1SYSTEMD-SOCKET-PROXYD(8)     systemd-socket-proxyd    SYSTEMD-SOCKET-PROXYD(8)
2
3
4

NAME

6       systemd-socket-proxyd - Bidirectionally proxy local sockets to another
7       (possibly remote) socket
8

SYNOPSIS

10       systemd-socket-proxyd [OPTIONS...] HOST:PORT
11
12       systemd-socket-proxyd [OPTIONS...] UNIX-DOMAIN-SOCKET-PATH
13

DESCRIPTION

15       systemd-socket-proxyd is a generic socket-activated network socket
16       forwarder proxy daemon for IPv4, IPv6 and UNIX stream sockets. It may
17       be used to bi-directionally forward traffic from a local listening
18       socket to a local or remote destination socket.
19
20       One use of this tool is to provide socket activation support for
21       services that do not natively support socket activation. On behalf of
22       the service to activate, the proxy inherits the socket from systemd,
23       accepts each client connection, opens a connection to a configured
24       server for each client, and then bidirectionally forwards data between
25       the two.
26
27       This utility's behavior is similar to socat(1). The main differences
28       for systemd-socket-proxyd are support for socket activation with
29       "Accept=no" and an event-driven design that scales better with the
30       number of connections.
31

OPTIONS

33       The following options are understood:
34
35       -h, --help
36           Print a short help text and exit.
37
38       --version
39           Print a short version string and exit.
40
41       --connections-max=, -c
42           Sets the maximum number of simultaneous connections, defaults to
43           256. If the limit of concurrent connections is reached further
44           connections will be refused.
45
46       --exit-idle-time=
47           Sets the time before exiting when there are no connections,
48           defaults to infinity. Takes a unit-less value in seconds, or a time
49           span value such as "5min 20s".
50

EXIT STATUS

52       On success, 0 is returned, a non-zero failure code otherwise.
53

EXAMPLES

55   Simple Example
56       Use two services with a dependency and no namespace isolation.
57
58       Example 1. proxy-to-nginx.socket
59
60           [Socket]
61           ListenStream=80
62
63           [Install]
64           WantedBy=sockets.target
65
66       Example 2. proxy-to-nginx.service
67
68           [Unit]
69           Requires=nginx.service
70           After=nginx.service
71           Requires=proxy-to-nginx.socket
72           After=proxy-to-nginx.socket
73
74           [Service]
75           ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
76           PrivateTmp=yes
77           PrivateNetwork=yes
78
79       Example 3. nginx.conf
80
81           [...]
82           server {
83               listen       unix:/run/nginx/socket;
84               [...]
85
86       Example 4. Enabling the proxy
87
88           # systemctl enable --now proxy-to-nginx.socket
89           $ curl http://localhost:80/
90
91       If nginx.service has StopWhenUnneeded= set, then passing
92       --exit-idle-time= to systemd-socket-proxyd allows both services to stop
93       during idle periods.
94
95   Namespace Example
96       Similar as above, but runs the socket proxy and the main service in the
97       same private namespace, assuming that nginx.service has PrivateTmp= and
98       PrivateNetwork= set, too.
99
100       Example 5. proxy-to-nginx.socket
101
102           [Socket]
103           ListenStream=80
104
105           [Install]
106           WantedBy=sockets.target
107
108       Example 6. proxy-to-nginx.service
109
110           [Unit]
111           Requires=nginx.service
112           After=nginx.service
113           Requires=proxy-to-nginx.socket
114           After=proxy-to-nginx.socket
115           JoinsNamespaceOf=nginx.service
116
117           [Service]
118           ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
119           PrivateTmp=yes
120           PrivateNetwork=yes
121
122       Example 7. nginx.conf
123
124           [...]
125           server {
126               listen       8080;
127               [...]
128
129       Example 8. Enabling the proxy
130
131           # systemctl enable --now proxy-to-nginx.socket
132           $ curl http://localhost:80/
133

SEE ALSO

135       systemd(1), systemd.socket(5), systemd.service(5), systemctl(1),
136       socat(1), nginx(1), curl(1)
137
138
139
140systemd 246                                           SYSTEMD-SOCKET-PROXYD(8)
Impressum