<?xml version="1.0"?> <!--*-nxml-*--> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> <!-- This file is part of systemd. Copyright 2013 David Strauss systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see <http://www.gnu.org/licenses/>. --> <refentry id="systemd-saproxy"> <refentryinfo> <title>systemd-saproxy</title> <productname>systemd</productname> <authorgroup> <author> <contrib>Developer</contrib> <firstname>David</firstname> <surname>Strauss</surname> <email>david@davidstrauss.net</email> </author> </authorgroup> </refentryinfo> <refmeta> <refentrytitle>systemd-saproxy</refentrytitle> <manvolnum>1</manvolnum> </refmeta> <refnamediv> <refname>systemd-saproxy</refname> <refpurpose>Inherit a socket. Bidirectionally proxy.</refpurpose> </refnamediv> <refsynopsisdiv> <cmdsynopsis> <command>systemd-saproxy</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain"><replaceable>HOSTNAME-OR-IP</replaceable></arg> <arg choice="plain"><replaceable>PORT-OR-SERVICE</replaceable></arg> </cmdsynopsis> <cmdsynopsis> <command>systemd-saproxy</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain"><replaceable>UNIX-DOMAIN-SOCKET-PATH</replaceable> </arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>Description</title> <para> <command>systemd-saproxy</command>provides a proxy to socket-activate services that do not yet support native socket activation. On behalf of the daemon, the proxy inherits the socket from systemd, accepts each client connection, opens a connection to the server for each client, and then bidirectionally forwards data between the two.</para> <para>This utility's behavior is similar to <citerefentry><refentrytitle>socat</refentrytitle><manvolnum>1</manvolnum> </citerefentry>. The main differences for <command>systemd-saproxy</command> are support for socket activation with <literal>Accept=false</literal> and an event-driven design that scales better with the number of connections.</para> </refsect1> <refsect1> <title>Options</title> <para>The following options are understood:</para> <variablelist> <varlistentry> <term><option>-h</option></term> <term><option>--help</option></term> <listitem> <para>Prints a short help text and exits.</para> </listitem> </varlistentry> <varlistentry> <term><option>--version</option></term> <listitem> <para>Prints a version string and exits.</para> </listitem> </varlistentry> <varlistentry> <term><option>--ignore-env</option></term> <listitem> <para>Skips verification of the expected PID and file descriptor numbers. Use if invoked indirectly, for example with a shell script rather than with <option>ExecStart=/usr/bin/systemd-saproxy</option> </para> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1> <title>Exit status</title> <para>On success 0 is returned, a non-zero failure code otherwise.</para> </refsect1> <refsect1> <title>Examples</title> <refsect2> <title>Direct-Use Example</title> <para>Use two services with a dependency and no namespace isolation.</para> <example label="bridge socket unit"> <title>/etc/systemd/system/bridge-to-nginx.socket</title> <programlisting> <![CDATA[[Socket] ListenStream=80 [Install] WantedBy=socket.target]]> </programlisting> </example> <example label="bridge service unit"> <title>/etc/systemd/system/bridge-to-nginx.service</title> <programlisting> <![CDATA[[Unit] After=nginx.service Requires=nginx.service [Service] ExecStart=/usr/bin/systemd-saproxy /tmp/nginx.sock PrivateTmp=true PrivateNetwork=true]]> </programlisting> </example> <example label="nginx configuration"> <title>/etc/nginx/nginx.conf</title> <programlisting> <![CDATA[[...] server { listen unix:/tmp/nginx.sock; [...]]]> </programlisting> </example> <example label="commands"> <programlisting> <![CDATA[$ sudo systemctl --system daemon-reload $ sudo systemctl start bridge-to-nginx.socket $ sudo systemctl enable bridge-to-nginx.socket $ curl http://localhost:80/]]> </programlisting> </example> </refsect2> <refsect2> <title>Indirect-Use Example</title> <para>Use a shell script to isolate the service and bridge into the same namespace. This is particularly useful for running TCP-only daemons without the daemon affecting ports on regular interfaces.</para> <example label="combined bridge and nginx socket unit"> <title> /etc/systemd/system/bridge-with-nginx.socket</title> <programlisting> <![CDATA[[Socket] ListenStream=80 [Install] WantedBy=socket.target]]> </programlisting> </example> <example label="combined bridge and nginx service unit"> <title> /etc/systemd/system/bridge-with-nginx.service</title> <programlisting> <![CDATA[[Unit] After=syslog.target remote-fs.target nss-lookup.target [Service] ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/bin/saproxy-nginx.sh PrivateTmp=true PrivateNetwork=true]]> </programlisting> </example> <example label="shell script"> <title> /usr/bin/saproxy-nginx.sh</title> <programlisting> <![CDATA[#!/bin/sh /usr/sbin/nginx while [ ! -f /tmp/nginx.pid ] do /usr/bin/inotifywait /tmp/nginx.pid done /usr/bin/systemd-saproxy --ignore-env localhost 8080]]> </programlisting> </example> <example label="nginx configuration"> <title> /etc/nginx/nginx.conf</title> <programlisting> <![CDATA[[...] server { listen 8080; listen unix:/tmp/nginx.sock; [...]]]> </programlisting> </example> <example label="commands"> <programlisting> <![CDATA[$ sudo systemctl --system daemon-reload $ sudo systemctl start bridge-with-nginx.socket $ sudo systemctl enable bridge-with-nginx.socket $ curl http://localhost:80/]]> </programlisting> </example> </refsect2> </refsect1> <refsect1> <title>See Also</title> <para> <citerefentry> <refentrytitle> systemd.service</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, <citerefentry> <refentrytitle> systemd.socket</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>systemctl</refentrytitle> <manvolnum>1</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>socat</refentrytitle> <manvolnum>1</manvolnum> </citerefentry></para> </refsect1> </refentry>