2013-10-15 03:41:47 +04:00
<?xml version="1.0"?>
<!-- * - nxml - * -->
< !DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
Copyright 2013 David Strauss
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http: / / w w w . g n u . o r g / l i c e n s e s /> .
-->
2013-10-16 04:00:18 +04:00
<refentry id= "systemd-saproxy" >
2013-10-15 03:41:47 +04:00
<refentryinfo >
2013-10-16 04:00:18 +04:00
<title > systemd-saproxy</title>
2013-10-15 03:41:47 +04:00
<productname > systemd</productname>
<authorgroup >
<author >
<contrib > Developer</contrib>
<firstname > David</firstname>
<surname > Strauss</surname>
<email > david@davidstrauss.net</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta >
2013-10-16 04:00:18 +04:00
<refentrytitle > systemd-saproxy</refentrytitle>
2013-10-15 03:41:47 +04:00
<manvolnum > 1</manvolnum>
</refmeta>
<refnamediv >
2013-10-16 04:00:18 +04:00
<refname > systemd-saproxy</refname>
2013-10-15 03:41:47 +04:00
<refpurpose > Inherit a socket. Bidirectionally
proxy.</refpurpose>
</refnamediv>
<refsynopsisdiv >
<cmdsynopsis >
2013-10-16 04:00:18 +04:00
<command > systemd-saproxy</command>
2013-10-15 03:41:47 +04:00
<arg choice= "opt" rep= "repeat" > OPTIONS</arg>
<arg choice= "plain" > <replaceable > HOSTNAME-OR-IP</replaceable> </arg>
<arg choice= "plain" > <replaceable > PORT-OR-SERVICE</replaceable> </arg>
</cmdsynopsis>
<cmdsynopsis >
2013-10-16 04:00:18 +04:00
<command > systemd-saproxy</command>
2013-10-15 03:41:47 +04:00
<arg choice= "opt" rep= "repeat" > OPTIONS</arg>
<arg choice= "plain" > <replaceable > UNIX-DOMAIN-SOCKET-PATH</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 >
<title > Description</title>
<para >
2013-10-16 15:04:43 +04:00
<command > systemd-saproxy</command> provides a proxy
2013-10-15 03:41:47 +04:00
to socket-activate services that do not yet support
native socket activation. On behalf of the daemon,
the proxy inherits the socket from systemd, accepts
each client connection, opens a connection to the server
for each client, and then bidirectionally forwards
data between the two.</para>
<para > This utility's behavior is similar to
<citerefentry > <refentrytitle > socat</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> .
2013-10-16 04:00:18 +04:00
The main differences for <command > systemd-saproxy</command>
2013-10-15 03:41:47 +04:00
are support for socket activation with
<literal > Accept=false</literal> and an event-driven
design that scales better with the number of
connections.</para>
</refsect1>
<refsect1 >
<title > Options</title>
<para > The following options are understood:</para>
<variablelist >
<varlistentry >
<term > <option > -h</option> </term>
<term > <option > --help</option> </term>
<listitem >
<para > Prints a short help
text and exits.</para>
</listitem>
</varlistentry>
<varlistentry >
<term > <option > --version</option> </term>
<listitem >
<para > Prints a version
string and exits.</para>
</listitem>
</varlistentry>
<varlistentry >
<term > <option > --ignore-env</option> </term>
<listitem >
<para > Skips verification of
the expected PID and file
descriptor numbers. Use if
invoked indirectly, for
example with a shell script
rather than with
2013-10-16 04:00:18 +04:00
<option > ExecStart=/usr/bin/systemd-saproxy</option>
2013-10-15 03:41:47 +04:00
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 >
<title > Exit status</title>
<para > On success 0 is returned, a non-zero failure
code otherwise.</para>
</refsect1>
<refsect1 >
<title > Examples</title>
<refsect2 >
<title > Direct-Use Example</title>
<para > Use two services with a dependency
and no namespace isolation.</para>
2013-10-16 15:04:43 +04:00
<example label= "proxy socket unit" >
<title > /etc/systemd/system/proxy-to-nginx.socket</title>
2013-10-15 03:41:47 +04:00
<programlisting >
< ![CDATA[[Socket]
ListenStream=80
[Install]
WantedBy=socket.target]]>
</programlisting>
</example>
2013-10-16 15:04:43 +04:00
<example label= "proxy service unit" >
<title > /etc/systemd/system/proxy-to-nginx.service</title>
2013-10-15 03:41:47 +04:00
<programlisting >
< ![CDATA[[Unit]
After=nginx.service
Requires=nginx.service
[Service]
2013-10-16 04:00:18 +04:00
ExecStart=/usr/bin/systemd-saproxy /tmp/nginx.sock
2013-10-15 03:41:47 +04:00
PrivateTmp=true
PrivateNetwork=true]]>
</programlisting>
</example>
<example label= "nginx configuration" >
<title > /etc/nginx/nginx.conf</title>
<programlisting >
< ![CDATA[[...]
server {
listen unix:/tmp/nginx.sock;
[...]]]>
</programlisting>
</example>
<example label= "commands" >
<programlisting >
< ![CDATA[$ sudo systemctl --system daemon-reload
2013-10-16 15:04:43 +04:00
$ sudo systemctl start proxy-to-nginx.socket
$ sudo systemctl enable proxy-to-nginx.socket
2013-10-15 03:41:47 +04:00
$ curl http://localhost:80/]]>
</programlisting>
</example>
</refsect2>
<refsect2 >
<title > Indirect-Use Example</title>
<para > Use a shell script to isolate the
2013-10-16 15:04:43 +04:00
service and proxy into the same namespace.
2013-10-15 03:41:47 +04:00
This is particularly useful for running
TCP-only daemons without the daemon
affecting ports on regular
interfaces.</para>
2013-10-16 15:04:43 +04:00
<example label= "combined proxy and nginx socket unit" >
2013-10-15 03:41:47 +04:00
<title >
2013-10-16 15:04:43 +04:00
/etc/systemd/system/proxy-with-nginx.socket</title>
2013-10-15 03:41:47 +04:00
<programlisting >
< ![CDATA[[Socket]
ListenStream=80
[Install]
WantedBy=socket.target]]>
</programlisting>
</example>
2013-10-16 15:04:43 +04:00
<example label= "combined proxy and nginx service unit" >
2013-10-15 03:41:47 +04:00
<title >
2013-10-16 15:04:43 +04:00
/etc/systemd/system/proxy-with-nginx.service</title>
2013-10-15 03:41:47 +04:00
<programlisting >
< ![CDATA[[Unit]
After=syslog.target remote-fs.target nss-lookup.target
[Service]
ExecStartPre=/usr/sbin/nginx -t
2013-10-16 04:00:18 +04:00
ExecStart=/usr/bin/saproxy-nginx.sh
2013-10-15 03:41:47 +04:00
PrivateTmp=true
PrivateNetwork=true]]>
</programlisting>
</example>
<example label= "shell script" >
<title >
2013-10-16 04:00:18 +04:00
/usr/bin/saproxy-nginx.sh</title>
2013-10-15 03:41:47 +04:00
<programlisting >
< ![CDATA[#!/bin/sh
/usr/sbin/nginx
while [ ! -f /tmp/nginx.pid ]
do
/usr/bin/inotifywait /tmp/nginx.pid
done
2013-10-16 04:00:18 +04:00
/usr/bin/systemd-saproxy --ignore-env localhost 8080]]>
2013-10-15 03:41:47 +04:00
</programlisting>
</example>
<example label= "nginx configuration" >
<title >
/etc/nginx/nginx.conf</title>
<programlisting >
< ![CDATA[[...]
server {
listen 8080;
listen unix:/tmp/nginx.sock;
[...]]]>
</programlisting>
</example>
<example label= "commands" >
<programlisting >
< ![CDATA[$ sudo systemctl --system daemon-reload
2013-10-16 15:04:43 +04:00
$ sudo systemctl start proxy-with-nginx.socket
$ sudo systemctl enable proxy-with-nginx.socket
2013-10-15 03:41:47 +04:00
$ curl http://localhost:80/]]>
</programlisting>
</example>
</refsect2>
</refsect1>
<refsect1 >
<title > See Also</title>
<para >
<citerefentry >
<refentrytitle >
systemd.service</refentrytitle>
<manvolnum > 5</manvolnum>
</citerefentry> ,
<citerefentry >
<refentrytitle >
systemd.socket</refentrytitle>
<manvolnum > 5</manvolnum>
</citerefentry> ,
<citerefentry >
<refentrytitle > systemctl</refentrytitle>
<manvolnum > 1</manvolnum>
</citerefentry> ,
<citerefentry >
<refentrytitle > socat</refentrytitle>
<manvolnum > 1</manvolnum>
</citerefentry> </para>
</refsect1>
</refentry>
