Systemd
openvpn-client
[Unit]
Description=OpenVPN tunnel for %I
After=network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/client
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
[Install]
WantedBy=multi-user.targe
使用示例
systemctl restart openvpn-client@proxy
根据
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf其中
proxy就对应到/etc/openvpn/client/proxy.conf
elasticsearch.service
[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
User=es
Group=es
WorkingDirectory=/opt/elastic/elasticsearch
ExecStart=/opt/elastic/elasticsearch/bin/elasticsearch -p /opt/elastic/elasticsearch/elasticsearch.pid
Restart=always
LimitNOFILE=65536
LimitMEMLOCK=infinity
TimeoutStopSec=0
KillSignal=SIGTERM
SendSIGKILL=no
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
es不要使用root用户
27 January 2026