X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd-socket-proxyd.xml;h=4aef6200514e5809fa2bb811926f6f2093cc8941;hp=d57a59cf79958e54a1a186cb0cf0238649bbd59b;hb=99f098257f5e4135609edc3df965ebf27975df18;hpb=adcf4c81c58511b67644e17fa743d1729d3c9ccf diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml index d57a59cf7..4aef62005 100644 --- a/man/systemd-socket-proxyd.xml +++ b/man/systemd-socket-proxyd.xml @@ -31,17 +31,11 @@ Strauss david@davidstrauss.net - - Developer - Lennart - Poettering - lennart@poettering.net - systemd-socket-proxyd - 1 + 8 systemd-socket-proxyd @@ -65,7 +59,7 @@ systemd-socket-proxyd is a generic socket-activated network socket forwarder proxy daemon - for IPV4, IPv6 and UNIX stream sockets. It may be used + for IPv4, IPv6 and UNIX stream sockets. It may be used to bi-directionally forward traffic from a local listening socket to a local or remote destination socket. @@ -89,17 +83,6 @@ Options The following options are understood: - - - - - Restricts listening to a - single inherited socket, specified - as a file descriptor. By default, - the proxy listens on all inherited - sockets. - - @@ -125,11 +108,11 @@ Examples - Direct-Use Example + Simple Example Use two services with a dependency and no namespace isolation. - - /etc/systemd/system/proxy-to-nginx.socket + + proxy-to-nginx.socket - - /etc/systemd/system/proxy-to-nginx.service + + proxy-to-nginx.service +ExecStart=/usr/lib/systemd/systemd-socket-proxyd /tmp/nginx.sock +PrivateTmp=yes +PrivateNetwork=yes]]> - - /etc/nginx/nginx.conf + + nginx.conf - + + Enabling the proxy - Indirect-Use Example - Use a shell script to isolate the - service and proxy into the same namespace. - This is particularly useful for running - TCP-only daemons without the daemon - affecting ports on regular - interfaces. - - - - /etc/systemd/system/proxy-with-nginx.socket + Namespace Example + Similar as above, but runs the socket + proxy and the main service in the same private + namespace, assuming that + nginx.service has + PrivateTmp= and + PrivateNetwork= set, + too. + + proxy-to-nginx.socket - - - - /etc/systemd/system/proxy-with-nginx.service + + proxy-to-nginx.service - - - - - /usr/bin/socket-proxyd-nginx.sh - - +ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080 +PrivateTmp=yes +PrivateNetwork=yes]]> - Make it executable: - - - - - - /etc/nginx/nginx.conf + + nginx.conf - + + Enabling the proxy - - - - - - - Multiple Listeners with Multiple Destinations - When using namespaces, it may be useful to - have multiple listeners with each going to a unique - destination. systemd always passes sockets into - services in the order specified in the socket - unit, beginning with file descriptor 3. - In this example, port 80 - will proxy to localhost:8080, - and port 443 will proxy to - localhost:8443. - - /etc/systemd/system/multi-destination.socket - - - - - - /etc/systemd/system/multi-destination.service - - - - - - - - /usr/bin/socket-proxyd-multi-destination.sh - - - - Make it executable: - - - - - - - - @@ -304,7 +212,9 @@ $ curl https://localhost/]]> systemd.socket5, systemd.service5, systemctl1, - socat1 + socat1, + nginx1, + curl1