[thirdparty/systemd.git] / man / systemd-socket-proxyd.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
     "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
  SPDX-License-Identifier: LGPL-2.1+

  Copyright © 2013 David Strauss
-->
<refentry id="systemd-socket-proxyd"
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-socket-proxyd</title>
    <productname>systemd</productname>
  </refentryinfo>
  <refmeta>
    <refentrytitle>systemd-socket-proxyd</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>systemd-socket-proxyd</refname>
    <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
    <para>
    <command>systemd-socket-proxyd</command> is a generic
    socket-activated network socket forwarder proxy daemon for IPv4,
    IPv6 and UNIX stream sockets. It may be used to bi-directionally
    forward traffic from a local listening socket to a local or remote
    destination socket.</para>

    <para>One use of this tool is to provide socket activation support
    for services that do not natively support socket activation. On
    behalf of the service to activate, the proxy inherits the socket
    from systemd, accepts each client connection, opens a connection
    to a configured server for each client, and then bidirectionally
    forwards data between the two.</para>
    <para>This utility's behavior is similar to
    <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    The main differences for <command>systemd-socket-proxyd</command>
    are support for socket activation with
    <literal>Accept=false</literal> and an event-driven
    design that scales better with the number of
    connections.</para>
  </refsect1>
  <refsect1>
    <title>Options</title>
    <para>The following options are understood:</para>
    <variablelist>
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
      <varlistentry>
        <term><option>--connections-max=</option></term>
        <term><option>-c</option></term>

        <listitem><para>Sets the maximum number of simultaneous connections, defaults to 256.
        If the limit of concurrent connections is reached further connections will be refused.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>Exit status</title>
    <para>On success, 0 is returned, a non-zero failure
    code otherwise.</para>
  </refsect1>
  <refsect1>
    <title>Examples</title>
    <refsect2>
      <title>Simple Example</title>
      <para>Use two services with a dependency and no namespace
      isolation.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
Requires=proxy-to-nginx.socket
After=proxy-to-nginx.socket

[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting>
<![CDATA[[…]
server {
    listen       unix:/run/nginx/socket;
    […]]]>
</programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
    <refsect2>
      <title>Namespace Example</title>
      <para>Similar as above, but runs the socket proxy and the main
      service in the same private namespace, assuming that
      <filename>nginx.service</filename> has
      <varname>PrivateTmp=</varname> and
      <varname>PrivateNetwork=</varname> set, too.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
Requires=proxy-to-nginx.socket
After=proxy-to-nginx.socket
JoinsNamespaceOf=nginx.service

[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting><![CDATA[[…]
server {
    listen       8080;
    […]]]></programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
  </refsect1>
  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
912b54ad DS	1	<?xml version="1.0"?>
	2	<!---nxml--->
	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76	4	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
912b54ad	5	<!--
572eb058 ZJS	6	SPDX-License-Identifier: LGPL-2.1+
572eb058 ZJS	7
96b2fb93	8	Copyright © 2013 David Strauss
912b54ad	9	-->
dfdebb1b	10	<refentry id="systemd-socket-proxyd"
798d3a52	11	xmlns:xi="http://www.w3.org/2001/XInclude">
dfdebb1b	12
798d3a52 ZJS	13	<refentryinfo>
	14	<title>systemd-socket-proxyd</title>
	15	<productname>systemd</productname>
798d3a52 ZJS	16	</refentryinfo>
	17	<refmeta>
	18	<refentrytitle>systemd-socket-proxyd</refentrytitle>
	19	<manvolnum>8</manvolnum>
	20	</refmeta>
	21	<refnamediv>
	22	<refname>systemd-socket-proxyd</refname>
	23	<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
	24	</refnamediv>
	25	<refsynopsisdiv>
	26	<cmdsynopsis>
	27	<command>systemd-socket-proxyd</command>
	28	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	29	<arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
	30	</cmdsynopsis>
	31	<cmdsynopsis>
	32	<command>systemd-socket-proxyd</command>
	33	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	34	<arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
	35	</arg>
	36	</cmdsynopsis>
	37	</refsynopsisdiv>
	38	<refsect1>
	39	<title>Description</title>
	40	<para>
	41	<command>systemd-socket-proxyd</command> is a generic
	42	socket-activated network socket forwarder proxy daemon for IPv4,
	43	IPv6 and UNIX stream sockets. It may be used to bi-directionally
	44	forward traffic from a local listening socket to a local or remote
	45	destination socket.</para>
8569a776	46
798d3a52 ZJS	47	<para>One use of this tool is to provide socket activation support
	48	for services that do not natively support socket activation. On
	49	behalf of the service to activate, the proxy inherits the socket
	50	from systemd, accepts each client connection, opens a connection
	51	to a configured server for each client, and then bidirectionally
	52	forwards data between the two.</para>
	53	<para>This utility's behavior is similar to
3ba3a79d	54	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
798d3a52 ZJS	55	The main differences for <command>systemd-socket-proxyd</command>
	56	are support for socket activation with
	57	<literal>Accept=false</literal> and an event-driven
	58	design that scales better with the number of
	59	connections.</para>
	60	</refsect1>
	61	<refsect1>
	62	<title>Options</title>
	63	<para>The following options are understood:</para>
	64	<variablelist>
	65	<xi:include href="standard-options.xml" xpointer="help" />
	66	<xi:include href="standard-options.xml" xpointer="version" />
dc3b8afb	67	<varlistentry>
23d0fff7	68	<term><option>--connections-max=</option></term>
dc3b8afb DK	69	<term><option>-c</option></term>
	70
	71	<listitem><para>Sets the maximum number of simultaneous connections, defaults to 256.
	72	If the limit of concurrent connections is reached further connections will be refused.</para></listitem>
	73	</varlistentry>
798d3a52 ZJS	74	</variablelist>
	75	</refsect1>
	76	<refsect1>
	77	<title>Exit status</title>
	78	<para>On success, 0 is returned, a non-zero failure
	79	code otherwise.</para>
	80	</refsect1>
	81	<refsect1>
	82	<title>Examples</title>
	83	<refsect2>
	84	<title>Simple Example</title>
	85	<para>Use two services with a dependency and no namespace
	86	isolation.</para>
	87	<example>
	88	<title>proxy-to-nginx.socket</title>
	89	<programlisting><![CDATA[[Socket]
912b54ad DS	90	ListenStream=80
	91
	92	[Install]
9fccdb0f	93	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	94	</example>
	95	<example>
	96	<title>proxy-to-nginx.service</title>
	97	<programlisting><![CDATA[[Unit]
912b54ad	98	Requires=nginx.service
34c7dc47	99	After=nginx.service
d7cefe8b	100	Requires=proxy-to-nginx.socket
e5bb1de8	101	After=proxy-to-nginx.socket
912b54ad DS	102
912b54ad DS	103	[Service]
edd1dcd0	104	ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
34c7dc47	105	PrivateTmp=yes
9fccdb0f	106	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	107	</example>
	108	<example>
	109	<title>nginx.conf</title>
	110	<programlisting>
1eecafb8	111	<![CDATA[[…]
912b54ad	112	server {
edd1dcd0	113	listen unix:/run/nginx/socket;
1eecafb8	114	[…]]]>
912b54ad	115	</programlisting>
798d3a52 ZJS	116	</example>
	117	<example>
	118	<title>Enabling the proxy</title>
ee3c52eb	119	<programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
9fccdb0f	120	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	121	</example>
	122	</refsect2>
	123	<refsect2>
	124	<title>Namespace Example</title>
	125	<para>Similar as above, but runs the socket proxy and the main
	126	service in the same private namespace, assuming that
	127	<filename>nginx.service</filename> has
	128	<varname>PrivateTmp=</varname> and
	129	<varname>PrivateNetwork=</varname> set, too.</para>
	130	<example>
	131	<title>proxy-to-nginx.socket</title>
	132	<programlisting><![CDATA[[Socket]
912b54ad DS	133	ListenStream=80
	134
	135	[Install]
9fccdb0f	136	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	137	</example>
	138	<example>
	139	<title>proxy-to-nginx.service</title>
	140	<programlisting><![CDATA[[Unit]
34c7dc47 LP	141	Requires=nginx.service
34c7dc47 LP	142	After=nginx.service
e5bb1de8 RH	143	Requires=proxy-to-nginx.socket
e5bb1de8 RH	144	After=proxy-to-nginx.socket
34c7dc47	145	JoinsNamespaceOf=nginx.service
912b54ad DS	146
912b54ad DS	147	[Service]
12b42c76	148	ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
34c7dc47	149	PrivateTmp=yes
9fccdb0f	150	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	151	</example>
	152	<example>
	153	<title>nginx.conf</title>
1eecafb8	154	<programlisting><![CDATA[[…]
912b54ad DS	155	server {
912b54ad DS	156	listen 8080;
1eecafb8	157	[…]]]></programlisting>
798d3a52 ZJS	158	</example>
	159	<example>
	160	<title>Enabling the proxy</title>
ee3c52eb	161	<programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
9fccdb0f	162	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	163	</example>
	164	</refsect2>
	165	</refsect1>
	166	<refsect1>
	167	<title>See Also</title>
	168	<para>
	169	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	170	<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	171	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	172	<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
3ba3a79d ZJS	173	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	174	<citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	175	<citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
798d3a52 ZJS	176	</para>
798d3a52 ZJS	177	</refsect1>
912b54ad	178	</refentry>