]>
Commit | Line | Data |
---|---|---|
912b54ad DS |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
3a54a157 ZJS |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
4 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
0307f791 | 5 | <!-- SPDX-License-Identifier: LGPL-2.1+ --> |
dfdebb1b | 6 | <refentry id="systemd-socket-proxyd" |
798d3a52 | 7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
dfdebb1b | 8 | |
798d3a52 ZJS |
9 | <refentryinfo> |
10 | <title>systemd-socket-proxyd</title> | |
11 | <productname>systemd</productname> | |
798d3a52 ZJS |
12 | </refentryinfo> |
13 | <refmeta> | |
14 | <refentrytitle>systemd-socket-proxyd</refentrytitle> | |
15 | <manvolnum>8</manvolnum> | |
16 | </refmeta> | |
17 | <refnamediv> | |
18 | <refname>systemd-socket-proxyd</refname> | |
19 | <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose> | |
20 | </refnamediv> | |
21 | <refsynopsisdiv> | |
22 | <cmdsynopsis> | |
23 | <command>systemd-socket-proxyd</command> | |
24 | <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> | |
25 | <arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg> | |
26 | </cmdsynopsis> | |
27 | <cmdsynopsis> | |
28 | <command>systemd-socket-proxyd</command> | |
29 | <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> | |
30 | <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable> | |
31 | </arg> | |
32 | </cmdsynopsis> | |
33 | </refsynopsisdiv> | |
34 | <refsect1> | |
35 | <title>Description</title> | |
36 | <para> | |
37 | <command>systemd-socket-proxyd</command> is a generic | |
38 | socket-activated network socket forwarder proxy daemon for IPv4, | |
39 | IPv6 and UNIX stream sockets. It may be used to bi-directionally | |
40 | forward traffic from a local listening socket to a local or remote | |
41 | destination socket.</para> | |
8569a776 | 42 | |
798d3a52 ZJS |
43 | <para>One use of this tool is to provide socket activation support |
44 | for services that do not natively support socket activation. On | |
45 | behalf of the service to activate, the proxy inherits the socket | |
46 | from systemd, accepts each client connection, opens a connection | |
47 | to a configured server for each client, and then bidirectionally | |
48 | forwards data between the two.</para> | |
49 | <para>This utility's behavior is similar to | |
3ba3a79d | 50 | <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
798d3a52 ZJS |
51 | The main differences for <command>systemd-socket-proxyd</command> |
52 | are support for socket activation with | |
964c4eda | 53 | <literal>Accept=no</literal> and an event-driven |
798d3a52 ZJS |
54 | design that scales better with the number of |
55 | connections.</para> | |
56 | </refsect1> | |
57 | <refsect1> | |
58 | <title>Options</title> | |
59 | <para>The following options are understood:</para> | |
60 | <variablelist> | |
61 | <xi:include href="standard-options.xml" xpointer="help" /> | |
62 | <xi:include href="standard-options.xml" xpointer="version" /> | |
dc3b8afb | 63 | <varlistentry> |
23d0fff7 | 64 | <term><option>--connections-max=</option></term> |
dc3b8afb DK |
65 | <term><option>-c</option></term> |
66 | ||
67 | <listitem><para>Sets the maximum number of simultaneous connections, defaults to 256. | |
68 | If the limit of concurrent connections is reached further connections will be refused.</para></listitem> | |
69 | </varlistentry> | |
9e12d5bf EA |
70 | <varlistentry> |
71 | <term><option>--exit-idle-time=</option></term> | |
72 | ||
73 | <listitem><para>Sets the time before exiting when there are no connections, defaults to | |
74 | <constant>infinity</constant>. Takes a unit-less value in seconds, or a time span value such | |
75 | as <literal>5min 20s</literal>.</para></listitem> | |
76 | </varlistentry> | |
798d3a52 ZJS |
77 | </variablelist> |
78 | </refsect1> | |
79 | <refsect1> | |
80 | <title>Exit status</title> | |
81 | <para>On success, 0 is returned, a non-zero failure | |
82 | code otherwise.</para> | |
83 | </refsect1> | |
84 | <refsect1> | |
85 | <title>Examples</title> | |
86 | <refsect2> | |
87 | <title>Simple Example</title> | |
88 | <para>Use two services with a dependency and no namespace | |
89 | isolation.</para> | |
90 | <example> | |
91 | <title>proxy-to-nginx.socket</title> | |
92 | <programlisting><![CDATA[[Socket] | |
912b54ad DS |
93 | ListenStream=80 |
94 | ||
95 | [Install] | |
9fccdb0f | 96 | WantedBy=sockets.target]]></programlisting> |
798d3a52 ZJS |
97 | </example> |
98 | <example> | |
99 | <title>proxy-to-nginx.service</title> | |
100 | <programlisting><![CDATA[[Unit] | |
912b54ad | 101 | Requires=nginx.service |
34c7dc47 | 102 | After=nginx.service |
d7cefe8b | 103 | Requires=proxy-to-nginx.socket |
e5bb1de8 | 104 | After=proxy-to-nginx.socket |
912b54ad DS |
105 | |
106 | [Service] | |
edd1dcd0 | 107 | ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket |
34c7dc47 | 108 | PrivateTmp=yes |
9fccdb0f | 109 | PrivateNetwork=yes]]></programlisting> |
798d3a52 ZJS |
110 | </example> |
111 | <example> | |
112 | <title>nginx.conf</title> | |
113 | <programlisting> | |
1eecafb8 | 114 | <![CDATA[[…] |
912b54ad | 115 | server { |
edd1dcd0 | 116 | listen unix:/run/nginx/socket; |
1eecafb8 | 117 | […]]]> |
912b54ad | 118 | </programlisting> |
798d3a52 ZJS |
119 | </example> |
120 | <example> | |
121 | <title>Enabling the proxy</title> | |
ee3c52eb | 122 | <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket |
9fccdb0f | 123 | $ curl http://localhost:80/]]></programlisting> |
798d3a52 | 124 | </example> |
9e12d5bf EA |
125 | <para>If <filename>nginx.service</filename> has <varname>StopWhenUnneeded=</varname> set, then |
126 | passing <option>--exit-idle-time=</option> to <command>systemd-socket-proxyd</command> allows | |
127 | both services to stop during idle periods.</para> | |
798d3a52 ZJS |
128 | </refsect2> |
129 | <refsect2> | |
130 | <title>Namespace Example</title> | |
131 | <para>Similar as above, but runs the socket proxy and the main | |
132 | service in the same private namespace, assuming that | |
133 | <filename>nginx.service</filename> has | |
134 | <varname>PrivateTmp=</varname> and | |
135 | <varname>PrivateNetwork=</varname> set, too.</para> | |
136 | <example> | |
137 | <title>proxy-to-nginx.socket</title> | |
138 | <programlisting><![CDATA[[Socket] | |
912b54ad DS |
139 | ListenStream=80 |
140 | ||
141 | [Install] | |
9fccdb0f | 142 | WantedBy=sockets.target]]></programlisting> |
798d3a52 ZJS |
143 | </example> |
144 | <example> | |
145 | <title>proxy-to-nginx.service</title> | |
146 | <programlisting><![CDATA[[Unit] | |
34c7dc47 LP |
147 | Requires=nginx.service |
148 | After=nginx.service | |
e5bb1de8 RH |
149 | Requires=proxy-to-nginx.socket |
150 | After=proxy-to-nginx.socket | |
34c7dc47 | 151 | JoinsNamespaceOf=nginx.service |
912b54ad DS |
152 | |
153 | [Service] | |
12b42c76 | 154 | ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080 |
34c7dc47 | 155 | PrivateTmp=yes |
9fccdb0f | 156 | PrivateNetwork=yes]]></programlisting> |
798d3a52 ZJS |
157 | </example> |
158 | <example> | |
159 | <title>nginx.conf</title> | |
1eecafb8 | 160 | <programlisting><![CDATA[[…] |
912b54ad DS |
161 | server { |
162 | listen 8080; | |
1eecafb8 | 163 | […]]]></programlisting> |
798d3a52 ZJS |
164 | </example> |
165 | <example> | |
166 | <title>Enabling the proxy</title> | |
ee3c52eb | 167 | <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket |
9fccdb0f | 168 | $ curl http://localhost:80/]]></programlisting> |
798d3a52 ZJS |
169 | </example> |
170 | </refsect2> | |
171 | </refsect1> | |
172 | <refsect1> | |
173 | <title>See Also</title> | |
174 | <para> | |
175 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
176 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
177 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
178 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
3ba3a79d ZJS |
179 | <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
180 | <citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
181 | <citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
798d3a52 ZJS |
182 | </para> |
183 | </refsect1> | |
912b54ad | 184 | </refentry> |