]>
Commit | Line | Data |
---|---|---|
912b54ad DS |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
4 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
5 | <!-- | |
6 | This file is part of systemd. | |
7 | ||
8 | Copyright 2013 David Strauss | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
11 | under the terms of the GNU Lesser General Public License as published by | |
12 | the Free Software Foundation; either version 2.1 of the License, or | |
13 | (at your option) any later version. | |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | Lesser General Public License for more details. | |
19 | ||
20 | You should have received a copy of the GNU Lesser General Public License | |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
22 | --> | |
96c374d0 | 23 | <refentry id="systemd-socket-proxyd"> |
912b54ad | 24 | <refentryinfo> |
96c374d0 | 25 | <title>systemd-socket-proxyd</title> |
912b54ad DS |
26 | <productname>systemd</productname> |
27 | <authorgroup> | |
28 | <author> | |
29 | <contrib>Developer</contrib> | |
30 | <firstname>David</firstname> | |
31 | <surname>Strauss</surname> | |
32 | <email>david@davidstrauss.net</email> | |
33 | </author> | |
34 | </authorgroup> | |
35 | </refentryinfo> | |
36 | <refmeta> | |
96c374d0 | 37 | <refentrytitle>systemd-socket-proxyd</refentrytitle> |
912b54ad DS |
38 | <manvolnum>1</manvolnum> |
39 | </refmeta> | |
40 | <refnamediv> | |
96c374d0 | 41 | <refname>systemd-socket-proxyd</refname> |
912b54ad DS |
42 | <refpurpose>Inherit a socket. Bidirectionally |
43 | proxy.</refpurpose> | |
44 | </refnamediv> | |
45 | <refsynopsisdiv> | |
46 | <cmdsynopsis> | |
96c374d0 | 47 | <command>systemd-socket-proxyd</command> |
912b54ad | 48 | <arg choice="opt" rep="repeat">OPTIONS</arg> |
19aadacf | 49 | <arg choice="plain"><replaceable>HOSTNAME-OR-IPADDR</replaceable></arg> |
912b54ad DS |
50 | <arg choice="plain"><replaceable>PORT-OR-SERVICE</replaceable></arg> |
51 | </cmdsynopsis> | |
52 | <cmdsynopsis> | |
96c374d0 | 53 | <command>systemd-socket-proxyd</command> |
912b54ad DS |
54 | <arg choice="opt" rep="repeat">OPTIONS</arg> |
55 | <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable> | |
56 | </arg> | |
57 | </cmdsynopsis> | |
58 | </refsynopsisdiv> | |
59 | <refsect1> | |
60 | <title>Description</title> | |
61 | <para> | |
96c374d0 | 62 | <command>systemd-socket-proxyd</command> provides a proxy |
912b54ad DS |
63 | to socket-activate services that do not yet support |
64 | native socket activation. On behalf of the daemon, | |
65 | the proxy inherits the socket from systemd, accepts | |
66 | each client connection, opens a connection to the server | |
67 | for each client, and then bidirectionally forwards | |
68 | data between the two.</para> | |
69 | <para>This utility's behavior is similar to | |
19aadacf | 70 | <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
96c374d0 | 71 | The main differences for <command>systemd-socket-proxyd</command> |
912b54ad DS |
72 | are support for socket activation with |
73 | <literal>Accept=false</literal> and an event-driven | |
74 | design that scales better with the number of | |
75 | connections.</para> | |
76 | </refsect1> | |
77 | <refsect1> | |
78 | <title>Options</title> | |
79 | <para>The following options are understood:</para> | |
80 | <variablelist> | |
81 | <varlistentry> | |
82 | <term><option>-h</option></term> | |
83 | <term><option>--help</option></term> | |
84 | <listitem> | |
85 | <para>Prints a short help | |
86 | text and exits.</para> | |
87 | </listitem> | |
88 | </varlistentry> | |
89 | <varlistentry> | |
90 | <term><option>--version</option></term> | |
91 | <listitem> | |
92 | <para>Prints a version | |
93 | string and exits.</para> | |
94 | </listitem> | |
95 | </varlistentry> | |
96 | <varlistentry> | |
97 | <term><option>--ignore-env</option></term> | |
98 | <listitem> | |
99 | <para>Skips verification of | |
100 | the expected PID and file | |
19aadacf | 101 | descriptor numbers. Use this if |
912b54ad | 102 | invoked indirectly, for |
19aadacf | 103 | example, with a shell script |
912b54ad | 104 | rather than with |
464b3d64 | 105 | <option>ExecStart=/usr/lib/systemd/systemd-socket-proxyd</option> |
912b54ad DS |
106 | </para> |
107 | </listitem> | |
108 | </varlistentry> | |
109 | </variablelist> | |
110 | </refsect1> | |
111 | <refsect1> | |
112 | <title>Exit status</title> | |
19aadacf | 113 | <para>On success, 0 is returned, a non-zero failure |
912b54ad DS |
114 | code otherwise.</para> |
115 | </refsect1> | |
116 | <refsect1> | |
117 | <title>Examples</title> | |
118 | <refsect2> | |
119 | <title>Direct-Use Example</title> | |
120 | <para>Use two services with a dependency | |
121 | and no namespace isolation.</para> | |
c452c7cf DS |
122 | <example label="proxy socket unit"> |
123 | <title>/etc/systemd/system/proxy-to-nginx.socket</title> | |
912b54ad DS |
124 | <programlisting> |
125 | <![CDATA[[Socket] | |
126 | ListenStream=80 | |
127 | ||
128 | [Install] | |
464b3d64 | 129 | WantedBy=sockets.target]]> |
912b54ad DS |
130 | </programlisting> |
131 | </example> | |
c452c7cf DS |
132 | <example label="proxy service unit"> |
133 | <title>/etc/systemd/system/proxy-to-nginx.service</title> | |
912b54ad DS |
134 | <programlisting> |
135 | <![CDATA[[Unit] | |
136 | After=nginx.service | |
137 | Requires=nginx.service | |
138 | ||
139 | [Service] | |
96c374d0 | 140 | ExecStart=/usr/bin/systemd-socket-proxyd /tmp/nginx.sock |
912b54ad DS |
141 | PrivateTmp=true |
142 | PrivateNetwork=true]]> | |
143 | </programlisting> | |
144 | </example> | |
145 | <example label="nginx configuration"> | |
146 | <title>/etc/nginx/nginx.conf</title> | |
147 | <programlisting> | |
148 | <![CDATA[[...] | |
149 | server { | |
150 | listen unix:/tmp/nginx.sock; | |
151 | [...]]]> | |
152 | </programlisting> | |
153 | </example> | |
154 | <example label="commands"> | |
155 | <programlisting> | |
156 | <![CDATA[$ sudo systemctl --system daemon-reload | |
c452c7cf DS |
157 | $ sudo systemctl start proxy-to-nginx.socket |
158 | $ sudo systemctl enable proxy-to-nginx.socket | |
912b54ad DS |
159 | $ curl http://localhost:80/]]> |
160 | </programlisting> | |
161 | </example> | |
162 | </refsect2> | |
163 | <refsect2> | |
164 | <title>Indirect-Use Example</title> | |
165 | <para>Use a shell script to isolate the | |
c452c7cf | 166 | service and proxy into the same namespace. |
912b54ad DS |
167 | This is particularly useful for running |
168 | TCP-only daemons without the daemon | |
169 | affecting ports on regular | |
170 | interfaces.</para> | |
c452c7cf | 171 | <example label="combined proxy and nginx socket unit"> |
912b54ad DS |
172 | |
173 | <title> | |
c452c7cf | 174 | /etc/systemd/system/proxy-with-nginx.socket</title> |
912b54ad DS |
175 | <programlisting> |
176 | <![CDATA[[Socket] | |
177 | ListenStream=80 | |
178 | ||
179 | [Install] | |
464b3d64 | 180 | WantedBy=sockets.target]]> |
912b54ad DS |
181 | </programlisting> |
182 | </example> | |
c452c7cf | 183 | <example label="combined proxy and nginx service unit"> |
912b54ad DS |
184 | |
185 | <title> | |
c452c7cf | 186 | /etc/systemd/system/proxy-with-nginx.service</title> |
912b54ad DS |
187 | <programlisting> |
188 | <![CDATA[[Unit] | |
189 | After=syslog.target remote-fs.target nss-lookup.target | |
190 | ||
191 | [Service] | |
192 | ExecStartPre=/usr/sbin/nginx -t | |
96c374d0 | 193 | ExecStart=/usr/bin/socket-proxyd-nginx.sh |
912b54ad DS |
194 | PrivateTmp=true |
195 | PrivateNetwork=true]]> | |
196 | </programlisting> | |
197 | </example> | |
198 | <example label="shell script"> | |
199 | <title> | |
96c374d0 | 200 | /usr/bin/socket-proxyd-nginx.sh</title> |
912b54ad DS |
201 | <programlisting> |
202 | <![CDATA[#!/bin/sh | |
203 | /usr/sbin/nginx | |
204 | while [ ! -f /tmp/nginx.pid ] | |
205 | do | |
206 | /usr/bin/inotifywait /tmp/nginx.pid | |
207 | done | |
96c374d0 | 208 | /usr/bin/systemd-socket-proxyd --ignore-env localhost 8080]]> |
912b54ad DS |
209 | </programlisting> |
210 | </example> | |
211 | <example label="nginx configuration"> | |
212 | <title> | |
213 | /etc/nginx/nginx.conf</title> | |
214 | <programlisting> | |
215 | <![CDATA[[...] | |
216 | server { | |
217 | listen 8080; | |
218 | listen unix:/tmp/nginx.sock; | |
219 | [...]]]> | |
220 | </programlisting> | |
221 | </example> | |
222 | <example label="commands"> | |
223 | <programlisting> | |
224 | <![CDATA[$ sudo systemctl --system daemon-reload | |
c452c7cf DS |
225 | $ sudo systemctl start proxy-with-nginx.socket |
226 | $ sudo systemctl enable proxy-with-nginx.socket | |
912b54ad DS |
227 | $ curl http://localhost:80/]]> |
228 | </programlisting> | |
229 | </example> | |
230 | </refsect2> | |
231 | </refsect1> | |
232 | <refsect1> | |
233 | <title>See Also</title> | |
234 | <para> | |
235 | <citerefentry> | |
236 | <refentrytitle> | |
237 | systemd.service</refentrytitle> | |
238 | <manvolnum>5</manvolnum> | |
239 | </citerefentry>, | |
240 | <citerefentry> | |
241 | <refentrytitle> | |
242 | systemd.socket</refentrytitle> | |
243 | <manvolnum>5</manvolnum> | |
244 | </citerefentry>, | |
245 | <citerefentry> | |
246 | <refentrytitle>systemctl</refentrytitle> | |
247 | <manvolnum>1</manvolnum> | |
248 | </citerefentry>, | |
249 | <citerefentry> | |
250 | <refentrytitle>socat</refentrytitle> | |
251 | <manvolnum>1</manvolnum> | |
252 | </citerefentry></para> | |
253 | </refsect1> | |
254 | </refentry> |