[thirdparty/systemd.git] / man / systemd-socket-proxyd.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
     "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
  This file is part of systemd.

  Copyright 2013 David Strauss

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-socket-proxyd">
        <refentryinfo>
                <title>systemd-socket-proxyd</title>
                <productname>systemd</productname>
                <authorgroup>
                        <author>
                                <contrib>Developer</contrib>
                                <firstname>David</firstname>
                                <surname>Strauss</surname>
                                <email>david@davidstrauss.net</email>
                        </author>
                </authorgroup>
        </refentryinfo>
        <refmeta>
                <refentrytitle>systemd-socket-proxyd</refentrytitle>
                <manvolnum>1</manvolnum>
        </refmeta>
        <refnamediv>
                <refname>systemd-socket-proxyd</refname>
                <refpurpose>Inherit a socket. Bidirectionally
                proxy.</refpurpose>
        </refnamediv>
        <refsynopsisdiv>
                <cmdsynopsis>
                        <command>systemd-socket-proxyd</command>
                        <arg choice="opt" rep="repeat">OPTIONS</arg>
                        <arg choice="plain"><replaceable>HOSTNAME-OR-IPADDR</replaceable></arg>
                        <arg choice="plain"><replaceable>PORT-OR-SERVICE</replaceable></arg>
                </cmdsynopsis>
                <cmdsynopsis>
                        <command>systemd-socket-proxyd</command>
                        <arg choice="opt" rep="repeat">OPTIONS</arg>
                        <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
                        </arg>
                </cmdsynopsis>
        </refsynopsisdiv>
        <refsect1>
                <title>Description</title>
                <para>
                <command>systemd-socket-proxyd</command> provides a proxy
                to socket-activate services that do not yet support
                native socket activation. On behalf of the daemon,
                the proxy inherits the socket from systemd, accepts
                each client connection, opens a connection to the server
                for each client, and then bidirectionally forwards
                data between the two.</para>
                <para>This utility's behavior is similar to
                <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
                The main differences for <command>systemd-socket-proxyd</command>
                are support for socket activation with
                <literal>Accept=false</literal> and an event-driven
                design that scales better with the number of
                connections.</para>
        </refsect1>
        <refsect1>
                <title>Options</title>
                <para>The following options are understood:</para>
                <variablelist>
                        <varlistentry>
                                <term><option>-h</option></term>
                                <term><option>--help</option></term>
                                <listitem>
                                        <para>Prints a short help
                                        text and exits.</para>
                                </listitem>
                        </varlistentry>
                        <varlistentry>
                                <term><option>--version</option></term>
                                <listitem>
                                        <para>Prints a version
                                        string and exits.</para>
                                </listitem>
                        </varlistentry>
                        <varlistentry>
                                <term><option>--ignore-env</option></term>
                                <listitem>
                                        <para>Skips verification of
                                        the expected PID and file
                                        descriptor numbers. Use this if
                                        invoked indirectly, for
                                        example, with a shell script
                                        rather than with
                                        <option>ExecStart=/usr/lib/systemd/systemd-socket-proxyd</option>
                                        </para>
                                </listitem>
                        </varlistentry>
                </variablelist>
        </refsect1>
        <refsect1>
                <title>Exit status</title>
                <para>On success, 0 is returned, a non-zero failure
                code otherwise.</para>
        </refsect1>
        <refsect1>
                <title>Examples</title>
                <refsect2>
                        <title>Direct-Use Example</title>
                        <para>Use two services with a dependency
                        and no namespace isolation.</para>
                        <example label="proxy socket unit">
                                <title>/etc/systemd/system/proxy-to-nginx.socket</title>
                                <programlisting>
<![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]>
</programlisting>
                        </example>
                        <example label="proxy service unit">
                                <title>/etc/systemd/system/proxy-to-nginx.service</title>
                                <programlisting>
<![CDATA[[Unit]
After=nginx.service
Requires=nginx.service

[Service]
ExecStart=/usr/bin/systemd-socket-proxyd /tmp/nginx.sock
PrivateTmp=true
PrivateNetwork=true]]>
</programlisting>
                        </example>
                        <example label="nginx configuration">
                                <title>/etc/nginx/nginx.conf</title>
                                <programlisting>
<![CDATA[[...]
server {
    listen       unix:/tmp/nginx.sock;
    [...]]]>
</programlisting>
                        </example>
                        <example label="commands">
                                <programlisting>
<![CDATA[$ sudo systemctl --system daemon-reload
$ sudo systemctl start proxy-to-nginx.socket
$ sudo systemctl enable proxy-to-nginx.socket
$ curl http://localhost:80/]]>
</programlisting>
                        </example>
                </refsect2>
                <refsect2>
                        <title>Indirect-Use Example</title>
                        <para>Use a shell script to isolate the
                        service and proxy into the same namespace.
                        This is particularly useful for running
                        TCP-only daemons without the daemon
                        affecting ports on regular
                        interfaces.</para>
                        <example label="combined proxy and nginx socket unit">

                                <title>
                                /etc/systemd/system/proxy-with-nginx.socket</title>
                                <programlisting>
<![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]>
</programlisting>
                        </example>
                        <example label="combined proxy and nginx service unit">

                                <title>
                                /etc/systemd/system/proxy-with-nginx.service</title>
                                <programlisting>
<![CDATA[[Unit]
After=syslog.target remote-fs.target nss-lookup.target

[Service]
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/bin/socket-proxyd-nginx.sh
PrivateTmp=true
PrivateNetwork=true]]>
</programlisting>
                        </example>
                        <example label="shell script">
                                <title>
                                /usr/bin/socket-proxyd-nginx.sh</title>
                                <programlisting>
<![CDATA[#!/bin/sh
/usr/sbin/nginx
while [ ! -f /tmp/nginx.pid ]
  do
     /usr/bin/inotifywait /tmp/nginx.pid
  done
/usr/bin/systemd-socket-proxyd --ignore-env localhost 8080]]>
</programlisting>
                        </example>
                        <example label="nginx configuration">
                                <title>
                                /etc/nginx/nginx.conf</title>
                                <programlisting>
<![CDATA[[...]
server {
    listen       8080;
    listen       unix:/tmp/nginx.sock;
    [...]]]>
</programlisting>
                        </example>
                        <example label="commands">
                                <programlisting>
<![CDATA[$ sudo systemctl --system daemon-reload
$ sudo systemctl start proxy-with-nginx.socket
$ sudo systemctl enable proxy-with-nginx.socket
$ curl http://localhost:80/]]>
</programlisting>
                        </example>
                </refsect2>
        </refsect1>
        <refsect1>
                <title>See Also</title>
                <para>
                <citerefentry>
                        <refentrytitle>
                        systemd.service</refentrytitle>
                        <manvolnum>5</manvolnum>
                </citerefentry>,
                <citerefentry>
                        <refentrytitle>
                        systemd.socket</refentrytitle>
                        <manvolnum>5</manvolnum>
                </citerefentry>,
                <citerefentry>
                        <refentrytitle>systemctl</refentrytitle>
                        <manvolnum>1</manvolnum>
                </citerefentry>,
                <citerefentry>
                        <refentrytitle>socat</refentrytitle>
                        <manvolnum>1</manvolnum>
                </citerefentry></para>
        </refsect1>
</refentry>
Commit	Line	Data
912b54ad DS	1	<?xml version="1.0"?>
	2	<!---nxml--->
	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
	4	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
	5	<!--
	6	This file is part of systemd.
	7
	8	Copyright 2013 David Strauss
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published by
	12	the Free Software Foundation; either version 2.1 of the License, or
	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	-->
96c374d0	23	<refentry id="systemd-socket-proxyd">
912b54ad	24	<refentryinfo>
96c374d0	25	<title>systemd-socket-proxyd</title>
912b54ad DS	26	<productname>systemd</productname>
	27	<authorgroup>
	28	<author>
	29	<contrib>Developer</contrib>
	30	<firstname>David</firstname>
	31	<surname>Strauss</surname>
	32	<email>david@davidstrauss.net</email>
	33	</author>
	34	</authorgroup>
	35	</refentryinfo>
	36	<refmeta>
96c374d0	37	<refentrytitle>systemd-socket-proxyd</refentrytitle>
912b54ad DS	38	<manvolnum>1</manvolnum>
	39	</refmeta>
	40	<refnamediv>
96c374d0	41	<refname>systemd-socket-proxyd</refname>
912b54ad DS	42	<refpurpose>Inherit a socket. Bidirectionally
	43	proxy.</refpurpose>
	44	</refnamediv>
	45	<refsynopsisdiv>
	46	<cmdsynopsis>
96c374d0	47	<command>systemd-socket-proxyd</command>
912b54ad	48	<arg choice="opt" rep="repeat">OPTIONS</arg>
19aadacf	49	<arg choice="plain"><replaceable>HOSTNAME-OR-IPADDR</replaceable></arg>
912b54ad DS	50	<arg choice="plain"><replaceable>PORT-OR-SERVICE</replaceable></arg>
	51	</cmdsynopsis>
	52	<cmdsynopsis>
96c374d0	53	<command>systemd-socket-proxyd</command>
912b54ad DS	54	<arg choice="opt" rep="repeat">OPTIONS</arg>
	55	<arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
	56	</arg>
	57	</cmdsynopsis>
	58	</refsynopsisdiv>
	59	<refsect1>
	60	<title>Description</title>
	61	<para>
96c374d0	62	<command>systemd-socket-proxyd</command> provides a proxy
912b54ad DS	63	to socket-activate services that do not yet support
	64	native socket activation. On behalf of the daemon,
	65	the proxy inherits the socket from systemd, accepts
	66	each client connection, opens a connection to the server
	67	for each client, and then bidirectionally forwards
	68	data between the two.</para>
	69	<para>This utility's behavior is similar to
19aadacf	70	<citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
96c374d0	71	The main differences for <command>systemd-socket-proxyd</command>
912b54ad DS	72	are support for socket activation with
	73	<literal>Accept=false</literal> and an event-driven
	74	design that scales better with the number of
	75	connections.</para>
	76	</refsect1>
	77	<refsect1>
	78	<title>Options</title>
	79	<para>The following options are understood:</para>
	80	<variablelist>
	81	<varlistentry>
	82	<term><option>-h</option></term>
	83	<term><option>--help</option></term>
	84	<listitem>
	85	<para>Prints a short help
	86	text and exits.</para>
	87	</listitem>
	88	</varlistentry>
	89	<varlistentry>
	90	<term><option>--version</option></term>
	91	<listitem>
	92	<para>Prints a version
	93	string and exits.</para>
	94	</listitem>
	95	</varlistentry>
	96	<varlistentry>
	97	<term><option>--ignore-env</option></term>
	98	<listitem>
	99	<para>Skips verification of
	100	the expected PID and file
19aadacf	101	descriptor numbers. Use this if
912b54ad	102	invoked indirectly, for
19aadacf	103	example, with a shell script
912b54ad	104	rather than with
464b3d64	105	<option>ExecStart=/usr/lib/systemd/systemd-socket-proxyd</option>
912b54ad DS	106	</para>
	107	</listitem>
	108	</varlistentry>
	109	</variablelist>
	110	</refsect1>
	111	<refsect1>
	112	<title>Exit status</title>
19aadacf	113	<para>On success, 0 is returned, a non-zero failure
912b54ad DS	114	code otherwise.</para>
	115	</refsect1>
	116	<refsect1>
	117	<title>Examples</title>
	118	<refsect2>
	119	<title>Direct-Use Example</title>
	120	<para>Use two services with a dependency
	121	and no namespace isolation.</para>
c452c7cf DS	122	<example label="proxy socket unit">
c452c7cf DS	123	<title>/etc/systemd/system/proxy-to-nginx.socket</title>
912b54ad DS	124	<programlisting>
	125	<![CDATA[[Socket]
	126	ListenStream=80
	127
	128	[Install]
464b3d64	129	WantedBy=sockets.target]]>
912b54ad DS	130	</programlisting>
912b54ad DS	131	</example>
c452c7cf DS	132	<example label="proxy service unit">
c452c7cf DS	133	<title>/etc/systemd/system/proxy-to-nginx.service</title>
912b54ad DS	134	<programlisting>
	135	<![CDATA[[Unit]
	136	After=nginx.service
	137	Requires=nginx.service
	138
	139	[Service]
96c374d0	140	ExecStart=/usr/bin/systemd-socket-proxyd /tmp/nginx.sock
912b54ad DS	141	PrivateTmp=true
	142	PrivateNetwork=true]]>
	143	</programlisting>
	144	</example>
	145	<example label="nginx configuration">
	146	<title>/etc/nginx/nginx.conf</title>
	147	<programlisting>
	148	<![CDATA[[...]
	149	server {
	150	listen unix:/tmp/nginx.sock;
	151	[...]]]>
	152	</programlisting>
	153	</example>
	154	<example label="commands">
	155	<programlisting>
	156	<![CDATA[$ sudo systemctl --system daemon-reload
c452c7cf DS	157	$ sudo systemctl start proxy-to-nginx.socket
c452c7cf DS	158	$ sudo systemctl enable proxy-to-nginx.socket
912b54ad DS	159	$ curl http://localhost:80/]]>
	160	</programlisting>
	161	</example>
	162	</refsect2>
	163	<refsect2>
	164	<title>Indirect-Use Example</title>
	165	<para>Use a shell script to isolate the
c452c7cf	166	service and proxy into the same namespace.
912b54ad DS	167	This is particularly useful for running
	168	TCP-only daemons without the daemon
	169	affecting ports on regular
	170	interfaces.</para>
c452c7cf	171	<example label="combined proxy and nginx socket unit">
912b54ad DS	172
912b54ad DS	173	<title>
c452c7cf	174	/etc/systemd/system/proxy-with-nginx.socket</title>
912b54ad DS	175	<programlisting>
	176	<![CDATA[[Socket]
	177	ListenStream=80
	178
	179	[Install]
464b3d64	180	WantedBy=sockets.target]]>
912b54ad DS	181	</programlisting>
912b54ad DS	182	</example>
c452c7cf	183	<example label="combined proxy and nginx service unit">
912b54ad DS	184
912b54ad DS	185	<title>
c452c7cf	186	/etc/systemd/system/proxy-with-nginx.service</title>
912b54ad DS	187	<programlisting>
	188	<![CDATA[[Unit]
	189	After=syslog.target remote-fs.target nss-lookup.target
	190
	191	[Service]
	192	ExecStartPre=/usr/sbin/nginx -t
96c374d0	193	ExecStart=/usr/bin/socket-proxyd-nginx.sh
912b54ad DS	194	PrivateTmp=true
	195	PrivateNetwork=true]]>
	196	</programlisting>
	197	</example>
	198	<example label="shell script">
	199	<title>
96c374d0	200	/usr/bin/socket-proxyd-nginx.sh</title>
912b54ad DS	201	<programlisting>
	202	<![CDATA[#!/bin/sh
	203	/usr/sbin/nginx
	204	while [ ! -f /tmp/nginx.pid ]
	205	do
	206	/usr/bin/inotifywait /tmp/nginx.pid
	207	done
96c374d0	208	/usr/bin/systemd-socket-proxyd --ignore-env localhost 8080]]>
912b54ad DS	209	</programlisting>
	210	</example>
	211	<example label="nginx configuration">
	212	<title>
	213	/etc/nginx/nginx.conf</title>
	214	<programlisting>
	215	<![CDATA[[...]
	216	server {
	217	listen 8080;
	218	listen unix:/tmp/nginx.sock;
	219	[...]]]>
	220	</programlisting>
	221	</example>
	222	<example label="commands">
	223	<programlisting>
	224	<![CDATA[$ sudo systemctl --system daemon-reload
c452c7cf DS	225	$ sudo systemctl start proxy-with-nginx.socket
c452c7cf DS	226	$ sudo systemctl enable proxy-with-nginx.socket
912b54ad DS	227	$ curl http://localhost:80/]]>
	228	</programlisting>
	229	</example>
	230	</refsect2>
	231	</refsect1>
	232	<refsect1>
	233	<title>See Also</title>
	234	<para>
	235	<citerefentry>
	236	<refentrytitle>
	237	systemd.service</refentrytitle>
	238	<manvolnum>5</manvolnum>
	239	</citerefentry>,
	240	<citerefentry>
	241	<refentrytitle>
	242	systemd.socket</refentrytitle>
	243	<manvolnum>5</manvolnum>
	244	</citerefentry>,
	245	<citerefentry>
	246	<refentrytitle>systemctl</refentrytitle>
	247	<manvolnum>1</manvolnum>
	248	</citerefentry>,
	249	<citerefentry>
	250	<refentrytitle>socat</refentrytitle>
	251	<manvolnum>1</manvolnum>
	252	</citerefentry></para>
	253	</refsect1>
	254	</refentry>