</refentryinfo>
<refmeta>
<refentrytitle>systemd-socket-proxyd</refentrytitle>
- <manvolnum>1</manvolnum>
+ <manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-socket-proxyd</refname>
<para>
<command>systemd-socket-proxyd</command> is a generic
socket-activated network socket forwarder proxy daemon
- for IPV4, IPv6 and UNIX stream sockets. It may be used
+ for IPv4, IPv6 and UNIX stream sockets. It may be used
to bi-directionally forward traffic from a local listening socket to a
local or remote destination socket.</para>
<para>One use of this tool is to provide
- socket-activation support for services that do not
+ socket activation support for services that do not
natively support socket activation. On behalf of the
service to activate, the proxy inherits the socket
from systemd, accepts each client connection, opens a
<refsect1>
<title>Examples</title>
<refsect2>
- <title>Direct-Use Example</title>
+ <title>Simple Example</title>
<para>Use two services with a dependency
and no namespace isolation.</para>
- <example label="proxy socket unit">
- <title>/etc/systemd/system/proxy-to-nginx.socket</title>
+ <example>
+ <title>proxy-to-nginx.socket</title>
<programlisting>
<![CDATA[[Socket]
ListenStream=80
WantedBy=sockets.target]]>
</programlisting>
</example>
- <example label="proxy service unit">
- <title>/etc/systemd/system/proxy-to-nginx.service</title>
+ <example>
+ <title>proxy-to-nginx.service</title>
<programlisting>
<![CDATA[[Unit]
-After=nginx.service
Requires=nginx.service
+After=nginx.service
[Service]
-ExecStart=/usr/bin/systemd-socket-proxyd /tmp/nginx.sock
-PrivateTmp=true
-PrivateNetwork=true]]>
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd /tmp/nginx.sock
+PrivateTmp=yes
+PrivateNetwork=yes]]>
</programlisting>
</example>
- <example label="nginx configuration">
- <title>/etc/nginx/nginx.conf</title>
+ <example>
+ <title>nginx.conf</title>
<programlisting>
<![CDATA[[...]
server {
[...]]]>
</programlisting>
</example>
- <example label="commands">
+ <example>
+ <title>Enabling the proxy</title>
<programlisting>
-<![CDATA[# systemctl --system daemon-reload
+<![CDATA[# systemctl enable proxy-to-nginx.socket
# systemctl start proxy-to-nginx.socket
-# systemctl enable proxy-to-nginx.socket
$ curl http://localhost:80/]]>
</programlisting>
</example>
</refsect2>
<refsect2>
- <title>Indirect-Use Example</title>
- <para>Use a shell script to isolate the
- service and proxy into the same namespace.
- This is particularly useful for running
- TCP-only daemons without the daemon
- affecting ports on regular
- interfaces.</para>
- <example label="combined proxy and nginx socket unit">
-
- <title>
- /etc/systemd/system/proxy-with-nginx.socket</title>
+ <title>Namespace Example</title>
+ <para>Similar as above, but runs the socket
+ proxy and the main service in the same private
+ namespace, assuming that
+ <filename>nginx.service</filename> has
+ <varname>PrivateTmp=</varname> and
+ <varname>PrivateNetwork=</varname> set,
+ too.</para>
+ <example>
+ <title>proxy-to-nginx.socket</title>
<programlisting>
<![CDATA[[Socket]
ListenStream=80
WantedBy=sockets.target]]>
</programlisting>
</example>
- <example label="combined proxy and nginx service unit">
-
- <title>
- /etc/systemd/system/proxy-with-nginx.service</title>
+ <example>
+ <title>proxy-to-nginx.service</title>
<programlisting>
<![CDATA[[Unit]
-After=syslog.target remote-fs.target nss-lookup.target
+Requires=nginx.service
+After=nginx.service
+JoinsNamespaceOf=nginx.service
[Service]
-ExecStartPre=/usr/sbin/nginx -t
-ExecStart=/usr/bin/socket-proxyd-nginx.sh
-PrivateTmp=true
-PrivateNetwork=true]]>
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
+PrivateTmp=yes
+PrivateNetwork=yes]]>
</programlisting>
</example>
- <example label="shell script">
- <title>
- /usr/bin/socket-proxyd-nginx.sh</title>
- <programlisting>
-<![CDATA[#!/bin/sh
-/usr/sbin/nginx
-while [ ! -f /tmp/nginx.pid ]
- do
- /usr/bin/inotifywait /tmp/nginx.pid
- done
-exec /usr/bin/systemd-socket-proxyd localhost 8080]]>
-</programlisting>
- </example>
- <example label="nginx configuration">
- <title>
- /etc/nginx/nginx.conf</title>
+ <example>
+ <title>nginx.conf</title>
<programlisting>
<![CDATA[[...]
server {
[...]]]>
</programlisting>
</example>
- <example label="commands">
+ <example>
+ <title>Enabling the proxy</title>
<programlisting>
-<![CDATA[# systemctl --system daemon-reload
-# systemctl start proxy-with-nginx.socket
-# systemctl enable proxy-with-nginx.socket
+<![CDATA[# systemctl enable proxy-to-nginx.socket
+# systemctl start proxy-to-nginx.socket
$ curl http://localhost:80/]]>
</programlisting>
</example>
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>nginx</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>curl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>
~ianmdlvl / elogind.git / blobdiff