]>
Commit | Line | Data |
---|---|---|
912b54ad DS |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
12b42c76 | 4 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
912b54ad | 5 | <!-- |
572eb058 ZJS |
6 | SPDX-License-Identifier: LGPL-2.1+ |
7 | ||
96b2fb93 | 8 | Copyright © 2013 David Strauss |
912b54ad | 9 | --> |
dfdebb1b | 10 | <refentry id="systemd-socket-proxyd" |
798d3a52 | 11 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
dfdebb1b | 12 | |
798d3a52 ZJS |
13 | <refentryinfo> |
14 | <title>systemd-socket-proxyd</title> | |
15 | <productname>systemd</productname> | |
798d3a52 ZJS |
16 | </refentryinfo> |
17 | <refmeta> | |
18 | <refentrytitle>systemd-socket-proxyd</refentrytitle> | |
19 | <manvolnum>8</manvolnum> | |
20 | </refmeta> | |
21 | <refnamediv> | |
22 | <refname>systemd-socket-proxyd</refname> | |
23 | <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose> | |
24 | </refnamediv> | |
25 | <refsynopsisdiv> | |
26 | <cmdsynopsis> | |
27 | <command>systemd-socket-proxyd</command> | |
28 | <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> | |
29 | <arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg> | |
30 | </cmdsynopsis> | |
31 | <cmdsynopsis> | |
32 | <command>systemd-socket-proxyd</command> | |
33 | <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg> | |
34 | <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable> | |
35 | </arg> | |
36 | </cmdsynopsis> | |
37 | </refsynopsisdiv> | |
38 | <refsect1> | |
39 | <title>Description</title> | |
40 | <para> | |
41 | <command>systemd-socket-proxyd</command> is a generic | |
42 | socket-activated network socket forwarder proxy daemon for IPv4, | |
43 | IPv6 and UNIX stream sockets. It may be used to bi-directionally | |
44 | forward traffic from a local listening socket to a local or remote | |
45 | destination socket.</para> | |
8569a776 | 46 | |
798d3a52 ZJS |
47 | <para>One use of this tool is to provide socket activation support |
48 | for services that do not natively support socket activation. On | |
49 | behalf of the service to activate, the proxy inherits the socket | |
50 | from systemd, accepts each client connection, opens a connection | |
51 | to a configured server for each client, and then bidirectionally | |
52 | forwards data between the two.</para> | |
53 | <para>This utility's behavior is similar to | |
3ba3a79d | 54 | <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
798d3a52 ZJS |
55 | The main differences for <command>systemd-socket-proxyd</command> |
56 | are support for socket activation with | |
57 | <literal>Accept=false</literal> and an event-driven | |
58 | design that scales better with the number of | |
59 | connections.</para> | |
60 | </refsect1> | |
61 | <refsect1> | |
62 | <title>Options</title> | |
63 | <para>The following options are understood:</para> | |
64 | <variablelist> | |
65 | <xi:include href="standard-options.xml" xpointer="help" /> | |
66 | <xi:include href="standard-options.xml" xpointer="version" /> | |
dc3b8afb | 67 | <varlistentry> |
23d0fff7 | 68 | <term><option>--connections-max=</option></term> |
dc3b8afb DK |
69 | <term><option>-c</option></term> |
70 | ||
71 | <listitem><para>Sets the maximum number of simultaneous connections, defaults to 256. | |
72 | If the limit of concurrent connections is reached further connections will be refused.</para></listitem> | |
73 | </varlistentry> | |
798d3a52 ZJS |
74 | </variablelist> |
75 | </refsect1> | |
76 | <refsect1> | |
77 | <title>Exit status</title> | |
78 | <para>On success, 0 is returned, a non-zero failure | |
79 | code otherwise.</para> | |
80 | </refsect1> | |
81 | <refsect1> | |
82 | <title>Examples</title> | |
83 | <refsect2> | |
84 | <title>Simple Example</title> | |
85 | <para>Use two services with a dependency and no namespace | |
86 | isolation.</para> | |
87 | <example> | |
88 | <title>proxy-to-nginx.socket</title> | |
89 | <programlisting><![CDATA[[Socket] | |
912b54ad DS |
90 | ListenStream=80 |
91 | ||
92 | [Install] | |
9fccdb0f | 93 | WantedBy=sockets.target]]></programlisting> |
798d3a52 ZJS |
94 | </example> |
95 | <example> | |
96 | <title>proxy-to-nginx.service</title> | |
97 | <programlisting><![CDATA[[Unit] | |
912b54ad | 98 | Requires=nginx.service |
34c7dc47 | 99 | After=nginx.service |
d7cefe8b | 100 | Requires=proxy-to-nginx.socket |
e5bb1de8 | 101 | After=proxy-to-nginx.socket |
912b54ad DS |
102 | |
103 | [Service] | |
edd1dcd0 | 104 | ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket |
34c7dc47 | 105 | PrivateTmp=yes |
9fccdb0f | 106 | PrivateNetwork=yes]]></programlisting> |
798d3a52 ZJS |
107 | </example> |
108 | <example> | |
109 | <title>nginx.conf</title> | |
110 | <programlisting> | |
1eecafb8 | 111 | <![CDATA[[…] |
912b54ad | 112 | server { |
edd1dcd0 | 113 | listen unix:/run/nginx/socket; |
1eecafb8 | 114 | […]]]> |
912b54ad | 115 | </programlisting> |
798d3a52 ZJS |
116 | </example> |
117 | <example> | |
118 | <title>Enabling the proxy</title> | |
ee3c52eb | 119 | <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket |
9fccdb0f | 120 | $ curl http://localhost:80/]]></programlisting> |
798d3a52 ZJS |
121 | </example> |
122 | </refsect2> | |
123 | <refsect2> | |
124 | <title>Namespace Example</title> | |
125 | <para>Similar as above, but runs the socket proxy and the main | |
126 | service in the same private namespace, assuming that | |
127 | <filename>nginx.service</filename> has | |
128 | <varname>PrivateTmp=</varname> and | |
129 | <varname>PrivateNetwork=</varname> set, too.</para> | |
130 | <example> | |
131 | <title>proxy-to-nginx.socket</title> | |
132 | <programlisting><![CDATA[[Socket] | |
912b54ad DS |
133 | ListenStream=80 |
134 | ||
135 | [Install] | |
9fccdb0f | 136 | WantedBy=sockets.target]]></programlisting> |
798d3a52 ZJS |
137 | </example> |
138 | <example> | |
139 | <title>proxy-to-nginx.service</title> | |
140 | <programlisting><![CDATA[[Unit] | |
34c7dc47 LP |
141 | Requires=nginx.service |
142 | After=nginx.service | |
e5bb1de8 RH |
143 | Requires=proxy-to-nginx.socket |
144 | After=proxy-to-nginx.socket | |
34c7dc47 | 145 | JoinsNamespaceOf=nginx.service |
912b54ad DS |
146 | |
147 | [Service] | |
12b42c76 | 148 | ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080 |
34c7dc47 | 149 | PrivateTmp=yes |
9fccdb0f | 150 | PrivateNetwork=yes]]></programlisting> |
798d3a52 ZJS |
151 | </example> |
152 | <example> | |
153 | <title>nginx.conf</title> | |
1eecafb8 | 154 | <programlisting><![CDATA[[…] |
912b54ad DS |
155 | server { |
156 | listen 8080; | |
1eecafb8 | 157 | […]]]></programlisting> |
798d3a52 ZJS |
158 | </example> |
159 | <example> | |
160 | <title>Enabling the proxy</title> | |
ee3c52eb | 161 | <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket |
9fccdb0f | 162 | $ curl http://localhost:80/]]></programlisting> |
798d3a52 ZJS |
163 | </example> |
164 | </refsect2> | |
165 | </refsect1> | |
166 | <refsect1> | |
167 | <title>See Also</title> | |
168 | <para> | |
169 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
170 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
171 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
172 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
3ba3a79d ZJS |
173 | <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
174 | <citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
175 | <citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
798d3a52 ZJS |
176 | </para> |
177 | </refsect1> | |
912b54ad | 178 | </refentry> |