1[Unit] 2Description=HAProxy Load Balancer 3After=network-online.target 4Wants=network-online.target 5 6[Service] 7EnvironmentFile=-/etc/default/haproxy 8EnvironmentFile=-/etc/sysconfig/haproxy 9Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" 10ExecStartPre=@SBINDIR@/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS 11ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS 12ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS 13ExecReload=/bin/kill -USR2 $MAINPID 14KillMode=mixed 15Restart=always 16SuccessExitStatus=143 17Type=notify 18 19# The following lines leverage SystemD's sandboxing options to provide 20# defense in depth protection at the expense of restricting some flexibility 21# in your setup (e.g. placement of your configuration files) or possibly 22# reduced performance. See systemd.service(5) and systemd.exec(5) for further 23# information. 24 25# NoNewPrivileges=true 26# ProtectHome=true 27# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE, 28# any state files and any other files written using 'ReadWritePaths' or 29# 'RuntimeDirectory'. 30# ProtectSystem=true 31# ProtectKernelTunables=true 32# ProtectKernelModules=true 33# ProtectControlGroups=true 34# If your SystemD version supports them, you can add: @reboot, @swap, @sync 35# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io 36 37[Install] 38WantedBy=multi-user.target 39