]>
Commit | Line | Data |
---|---|---|
912b54ad DS |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
4 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
5 | <!-- | |
6 | This file is part of systemd. | |
7 | ||
8 | Copyright 2013 David Strauss | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
11 | under the terms of the GNU Lesser General Public License as published by | |
12 | the Free Software Foundation; either version 2.1 of the License, or | |
13 | (at your option) any later version. | |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | Lesser General Public License for more details. | |
19 | ||
20 | You should have received a copy of the GNU Lesser General Public License | |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
22 | --> | |
dfdebb1b ZJS |
23 | <refentry id="systemd-socket-proxyd" |
24 | xmlns:xi="http://www.w3.org/2001/XInclude"> | |
25 | ||
912b54ad | 26 | <refentryinfo> |
96c374d0 | 27 | <title>systemd-socket-proxyd</title> |
912b54ad DS |
28 | <productname>systemd</productname> |
29 | <authorgroup> | |
30 | <author> | |
31 | <contrib>Developer</contrib> | |
32 | <firstname>David</firstname> | |
33 | <surname>Strauss</surname> | |
34 | <email>david@davidstrauss.net</email> | |
35 | </author> | |
36 | </authorgroup> | |
37 | </refentryinfo> | |
38 | <refmeta> | |
96c374d0 | 39 | <refentrytitle>systemd-socket-proxyd</refentrytitle> |
fb145400 | 40 | <manvolnum>8</manvolnum> |
912b54ad DS |
41 | </refmeta> |
42 | <refnamediv> | |
96c374d0 | 43 | <refname>systemd-socket-proxyd</refname> |
8569a776 | 44 | <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose> |
912b54ad DS |
45 | </refnamediv> |
46 | <refsynopsisdiv> | |
47 | <cmdsynopsis> | |
96c374d0 | 48 | <command>systemd-socket-proxyd</command> |
8569a776 LP |
49 | <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> |
50 | <arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg> | |
912b54ad DS |
51 | </cmdsynopsis> |
52 | <cmdsynopsis> | |
96c374d0 | 53 | <command>systemd-socket-proxyd</command> |
8569a776 | 54 | <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> |
912b54ad DS |
55 | <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable> |
56 | </arg> | |
57 | </cmdsynopsis> | |
58 | </refsynopsisdiv> | |
59 | <refsect1> | |
60 | <title>Description</title> | |
61 | <para> | |
8569a776 LP |
62 | <command>systemd-socket-proxyd</command> is a generic |
63 | socket-activated network socket forwarder proxy daemon | |
07504d6b | 64 | for IPv4, IPv6 and UNIX stream sockets. It may be used |
8569a776 LP |
65 | to bi-directionally forward traffic from a local listening socket to a |
66 | local or remote destination socket.</para> | |
67 | ||
68 | <para>One use of this tool is to provide | |
63ba209d | 69 | socket activation support for services that do not |
8569a776 LP |
70 | natively support socket activation. On behalf of the |
71 | service to activate, the proxy inherits the socket | |
72 | from systemd, accepts each client connection, opens a | |
73 | connection to a configured server for each client, and | |
74 | then bidirectionally forwards data between the | |
75 | two.</para> | |
912b54ad | 76 | <para>This utility's behavior is similar to |
19aadacf | 77 | <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
96c374d0 | 78 | The main differences for <command>systemd-socket-proxyd</command> |
912b54ad DS |
79 | are support for socket activation with |
80 | <literal>Accept=false</literal> and an event-driven | |
81 | design that scales better with the number of | |
82 | connections.</para> | |
83 | </refsect1> | |
84 | <refsect1> | |
85 | <title>Options</title> | |
86 | <para>The following options are understood:</para> | |
87 | <variablelist> | |
dfdebb1b ZJS |
88 | <xi:include href="standard-options.xml" xpointer="help" /> |
89 | <xi:include href="standard-options.xml" xpointer="version" /> | |
912b54ad DS |
90 | </variablelist> |
91 | </refsect1> | |
92 | <refsect1> | |
93 | <title>Exit status</title> | |
19aadacf | 94 | <para>On success, 0 is returned, a non-zero failure |
912b54ad DS |
95 | code otherwise.</para> |
96 | </refsect1> | |
97 | <refsect1> | |
98 | <title>Examples</title> | |
99 | <refsect2> | |
34c7dc47 | 100 | <title>Simple Example</title> |
912b54ad DS |
101 | <para>Use two services with a dependency |
102 | and no namespace isolation.</para> | |
34c7dc47 LP |
103 | <example> |
104 | <title>proxy-to-nginx.socket</title> | |
9fccdb0f | 105 | <programlisting><![CDATA[[Socket] |
912b54ad DS |
106 | ListenStream=80 |
107 | ||
108 | [Install] | |
9fccdb0f | 109 | WantedBy=sockets.target]]></programlisting> |
912b54ad | 110 | </example> |
34c7dc47 LP |
111 | <example> |
112 | <title>proxy-to-nginx.service</title> | |
9fccdb0f | 113 | <programlisting><![CDATA[[Unit] |
912b54ad | 114 | Requires=nginx.service |
34c7dc47 | 115 | After=nginx.service |
912b54ad DS |
116 | |
117 | [Service] | |
34c7dc47 LP |
118 | ExecStart=/usr/lib/systemd/systemd-socket-proxyd /tmp/nginx.sock |
119 | PrivateTmp=yes | |
9fccdb0f | 120 | PrivateNetwork=yes]]></programlisting> |
912b54ad | 121 | </example> |
34c7dc47 LP |
122 | <example> |
123 | <title>nginx.conf</title> | |
912b54ad DS |
124 | <programlisting> |
125 | <![CDATA[[...] | |
126 | server { | |
127 | listen unix:/tmp/nginx.sock; | |
128 | [...]]]> | |
129 | </programlisting> | |
130 | </example> | |
34c7dc47 LP |
131 | <example> |
132 | <title>Enabling the proxy</title> | |
9fccdb0f | 133 | <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket |
202e6abb | 134 | # systemctl start proxy-to-nginx.socket |
9fccdb0f | 135 | $ curl http://localhost:80/]]></programlisting> |
912b54ad DS |
136 | </example> |
137 | </refsect2> | |
138 | <refsect2> | |
34c7dc47 LP |
139 | <title>Namespace Example</title> |
140 | <para>Similar as above, but runs the socket | |
141 | proxy and the main service in the same private | |
142 | namespace, assuming that | |
143 | <filename>nginx.service</filename> has | |
144 | <varname>PrivateTmp=</varname> and | |
145 | <varname>PrivateNetwork=</varname> set, | |
146 | too.</para> | |
147 | <example> | |
148 | <title>proxy-to-nginx.socket</title> | |
9fccdb0f | 149 | <programlisting><![CDATA[[Socket] |
912b54ad DS |
150 | ListenStream=80 |
151 | ||
152 | [Install] | |
9fccdb0f | 153 | WantedBy=sockets.target]]></programlisting> |
912b54ad | 154 | </example> |
34c7dc47 LP |
155 | <example> |
156 | <title>proxy-to-nginx.service</title> | |
9fccdb0f | 157 | <programlisting><![CDATA[[Unit] |
34c7dc47 LP |
158 | Requires=nginx.service |
159 | After=nginx.service | |
160 | JoinsNamespaceOf=nginx.service | |
912b54ad DS |
161 | |
162 | [Service] | |
34c7dc47 LP |
163 | ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080 |
164 | PrivateTmp=yes | |
9fccdb0f | 165 | PrivateNetwork=yes]]></programlisting> |
912b54ad | 166 | </example> |
34c7dc47 LP |
167 | <example> |
168 | <title>nginx.conf</title> | |
9fccdb0f | 169 | <programlisting><![CDATA[[...] |
912b54ad DS |
170 | server { |
171 | listen 8080; | |
172 | listen unix:/tmp/nginx.sock; | |
9fccdb0f | 173 | [...]]]></programlisting> |
912b54ad | 174 | </example> |
34c7dc47 LP |
175 | <example> |
176 | <title>Enabling the proxy</title> | |
9fccdb0f | 177 | <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket |
34c7dc47 | 178 | # systemctl start proxy-to-nginx.socket |
9fccdb0f | 179 | $ curl http://localhost:80/]]></programlisting> |
912b54ad DS |
180 | </example> |
181 | </refsect2> | |
182 | </refsect1> | |
183 | <refsect1> | |
184 | <title>See Also</title> | |
185 | <para> | |
8569a776 LP |
186 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
187 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
188 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
189 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
34c7dc47 LP |
190 | <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
191 | <citerefentry><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
192 | <citerefentry><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
8569a776 | 193 | </para> |
912b54ad DS |
194 | </refsect1> |
195 | </refentry> |