[thirdparty/systemd.git] / man / systemd-socket-proxyd.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="systemd-socket-proxyd"
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-socket-proxyd</title>
    <productname>systemd</productname>
  </refentryinfo>
  <refmeta>
    <refentrytitle>systemd-socket-proxyd</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>systemd-socket-proxyd</refname>
    <refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>systemd-socket-proxyd</command>
      <arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
      <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
    <para>
    <command>systemd-socket-proxyd</command> is a generic
    socket-activated network socket forwarder proxy daemon for IPv4,
    IPv6 and UNIX stream sockets. It may be used to bi-directionally
    forward traffic from a local listening socket to a local or remote
    destination socket.</para>

    <para>One use of this tool is to provide socket activation support
    for services that do not natively support socket activation. On
    behalf of the service to activate, the proxy inherits the socket
    from systemd, accepts each client connection, opens a connection
    to a configured server for each client, and then bidirectionally
    forwards data between the two.</para>
    <para>This utility's behavior is similar to
    <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    The main differences for <command>systemd-socket-proxyd</command>
    are support for socket activation with
    <literal>Accept=no</literal> and an event-driven
    design that scales better with the number of
    connections.</para>
  </refsect1>
  <refsect1>
    <title>Options</title>
    <para>The following options are understood:</para>
    <variablelist>
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
      <varlistentry>
        <term><option>--connections-max=</option></term>
        <term><option>-c</option></term>

        <listitem><para>Sets the maximum number of simultaneous connections, defaults to 256.
        If the limit of concurrent connections is reached further connections will be refused.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>Exit status</title>
    <para>On success, 0 is returned, a non-zero failure
    code otherwise.</para>
  </refsect1>
  <refsect1>
    <title>Examples</title>
    <refsect2>
      <title>Simple Example</title>
      <para>Use two services with a dependency and no namespace
      isolation.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
Requires=proxy-to-nginx.socket
After=proxy-to-nginx.socket

[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting>
<![CDATA[[…]
server {
    listen       unix:/run/nginx/socket;
    […]]]>
</programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
    <refsect2>
      <title>Namespace Example</title>
      <para>Similar as above, but runs the socket proxy and the main
      service in the same private namespace, assuming that
      <filename>nginx.service</filename> has
      <varname>PrivateTmp=</varname> and
      <varname>PrivateNetwork=</varname> set, too.</para>
      <example>
        <title>proxy-to-nginx.socket</title>
        <programlisting><![CDATA[[Socket]
ListenStream=80

[Install]
WantedBy=sockets.target]]></programlisting>
      </example>
      <example>
        <title>proxy-to-nginx.service</title>
        <programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
Requires=proxy-to-nginx.socket
After=proxy-to-nginx.socket
JoinsNamespaceOf=nginx.service

[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
      </example>
      <example>
        <title>nginx.conf</title>
        <programlisting><![CDATA[[…]
server {
    listen       8080;
    […]]]></programlisting>
      </example>
      <example>
        <title>Enabling the proxy</title>
        <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
      </example>
    </refsect2>
  </refsect1>
  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
912b54ad DS	1	<?xml version="1.0"?>
912b54ad DS	2	<!---nxml--->
3a54a157 ZJS	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3a54a157 ZJS	4	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
0307f791	5	<!-- SPDX-License-Identifier: LGPL-2.1+ -->
dfdebb1b	6	<refentry id="systemd-socket-proxyd"
798d3a52	7	xmlns:xi="http://www.w3.org/2001/XInclude">
dfdebb1b	8
798d3a52 ZJS	9	<refentryinfo>
	10	<title>systemd-socket-proxyd</title>
	11	<productname>systemd</productname>
798d3a52 ZJS	12	</refentryinfo>
	13	<refmeta>
	14	<refentrytitle>systemd-socket-proxyd</refentrytitle>
	15	<manvolnum>8</manvolnum>
	16	</refmeta>
	17	<refnamediv>
	18	<refname>systemd-socket-proxyd</refname>
	19	<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
	20	</refnamediv>
	21	<refsynopsisdiv>
	22	<cmdsynopsis>
	23	<command>systemd-socket-proxyd</command>
	24	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	25	<arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
	26	</cmdsynopsis>
	27	<cmdsynopsis>
	28	<command>systemd-socket-proxyd</command>
	29	<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
	30	<arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
	31	</arg>
	32	</cmdsynopsis>
	33	</refsynopsisdiv>
	34	<refsect1>
	35	<title>Description</title>
	36	<para>
	37	<command>systemd-socket-proxyd</command> is a generic
	38	socket-activated network socket forwarder proxy daemon for IPv4,
	39	IPv6 and UNIX stream sockets. It may be used to bi-directionally
	40	forward traffic from a local listening socket to a local or remote
	41	destination socket.</para>
8569a776	42
798d3a52 ZJS	43	<para>One use of this tool is to provide socket activation support
	44	for services that do not natively support socket activation. On
	45	behalf of the service to activate, the proxy inherits the socket
	46	from systemd, accepts each client connection, opens a connection
	47	to a configured server for each client, and then bidirectionally
	48	forwards data between the two.</para>
	49	<para>This utility's behavior is similar to
3ba3a79d	50	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
798d3a52 ZJS	51	The main differences for <command>systemd-socket-proxyd</command>
798d3a52 ZJS	52	are support for socket activation with
964c4eda	53	<literal>Accept=no</literal> and an event-driven
798d3a52 ZJS	54	design that scales better with the number of
	55	connections.</para>
	56	</refsect1>
	57	<refsect1>
	58	<title>Options</title>
	59	<para>The following options are understood:</para>
	60	<variablelist>
	61	<xi:include href="standard-options.xml" xpointer="help" />
	62	<xi:include href="standard-options.xml" xpointer="version" />
dc3b8afb	63	<varlistentry>
23d0fff7	64	<term><option>--connections-max=</option></term>
dc3b8afb DK	65	<term><option>-c</option></term>
	66
	67	<listitem><para>Sets the maximum number of simultaneous connections, defaults to 256.
	68	If the limit of concurrent connections is reached further connections will be refused.</para></listitem>
	69	</varlistentry>
798d3a52 ZJS	70	</variablelist>
	71	</refsect1>
	72	<refsect1>
	73	<title>Exit status</title>
	74	<para>On success, 0 is returned, a non-zero failure
	75	code otherwise.</para>
	76	</refsect1>
	77	<refsect1>
	78	<title>Examples</title>
	79	<refsect2>
	80	<title>Simple Example</title>
	81	<para>Use two services with a dependency and no namespace
	82	isolation.</para>
	83	<example>
	84	<title>proxy-to-nginx.socket</title>
	85	<programlisting><![CDATA[[Socket]
912b54ad DS	86	ListenStream=80
	87
	88	[Install]
9fccdb0f	89	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	90	</example>
	91	<example>
	92	<title>proxy-to-nginx.service</title>
	93	<programlisting><![CDATA[[Unit]
912b54ad	94	Requires=nginx.service
34c7dc47	95	After=nginx.service
d7cefe8b	96	Requires=proxy-to-nginx.socket
e5bb1de8	97	After=proxy-to-nginx.socket
912b54ad DS	98
912b54ad DS	99	[Service]
edd1dcd0	100	ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
34c7dc47	101	PrivateTmp=yes
9fccdb0f	102	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	103	</example>
	104	<example>
	105	<title>nginx.conf</title>
	106	<programlisting>
1eecafb8	107	<![CDATA[[…]
912b54ad	108	server {
edd1dcd0	109	listen unix:/run/nginx/socket;
1eecafb8	110	[…]]]>
912b54ad	111	</programlisting>
798d3a52 ZJS	112	</example>
	113	<example>
	114	<title>Enabling the proxy</title>
ee3c52eb	115	<programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
9fccdb0f	116	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	117	</example>
	118	</refsect2>
	119	<refsect2>
	120	<title>Namespace Example</title>
	121	<para>Similar as above, but runs the socket proxy and the main
	122	service in the same private namespace, assuming that
	123	<filename>nginx.service</filename> has
	124	<varname>PrivateTmp=</varname> and
	125	<varname>PrivateNetwork=</varname> set, too.</para>
	126	<example>
	127	<title>proxy-to-nginx.socket</title>
	128	<programlisting><![CDATA[[Socket]
912b54ad DS	129	ListenStream=80
	130
	131	[Install]
9fccdb0f	132	WantedBy=sockets.target]]></programlisting>
798d3a52 ZJS	133	</example>
	134	<example>
	135	<title>proxy-to-nginx.service</title>
	136	<programlisting><![CDATA[[Unit]
34c7dc47 LP	137	Requires=nginx.service
34c7dc47 LP	138	After=nginx.service
e5bb1de8 RH	139	Requires=proxy-to-nginx.socket
e5bb1de8 RH	140	After=proxy-to-nginx.socket
34c7dc47	141	JoinsNamespaceOf=nginx.service
912b54ad DS	142
912b54ad DS	143	[Service]
12b42c76	144	ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
34c7dc47	145	PrivateTmp=yes
9fccdb0f	146	PrivateNetwork=yes]]></programlisting>
798d3a52 ZJS	147	</example>
	148	<example>
	149	<title>nginx.conf</title>
1eecafb8	150	<programlisting><![CDATA[[…]
912b54ad DS	151	server {
912b54ad DS	152	listen 8080;
1eecafb8	153	[…]]]></programlisting>
798d3a52 ZJS	154	</example>
	155	<example>
	156	<title>Enabling the proxy</title>
ee3c52eb	157	<programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
9fccdb0f	158	$ curl http://localhost:80/]]></programlisting>
798d3a52 ZJS	159	</example>
	160	</refsect2>
	161	</refsect1>
	162	<refsect1>
	163	<title>See Also</title>
	164	<para>
	165	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	166	<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	167	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	168	<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
3ba3a79d ZJS	169	<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	170	<citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	171	<citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
798d3a52 ZJS	172	</para>
798d3a52 ZJS	173	</refsect1>
912b54ad	174	</refentry>