1SYSTEMD-SOCKET-PROXYD(8) systemd-socket-proxyd SYSTEMD-SOCKET-PROXYD(8)
2
6 systemd-socket-proxyd - Bidirectionally proxy local sockets to another
7 (possibly remote) socket
8
10 systemd-socket-proxyd [OPTIONS...] HOST:PORT
11 systemd-socket-proxyd [OPTIONS...] UNIX-DOMAIN-SOCKET-PATH
13
15 systemd-socket-proxyd is a generic socket-activated network socket
16 forwarder proxy daemon for IPv4, IPv6 and UNIX stream sockets. It may
17 be used to bi-directionally forward traffic from a local listening
18 socket to a local or remote destination socket.
19 One use of this tool is to provide socket activation support for
21 services that do not natively support socket activation. On behalf of
22 the service to activate, the proxy inherits the socket from systemd,
23 accepts each client connection, opens a connection to a configured
24 server for each client, and then bidirectionally forwards data between
25 the two.
26 This utility's behavior is similar to socat(1). The main differences
28 for systemd-socket-proxyd are support for socket activation with
29 "Accept=no" and an event-driven design that scales better with the
30 number of connections.
31
33 The following options are understood:
34 -h, --help
36 Print a short help text and exit.
37 --version
39 Print a short version string and exit.
40 --connections-max=, -c
42 Sets the maximum number of simultaneous connections, defaults to
43 256. If the limit of concurrent connections is reached further
44 connections will be refused.
45 --exit-idle-time=
47 Sets the time before exiting when there are no connections,
48 defaults to infinity. Takes a unit-less value in seconds, or a time
49 span value such as "5min 20s".
50
52 On success, 0 is returned, a non-zero failure code otherwise.
53
55 Simple Example
56 Use two services with a dependency and no namespace isolation.
57 Example 1. proxy-to-nginx.socket
59 [Socket]
61 ListenStream=80
62 [Install]
64 WantedBy=sockets.target
65 Example 2. proxy-to-nginx.service
67 [Unit]
69 Requires=nginx.service
70 After=nginx.service
71 Requires=proxy-to-nginx.socket
72 After=proxy-to-nginx.socket
73 [Service]
75 ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
76 PrivateTmp=yes
77 PrivateNetwork=yes
78 Example 3. nginx.conf
80 [...]
82 server {
83 listen unix:/run/nginx/socket;
84 [...]
85 Example 4. Enabling the proxy
87 # systemctl enable --now proxy-to-nginx.socket
89 $ curl http://localhost:80/
90 If nginx.service has StopWhenUnneeded= set, then passing
92 --exit-idle-time= to systemd-socket-proxyd allows both services to stop
93 during idle periods.
94 Namespace Example
96 Similar as above, but runs the socket proxy and the main service in the
97 same private namespace, assuming that nginx.service has PrivateTmp= and
98 PrivateNetwork= set, too.
99 Example 5. proxy-to-nginx.socket
101 [Socket]
103 ListenStream=80
104 [Install]
106 WantedBy=sockets.target
107 Example 6. proxy-to-nginx.service
109 [Unit]
111 Requires=nginx.service
112 After=nginx.service
113 Requires=proxy-to-nginx.socket
114 After=proxy-to-nginx.socket
115 JoinsNamespaceOf=nginx.service
116 [Service]
118 ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
119 PrivateTmp=yes
120 PrivateNetwork=yes
121 Example 7. nginx.conf
123 [...]
125 server {
126 listen 8080;
127 [...]
128 Example 8. Enabling the proxy
130 # systemctl enable --now proxy-to-nginx.socket
132 $ curl http://localhost:80/
133
135 systemd(1), systemd.socket(5), systemd.service(5), systemctl(1),
136 socat(1), nginx(1), curl(1)
137systemd 249 SYSTEMD-SOCKET-PROXYD(8)