M
 MemorySwapMax=0M
 CPUQuota=100%
 ReadWritePaths=+/etc/xmanage/volumes/1cff94816b
 WorkingDirectory=/etc/xmanage/volumes/1cff94816b
 PrivateDevices=true
 ProtectControlGroups=true
 ProtectHome=true
 ProtectKernelTunables=true
 RestrictSUIDSGID=true
 DynamicUser=true
[Install]
 WantedBy=default.target

That's default server service configuration. It's complicated, or? Let me explain it!

[Unit]
Description=myServer

Nothing special, just server description

[Service]
 ExecStart=bash index.sh

Nothing special too, server startup command

SocketBindAllow=3000

Allows server to bind on port 3000

IOWeight=500

Server's I/O Priority

 MemoryMax=128M
 MemorySwapMax=0M
 CPUQuota=100%

Server's resources limit like CPU, RAM and Swap

ReadWritePaths=+/etc/xmanage/volumes/1cff94816b
 WorkingDirectory=/etc/xmanage/volumes/1cff94816b

Sets server's working directory and allows write/read from this directory

 PrivateDevices=true
 ProtectControlGroups=true
 ProtectHome=true
 ProtectKernelTunables=true
 RestrictSUIDSGID=true

Security options, we'll leave it for now

 DynamicUser=true

Very strict security option, if you don't want to limit your server, change this value to false and set User=root

[Install]
 WantedBy=default.target

We'll skip it too

Advanced Usage Using API