systemd-socket-proxyd

systemd-socket-proxyd systemd Developer David Strauss david@davidstrauss.net Developer Lennart Poettering lennart@poettering.net systemd-socket-proxyd 1 systemd-socket-proxyd Bidirectionally proxy local sockets to another (possibly remote) socket. systemd-socket-proxyd OPTIONS HOST:PORT systemd-socket-proxyd OPTIONS UNIX-DOMAIN-SOCKET-PATH Description systemd-socket-proxyd is a generic socket-activated network socket forwarder proxy daemon for IPV4, IPv6 and UNIX stream sockets. It may be used to bi-directionally forward traffic from a local listening socket to a local or remote destination socket. One use of this tool is to provide socket activation support for services that do not natively support socket activation. On behalf of the service to activate, the proxy inherits the socket from systemd, accepts each client connection, opens a connection to a configured server for each client, and then bidirectionally forwards data between the two. This utility's behavior is similar to socat1. The main differences for systemd-socket-proxyd are support for socket activation with Accept=false and an event-driven design that scales better with the number of connections. Options The following options are understood: Restricts listening to a single inherited socket, specified as a file descriptor. By default, the proxy listens on all inherited sockets. Prints a short help text and exits. Prints a version string and exits. Exit status On success, 0 is returned, a non-zero failure code otherwise. Examples Direct-Use Example Use two services with a dependency and no namespace isolation. /etc/systemd/system/proxy-to-nginx.socket /etc/systemd/system/proxy-to-nginx.service /etc/nginx/nginx.conf Indirect-Use Example Use a shell script to isolate the service and proxy into the same namespace. This is particularly useful for running TCP-only daemons without the daemon affecting ports on regular interfaces. /etc/systemd/system/proxy-with-nginx.socket /etc/systemd/system/proxy-with-nginx.service /usr/bin/socket-proxyd-nginx.sh Make it executable: /etc/nginx/nginx.conf Multiple Listeners with Multiple Destinations When using namespaces, it may be useful to have multiple listeners with each going to a unique destination. systemd always passes sockets into services in the order specified in the socket unit, beginning with file descriptor 3. In this example, port 80 will proxy to localhost:8080, and port 443 will proxy to localhost:8443. /etc/systemd/system/multi-destination.socket /etc/systemd/system/multi-destination.service /usr/bin/socket-proxyd-multi-destination.sh Make it executable: See Also systemd1, systemd.socket5, systemd.service5, systemctl1, socat1