[thirdparty/systemd.git] / man / systemd-socket-proxyd.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
     "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!--
  This file is part of systemd.

  Copyright 2013 David Strauss

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-socket-proxyd"
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-socket-proxyd</title>
    <productname>systemd</productname>
    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>David</firstname>
        <surname>Strauss</surname>
        <email>david@davidstrauss.net</email>
      </author>
    </authorgroup>
  </refentryinfo>
  <refmeta>
    <refentrytitle>systemd-socket-proxyd</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>systemd-socket-proxyd</refname>
    <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
    <para>
    <command>systemd-socket-proxyd</command> is a generic
    socket-activated network socket forwarder proxy daemon for IPv4,
    IPv6 and UNIX stream sockets. It may be used to bi-directionally
    forward traffic from a local listening socket to a local or remote
    destination socket.</para>

    <para>One use of this tool is to provide socket activation support
    for services that do not natively support socket activation. On
    behalf of the service to activate, the proxy inherits the socket
    from systemd, accepts each client connection, opens a connection
    to a configured server for each client, and then bidirectionally
    forwards data between the two.</para>
    <para>This utility's behavior is similar to
    <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    The main differences for <command>systemd-socket-proxyd</command>
    are support for socket activation with
    <literal>Accept=false</literal> and an event-driven
    design that scales better with the number of
    connections.</para>
  </refsect1>
  <refsect1>
    <title>Options</title>
    <para>The following options are understood:</para>
    <variablelist>
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>
  </refsect1>
  <refsect1>
    <title>Exit status</title>
    <para>On success, 0 is returned, a non-zero failure
    code otherwise.</para>
  </refsect1>
  <refsect1>
    <title>Examples</title>
    <refsect2>
      <title>Simple Example</title>
      <para>Use two services with a dependency and no namespace
      isolation.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service

[Service]
ExecStart=]]>&rootlibexecdir;<![CDATA[/systemd-socket-proxyd /tmp/nginx.sock
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting>
<![CDATA[[...]
server {
    listen       unix:/tmp/nginx.sock;
    [...]]]>
</programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
# systemctl start proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
    <refsect2>
      <title>Namespace Example</title>
      <para>Similar as above, but runs the socket proxy and the main
      service in the same private namespace, assuming that
      <filename>nginx.service</filename> has
      <varname>PrivateTmp=</varname> and
      <varname>PrivateNetwork=</varname> set, too.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
JoinsNamespaceOf=nginx.service

[Service]
ExecStart=]]>&rootlibexecdir;<![CDATA[/systemd-socket-proxyd 127.0.0.1:8080
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting><![CDATA[[...]
server {
    listen       8080;
    [...]]]></programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
# systemctl start proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
  </refsect1>
  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
912b54ad DS	1	<?xml version="1.0"?>
	2	<!---nxml--->
	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
681eb9cf FB	4	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
	5	<!ENTITY % entities SYSTEM "custom-entities.ent" >
	6	%entities;
	7	]>
912b54ad DS	8	<!--
	9	This file is part of systemd.
	10
	11	Copyright 2013 David Strauss
	12
	13	systemd is free software; you can redistribute it and/or modify it
	14	under the terms of the GNU Lesser General Public License as published by
	15	the Free Software Foundation; either version 2.1 of the License, or
	16	(at your option) any later version.
	17
	18	systemd is distributed in the hope that it will be useful, but
	19	WITHOUT ANY WARRANTY; without even the implied warranty of
	20	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	21	Lesser General Public License for more details.
	22
	23	You should have received a copy of the GNU Lesser General Public License
	24	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	25	-->
dfdebb1b	26	<refentry id="systemd-socket-proxyd"
798d3a52	27	xmlns:xi="http://www.w3.org/2001/XInclude">
dfdebb1b	28
798d3a52 ZJS	29	<refentryinfo>
	30	<title>systemd-socket-proxyd</title>
	31	<productname>systemd</productname>
	32	<authorgroup>
	33	<author>
	34	<contrib>Developer</contrib>
	35	<firstname>David</firstname>
	36	<surname>Strauss</surname>
	37	<email>david@davidstrauss.net</email>
	38	</author>
	39	</authorgroup>
	40	</refentryinfo>
	41	<refmeta>
	42	<refentrytitle>systemd-socket-proxyd</refentrytitle>
	43	<manvolnum>8</manvolnum>
	44	</refmeta>
	45	<refnamediv>
	46	<refname>systemd-socket-proxyd</refname>
	47	<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
	48	</refnamediv>
	49	<refsynopsisdiv>
	50	<cmdsynopsis>
	51	<command>systemd-socket-proxyd</command>
	52	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	53	<arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
	54	</cmdsynopsis>
	55	<cmdsynopsis>
	56	<command>systemd-socket-proxyd</command>
	57	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	58	<arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
	59	</arg>
	60	</cmdsynopsis>
	61	</refsynopsisdiv>
	62	<refsect1>
	63	<title>Description</title>
	64	<para>
	65	<command>systemd-socket-proxyd</command> is a generic
	66	socket-activated network socket forwarder proxy daemon for IPv4,
	67	IPv6 and UNIX stream sockets. It may be used to bi-directionally
	68	forward traffic from a local listening socket to a local or remote
	69	destination socket.</para>
8569a776	70
798d3a52 ZJS	71	<para>One use of this tool is to provide socket activation support
	72	for services that do not natively support socket activation. On
	73	behalf of the service to activate, the proxy inherits the socket
	74	from systemd, accepts each client connection, opens a connection
	75	to a configured server for each client, and then bidirectionally
	76	forwards data between the two.</para>
	77	<para>This utility's behavior is similar to
3ba3a79d	78	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
798d3a52 ZJS	79	The main differences for <command>systemd-socket-proxyd</command>
	80	are support for socket activation with
	81	<literal>Accept=false</literal> and an event-driven
	82	design that scales better with the number of
	83	connections.</para>
	84	</refsect1>
	85	<refsect1>
	86	<title>Options</title>
	87	<para>The following options are understood:</para>
	88	<variablelist>
	89	<xi:include href="standard-options.xml" xpointer="help" />
	90	<xi:include href="standard-options.xml" xpointer="version" />
	91	</variablelist>
	92	</refsect1>
	93	<refsect1>
	94	<title>Exit status</title>
	95	<para>On success, 0 is returned, a non-zero failure
	96	code otherwise.</para>
	97	</refsect1>
	98	<refsect1>
	99	<title>Examples</title>
	100	<refsect2>
	101	<title>Simple Example</title>
	102	<para>Use two services with a dependency and no namespace
	103	isolation.</para>
	104	<example>
	105	<title>proxy-to-nginx.socket</title>
	106	<programlisting><![CDATA[[Socket]
912b54ad DS	107	ListenStream=80
	108
	109	[Install]
9fccdb0f	110	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	111	</example>
	112	<example>
	113	<title>proxy-to-nginx.service</title>
	114	<programlisting><![CDATA[[Unit]
912b54ad	115	Requires=nginx.service
34c7dc47	116	After=nginx.service
912b54ad DS	117
912b54ad DS	118	[Service]
681eb9cf	119	ExecStart=]]>&rootlibexecdir;<![CDATA[/systemd-socket-proxyd /tmp/nginx.sock
34c7dc47	120	PrivateTmp=yes
9fccdb0f	121	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	122	</example>
	123	<example>
	124	<title>nginx.conf</title>
	125	<programlisting>
912b54ad DS	126	<![CDATA[[...]
	127	server {
	128	listen unix:/tmp/nginx.sock;
	129	[...]]]>
	130	</programlisting>
798d3a52 ZJS	131	</example>
	132	<example>
	133	<title>Enabling the proxy</title>
	134	<programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
202e6abb	135	# systemctl start proxy-to-nginx.socket
9fccdb0f	136	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	137	</example>
	138	</refsect2>
	139	<refsect2>
	140	<title>Namespace Example</title>
	141	<para>Similar as above, but runs the socket proxy and the main
	142	service in the same private namespace, assuming that
	143	<filename>nginx.service</filename> has
	144	<varname>PrivateTmp=</varname> and
	145	<varname>PrivateNetwork=</varname> set, too.</para>
	146	<example>
	147	<title>proxy-to-nginx.socket</title>
	148	<programlisting><![CDATA[[Socket]
912b54ad DS	149	ListenStream=80
	150
	151	[Install]
9fccdb0f	152	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	153	</example>
	154	<example>
	155	<title>proxy-to-nginx.service</title>
	156	<programlisting><![CDATA[[Unit]
34c7dc47 LP	157	Requires=nginx.service
	158	After=nginx.service
	159	JoinsNamespaceOf=nginx.service
912b54ad DS	160
912b54ad DS	161	[Service]
681eb9cf	162	ExecStart=]]>&rootlibexecdir;<![CDATA[/systemd-socket-proxyd 127.0.0.1:8080
34c7dc47	163	PrivateTmp=yes
9fccdb0f	164	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	165	</example>
	166	<example>
	167	<title>nginx.conf</title>
	168	<programlisting><![CDATA[[...]
912b54ad DS	169	server {
912b54ad DS	170	listen 8080;
9fccdb0f	171	[...]]]></programlisting>
798d3a52 ZJS	172	</example>
	173	<example>
	174	<title>Enabling the proxy</title>
	175	<programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
34c7dc47	176	# systemctl start proxy-to-nginx.socket
9fccdb0f	177	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	178	</example>
	179	</refsect2>
	180	</refsect1>
	181	<refsect1>
	182	<title>See Also</title>
	183	<para>
	184	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	185	<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	186	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	187	<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
3ba3a79d ZJS	188	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	189	<citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	190	<citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
798d3a52 ZJS	191	</para>
798d3a52 ZJS	192	</refsect1>
912b54ad	193	</refentry>