1SYSTEMD-SOCKET-PROXYD(8) systemd-socket-proxyd SYSTEMD-SOCKET-PROXYD(8)
2
3
4
6 systemd-socket-proxyd - Bidirectionally proxy local sockets to another
7 (possibly remote) socket.
8
10 systemd-socket-proxyd [OPTIONS...] HOST:PORT
11
12 systemd-socket-proxyd [OPTIONS...] UNIX-DOMAIN-SOCKET-PATH
13
15 systemd-socket-proxyd is a generic socket-activated network socket
16 forwarder proxy daemon for IPv4, IPv6 and UNIX stream sockets. It may
17 be used to bi-directionally forward traffic from a local listening
18 socket to a local or remote destination socket.
19
20 One use of this tool is to provide socket activation support for
21 services that do not natively support socket activation. On behalf of
22 the service to activate, the proxy inherits the socket from systemd,
23 accepts each client connection, opens a connection to a configured
24 server for each client, and then bidirectionally forwards data between
25 the two.
26
27 This utility's behavior is similar to socat(1). The main differences
28 for systemd-socket-proxyd are support for socket activation with
29 "Accept=false" and an event-driven design that scales better with the
30 number of connections.
31
33 The following options are understood:
34
35 -h, --help
36 Print a short help text and exit.
37
38 --version
39 Print a short version string and exit.
40
41 --connections-max=, -c
42 Sets the maximum number of simultaneous connections, defaults to
43 256. If the limit of concurrent connections is reached further
44 connections will be refused.
45
47 On success, 0 is returned, a non-zero failure code otherwise.
48
50 Simple Example
51 Use two services with a dependency and no namespace isolation.
52
53 Example 1. proxy-to-nginx.socket
54
55 [Socket]
56 ListenStream=80
57
58 [Install]
59 WantedBy=sockets.target
60
61 Example 2. proxy-to-nginx.service
62
63 [Unit]
64 Requires=nginx.service
65 After=nginx.service
66 Requires=proxy-to-nginx.socket
67 After=proxy-to-nginx.socket
68
69 [Service]
70 ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
71 PrivateTmp=yes
72 PrivateNetwork=yes
73
74 Example 3. nginx.conf
75
76 [...]
77 server {
78 listen unix:/run/nginx/socket;
79 [...]
80
81 Example 4. Enabling the proxy
82
83 # systemctl enable --now proxy-to-nginx.socket
84 $ curl http://localhost:80/
85
86 Namespace Example
87 Similar as above, but runs the socket proxy and the main service in the
88 same private namespace, assuming that nginx.service has PrivateTmp= and
89 PrivateNetwork= set, too.
90
91 Example 5. proxy-to-nginx.socket
92
93 [Socket]
94 ListenStream=80
95
96 [Install]
97 WantedBy=sockets.target
98
99 Example 6. proxy-to-nginx.service
100
101 [Unit]
102 Requires=nginx.service
103 After=nginx.service
104 Requires=proxy-to-nginx.socket
105 After=proxy-to-nginx.socket
106 JoinsNamespaceOf=nginx.service
107
108 [Service]
109 ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
110 PrivateTmp=yes
111 PrivateNetwork=yes
112
113 Example 7. nginx.conf
114
115 [...]
116 server {
117 listen 8080;
118 [...]
119
120 Example 8. Enabling the proxy
121
122 # systemctl enable --now proxy-to-nginx.socket
123 $ curl http://localhost:80/
124
126 systemd(1), systemd.socket(5), systemd.service(5), systemctl(1),
127 socat(1), nginx(1), curl(1)
128
129
130
131systemd 239 SYSTEMD-SOCKET-PROXYD(8)