1SYSTEMD-SOCKET-PROXYD(8) systemd-socket-proxyd SYSTEMD-SOCKET-PROXYD(8)
2
6 systemd-socket-proxyd - Bidirectionally proxy local sockets to another
7 (possibly remote) socket
8
10 systemd-socket-proxyd [OPTIONS...] HOST:PORT
11 systemd-socket-proxyd [OPTIONS...] UNIX-DOMAIN-SOCKET-PATH
13
15 systemd-socket-proxyd is a generic socket-activated network socket
16 forwarder proxy daemon for IPv4, IPv6 and UNIX stream sockets. It may
17 be used to bi-directionally forward traffic from a local listening
18 socket to a local or remote destination socket.
19 One use of this tool is to provide socket activation support for
21 services that do not natively support socket activation. On behalf of
22 the service to activate, the proxy inherits the socket from systemd,
23 accepts each client connection, opens a connection to a configured
24 server for each client, and then bidirectionally forwards data between
25 the two.
26 This utility's behavior is similar to socat(1). The main differences
28 for systemd-socket-proxyd are support for socket activation with
29 "Accept=no" and an event-driven design that scales better with the
30 number of connections.
31
33 The following options are understood:
34 -h, --help
36 Print a short help text and exit.
37 --version
39 Print a short version string and exit.
40 --connections-max=, -c
42 Sets the maximum number of simultaneous connections, defaults to
43 256. If the limit of concurrent connections is reached further
44 connections will be refused.
45 --exit-idle-time=
47 Sets the time before exiting when there are no connections,
48 defaults to infinity. Takes a unit-less value in seconds, or a time
49 span value such as "5min 20s".
50
52 On success, 0 is returned, a non-zero failure code otherwise.
53
55 Simple Example
56 Use two services with a dependency and no namespace isolation.
57 Example 1. proxy-to-nginx.socket
59 [Socket]
61 ListenStream=80
62 [Install]
64 WantedBy=sockets.target
65 Example 2. proxy-to-nginx.service
67 [Unit]
69 Requires=nginx.service
70 After=nginx.service
71 Requires=proxy-to-nginx.socket
72 After=proxy-to-nginx.socket
73 [Service]
75 Type=notify
76 ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
77 PrivateTmp=yes
78 PrivateNetwork=yes
79 Example 3. nginx.conf
81 [...]
83 server {
84 listen unix:/run/nginx/socket;
85 [...]
86 Example 4. Enabling the proxy
88 # systemctl enable --now proxy-to-nginx.socket
90 $ curl http://localhost:80/
91 If nginx.service has StopWhenUnneeded= set, then passing
93 --exit-idle-time= to systemd-socket-proxyd allows both services to stop
94 during idle periods.
95 Namespace Example
97 Similar as above, but runs the socket proxy and the main service in the
98 same private namespace, assuming that nginx.service has PrivateTmp= and
99 PrivateNetwork= set, too.
100 Example 5. proxy-to-nginx.socket
102 [Socket]
104 ListenStream=80
105 [Install]
107 WantedBy=sockets.target
108 Example 6. proxy-to-nginx.service
110 [Unit]
112 Requires=nginx.service
113 After=nginx.service
114 Requires=proxy-to-nginx.socket
115 After=proxy-to-nginx.socket
116 JoinsNamespaceOf=nginx.service
117 [Service]
119 Type=notify
120 ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
121 PrivateTmp=yes
122 PrivateNetwork=yes
123 Example 7. nginx.conf
125 [...]
127 server {
128 listen 8080;
129 [...]
130 Example 8. Enabling the proxy
132 # systemctl enable --now proxy-to-nginx.socket
134 $ curl http://localhost:80/
135
137 systemd(1), systemd.socket(5), systemd.service(5), systemctl(1),
138 socat(1), nginx(1), curl(1)
139systemd 254 SYSTEMD-SOCKET-PROXYD(8)