[thirdparty/systemd.git] / man / systemd-socket-proxyd.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
     "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
  This file is part of systemd.

  Copyright 2013 David Strauss

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-socket-proxyd"
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-socket-proxyd</title>
    <productname>systemd</productname>
    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>David</firstname>
        <surname>Strauss</surname>
        <email>david@davidstrauss.net</email>
      </author>
    </authorgroup>
  </refentryinfo>
  <refmeta>
    <refentrytitle>systemd-socket-proxyd</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>systemd-socket-proxyd</refname>
    <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
    <para>
    <command>systemd-socket-proxyd</command> is a generic
    socket-activated network socket forwarder proxy daemon for IPv4,
    IPv6 and UNIX stream sockets. It may be used to bi-directionally
    forward traffic from a local listening socket to a local or remote
    destination socket.</para>

    <para>One use of this tool is to provide socket activation support
    for services that do not natively support socket activation. On
    behalf of the service to activate, the proxy inherits the socket
    from systemd, accepts each client connection, opens a connection
    to a configured server for each client, and then bidirectionally
    forwards data between the two.</para>
    <para>This utility's behavior is similar to
    <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    The main differences for <command>systemd-socket-proxyd</command>
    are support for socket activation with
    <literal>Accept=false</literal> and an event-driven
    design that scales better with the number of
    connections.</para>
  </refsect1>
  <refsect1>
    <title>Options</title>
    <para>The following options are understood:</para>
    <variablelist>
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
      <varlistentry>
        <term><option>--max-connections=</option></term>
        <term><option>-c</option></term>

        <listitem><para>Sets the maximum number of simultaneous connections, defaults to 256.
        If the limit of concurrent connections is reached further connections will be refused.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>Exit status</title>
    <para>On success, 0 is returned, a non-zero failure
    code otherwise.</para>
  </refsect1>
  <refsect1>
    <title>Examples</title>
    <refsect2>
      <title>Simple Example</title>
      <para>Use two services with a dependency and no namespace
      isolation.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service

[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd /tmp/nginx.sock
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting>
<![CDATA[[…]
server {
    listen       unix:/tmp/nginx.sock;
    […]]]>
</programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
# systemctl start proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
    <refsect2>
      <title>Namespace Example</title>
      <para>Similar as above, but runs the socket proxy and the main
      service in the same private namespace, assuming that
      <filename>nginx.service</filename> has
      <varname>PrivateTmp=</varname> and
      <varname>PrivateNetwork=</varname> set, too.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
JoinsNamespaceOf=nginx.service

[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting><![CDATA[[…]
server {
    listen       8080;
    […]]]></programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
# systemctl start proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
  </refsect1>
  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
912b54ad DS	1	<?xml version="1.0"?>
	2	<!---nxml--->
	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76	4	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
912b54ad DS	5	<!--
	6	This file is part of systemd.
	7
	8	Copyright 2013 David Strauss
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published by
	12	the Free Software Foundation; either version 2.1 of the License, or
	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	-->
dfdebb1b	23	<refentry id="systemd-socket-proxyd"
798d3a52	24	xmlns:xi="http://www.w3.org/2001/XInclude">
dfdebb1b	25
798d3a52 ZJS	26	<refentryinfo>
	27	<title>systemd-socket-proxyd</title>
	28	<productname>systemd</productname>
	29	<authorgroup>
	30	<author>
	31	<contrib>Developer</contrib>
	32	<firstname>David</firstname>
	33	<surname>Strauss</surname>
	34	<email>david@davidstrauss.net</email>
	35	</author>
	36	</authorgroup>
	37	</refentryinfo>
	38	<refmeta>
	39	<refentrytitle>systemd-socket-proxyd</refentrytitle>
	40	<manvolnum>8</manvolnum>
	41	</refmeta>
	42	<refnamediv>
	43	<refname>systemd-socket-proxyd</refname>
	44	<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
	45	</refnamediv>
	46	<refsynopsisdiv>
	47	<cmdsynopsis>
	48	<command>systemd-socket-proxyd</command>
	49	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	50	<arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
	51	</cmdsynopsis>
	52	<cmdsynopsis>
	53	<command>systemd-socket-proxyd</command>
	54	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	55	<arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
	56	</arg>
	57	</cmdsynopsis>
	58	</refsynopsisdiv>
	59	<refsect1>
	60	<title>Description</title>
	61	<para>
	62	<command>systemd-socket-proxyd</command> is a generic
	63	socket-activated network socket forwarder proxy daemon for IPv4,
	64	IPv6 and UNIX stream sockets. It may be used to bi-directionally
	65	forward traffic from a local listening socket to a local or remote
	66	destination socket.</para>
8569a776	67
798d3a52 ZJS	68	<para>One use of this tool is to provide socket activation support
	69	for services that do not natively support socket activation. On
	70	behalf of the service to activate, the proxy inherits the socket
	71	from systemd, accepts each client connection, opens a connection
	72	to a configured server for each client, and then bidirectionally
	73	forwards data between the two.</para>
	74	<para>This utility's behavior is similar to
3ba3a79d	75	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
798d3a52 ZJS	76	The main differences for <command>systemd-socket-proxyd</command>
	77	are support for socket activation with
	78	<literal>Accept=false</literal> and an event-driven
	79	design that scales better with the number of
	80	connections.</para>
	81	</refsect1>
	82	<refsect1>
	83	<title>Options</title>
	84	<para>The following options are understood:</para>
	85	<variablelist>
	86	<xi:include href="standard-options.xml" xpointer="help" />
	87	<xi:include href="standard-options.xml" xpointer="version" />
dc3b8afb DK	88	<varlistentry>
	89	<term><option>--max-connections=</option></term>
	90	<term><option>-c</option></term>
	91
	92	<listitem><para>Sets the maximum number of simultaneous connections, defaults to 256.
	93	If the limit of concurrent connections is reached further connections will be refused.</para></listitem>
	94	</varlistentry>
798d3a52 ZJS	95	</variablelist>
	96	</refsect1>
	97	<refsect1>
	98	<title>Exit status</title>
	99	<para>On success, 0 is returned, a non-zero failure
	100	code otherwise.</para>
	101	</refsect1>
	102	<refsect1>
	103	<title>Examples</title>
	104	<refsect2>
	105	<title>Simple Example</title>
	106	<para>Use two services with a dependency and no namespace
	107	isolation.</para>
	108	<example>
	109	<title>proxy-to-nginx.socket</title>
	110	<programlisting><![CDATA[[Socket]
912b54ad DS	111	ListenStream=80
	112
	113	[Install]
9fccdb0f	114	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	115	</example>
	116	<example>
	117	<title>proxy-to-nginx.service</title>
	118	<programlisting><![CDATA[[Unit]
912b54ad	119	Requires=nginx.service
34c7dc47	120	After=nginx.service
912b54ad DS	121
912b54ad DS	122	[Service]
12b42c76	123	ExecStart=/usr/lib/systemd/systemd-socket-proxyd /tmp/nginx.sock
34c7dc47	124	PrivateTmp=yes
9fccdb0f	125	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	126	</example>
	127	<example>
	128	<title>nginx.conf</title>
	129	<programlisting>
1eecafb8	130	<![CDATA[[…]
912b54ad DS	131	server {
912b54ad DS	132	listen unix:/tmp/nginx.sock;
1eecafb8	133	[…]]]>
912b54ad	134	</programlisting>
798d3a52 ZJS	135	</example>
	136	<example>
	137	<title>Enabling the proxy</title>
	138	<programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
202e6abb	139	# systemctl start proxy-to-nginx.socket
9fccdb0f	140	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	141	</example>
	142	</refsect2>
	143	<refsect2>
	144	<title>Namespace Example</title>
	145	<para>Similar as above, but runs the socket proxy and the main
	146	service in the same private namespace, assuming that
	147	<filename>nginx.service</filename> has
	148	<varname>PrivateTmp=</varname> and
	149	<varname>PrivateNetwork=</varname> set, too.</para>
	150	<example>
	151	<title>proxy-to-nginx.socket</title>
	152	<programlisting><![CDATA[[Socket]
912b54ad DS	153	ListenStream=80
	154
	155	[Install]
9fccdb0f	156	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	157	</example>
	158	<example>
	159	<title>proxy-to-nginx.service</title>
	160	<programlisting><![CDATA[[Unit]
34c7dc47 LP	161	Requires=nginx.service
	162	After=nginx.service
	163	JoinsNamespaceOf=nginx.service
912b54ad DS	164
912b54ad DS	165	[Service]
12b42c76	166	ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
34c7dc47	167	PrivateTmp=yes
9fccdb0f	168	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	169	</example>
	170	<example>
	171	<title>nginx.conf</title>
1eecafb8	172	<programlisting><![CDATA[[…]
912b54ad DS	173	server {
912b54ad DS	174	listen 8080;
1eecafb8	175	[…]]]></programlisting>
798d3a52 ZJS	176	</example>
	177	<example>
	178	<title>Enabling the proxy</title>
	179	<programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
34c7dc47	180	# systemctl start proxy-to-nginx.socket
9fccdb0f	181	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	182	</example>
	183	</refsect2>
	184	</refsect1>
	185	<refsect1>
	186	<title>See Also</title>
	187	<para>
	188	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	189	<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	190	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	191	<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
3ba3a79d ZJS	192	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	193	<citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	194	<citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
798d3a52 ZJS	195	</para>
798d3a52 ZJS	196	</refsect1>
912b54ad	197	</refentry>