Rivoreo Source Code Repositories
src.rivoreo.one / systemd-stable / v245-rc2 / . / man / systemd-socket-proxyd.xml
blob: a72ac1bbc66fcf2276d9a215897834c48894aec4 [file] [log] [blame] [raw]
<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="systemd-socket-proxyd"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-socket-proxyd</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-socket-proxyd</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-socket-proxyd</refname>
<refpurpose>Bidirectionally proxy local sockets to another (possibly remote) socket.</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>systemd-socket-proxyd</command>
<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
<arg choice="plain"><replaceable>HOST</replaceable>:<replaceable>PORT</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>systemd-socket-proxyd</command>
<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
<arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
<command>systemd-socket-proxyd</command> is a generic
socket-activated network socket forwarder proxy daemon for IPv4,
IPv6 and UNIX stream sockets. It may be used to bi-directionally
forward traffic from a local listening socket to a local or remote
destination socket.</para>
<para>One use of this tool is to provide socket activation support
for services that do not natively support socket activation. On
behalf of the service to activate, the proxy inherits the socket
from systemd, accepts each client connection, opens a connection
to a configured server for each client, and then bidirectionally
forwards data between the two.</para>
<para>This utility's behavior is similar to
<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
The main differences for <command>systemd-socket-proxyd</command>
are support for socket activation with
<literal>Accept=no</literal> and an event-driven
design that scales better with the number of
connections.</para>
</refsect1>
<refsect1>
<title>Options</title>
<para>The following options are understood:</para>
<variablelist>
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
<varlistentry>
<term><option>--connections-max=</option></term>
<term><option>-c</option></term>
<listitem><para>Sets the maximum number of simultaneous connections, defaults to 256.
If the limit of concurrent connections is reached further connections will be refused.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Exit status</title>
<para>On success, 0 is returned, a non-zero failure
code otherwise.</para>
</refsect1>
<refsect1>
<title>Examples</title>
<refsect2>
<title>Simple Example</title>
<para>Use two services with a dependency and no namespace
isolation.</para>
<example>
<title>proxy-to-nginx.socket</title>
<programlisting><![CDATA[[Socket]
ListenStream=80
[Install]
WantedBy=sockets.target]]></programlisting>
</example>
<example>
<title>proxy-to-nginx.service</title>
<programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
Requires=proxy-to-nginx.socket
After=proxy-to-nginx.socket
[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
</example>
<example>
<title>nginx.conf</title>
<programlisting>
<![CDATA[[…]
server {
listen unix:/run/nginx/socket;
[…]]]>
</programlisting>
</example>
<example>
<title>Enabling the proxy</title>
<programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
</example>
</refsect2>
<refsect2>
<title>Namespace Example</title>
<para>Similar as above, but runs the socket proxy and the main
service in the same private namespace, assuming that
<filename>nginx.service</filename> has
<varname>PrivateTmp=</varname> and
<varname>PrivateNetwork=</varname> set, too.</para>
<example>
<title>proxy-to-nginx.socket</title>
<programlisting><![CDATA[[Socket]
ListenStream=80
[Install]
WantedBy=sockets.target]]></programlisting>
</example>
<example>
<title>proxy-to-nginx.service</title>
<programlisting><![CDATA[[Unit]
Requires=nginx.service
After=nginx.service
Requires=proxy-to-nginx.socket
After=proxy-to-nginx.socket
JoinsNamespaceOf=nginx.service
[Service]
ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
PrivateTmp=yes
PrivateNetwork=yes]]></programlisting>
</example>
<example>
<title>nginx.conf</title>
<programlisting><![CDATA[[…]
server {
listen 8080;
[…]]]></programlisting>
</example>
<example>
<title>Enabling the proxy</title>
<programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
$ curl http://localhost:80/]]></programlisting>
</example>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='die-net'><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='die-net'><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='die-net'><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>