* remove NSS usage from PID 1 (notably the specifiers)
* socket-proxyd:
- - Support multiple inherited sockets mapped to different remote hosts
- Use a nonblocking alternative to getaddrinfo
- Until we can start daemons directly, find a less ugly, less racy alternative than shell scripts for the second man page example.
- Support starting daemons directly without requiring a shell script; update man pages
<surname>Strauss</surname>
<email>david@davidstrauss.net</email>
</author>
+ <author>
+ <contrib>Developer</contrib>
+ <firstname>Lennart</firstname>
+ <surname>Poettering</surname>
+ <email>lennart@poettering.net</email>
+ </author>
</authorgroup>
</refentryinfo>
<refmeta>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
+ <term><option>-l</option></term>
+ <term><option>--listener</option></term>
+ <listitem>
+ <para>Restricts listening to a
+ single inherited socket, specified
+ as a file descriptor. By default,
+ the proxy listens on all inherited
+ sockets.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><option>-h</option></term>
<term><option>--help</option></term>
<listitem>
do
/usr/bin/inotifywait /tmp/nginx.pid
done
-exec /usr/bin/systemd-socket-proxyd localhost 8080]]>
+exec /usr/bin/systemd-socket-proxyd localhost:8080]]>
</programlisting>
+ <para>Make it executable:</para>
+ <programlisting>
+<![CDATA[chmod 755 /usr/bin/socket-proxyd-nginx.sh]]>
+ </programlisting>
</example>
<example label="nginx configuration">
<title>
</programlisting>
</example>
</refsect2>
+
+ <refsect2>
+ <title>Multiple Listeners with Multiple Destinations</title>
+ <para>When using namespaces, it may be useful to
+ have multiple listeners with each going to a unique
+ destination. systemd always passes sockets into
+ services in the order specified in the socket
+ unit, beginning with file descriptor 3.</para>
+ <para>In this example, port <literal>80</literal>
+ will proxy to <literal>localhost:8080</literal>,
+ and port <literal>443</literal> will proxy to
+ <literal>localhost:8443</literal>.</para>
+ <example label="proxy socket unit">
+ <title>/etc/systemd/system/multi-destination.socket</title>
+ <programlisting>
+<![CDATA[[Socket]
+ListenStream=80
+ListenStream=443
+
+[Install]
+WantedBy=sockets.target]]>
+</programlisting>
+ </example>
+ <example label="proxy service unit">
+ <title>/etc/systemd/system/multi-destination.service</title>
+ <programlisting>
+<![CDATA[[Service]
+ExecStart=/usr/bin/socket-proxyd-multi-destination.sh
+PrivateTmp=true
+PrivateNetwork=true]]>
+</programlisting>
+ </example>
+
+ <example label="shell script">
+ <title>
+ /usr/bin/socket-proxyd-multi-destination.sh</title>
+ <programlisting>
+<![CDATA[#!/bin/sh
+/usr/bin/systemd-socket-proxyd --listener=3 localhost:8080 &
+/usr/bin/systemd-socket-proxyd --listener=4 localhost:8443 &
+wait]]>
+</programlisting>
+ <para>Make it executable:</para>
+ <programlisting>
+<![CDATA[chmod 755 /usr/bin/socket-proxyd-multi-destination.sh]]>
+ </programlisting>
+ </example>
+
+ <example label="commands">
+ <programlisting>
+<![CDATA[# systemctl enable multi-destination.socket
+# systemctl start multi-destination.socket
+$ curl http://localhost/
+$ curl https://localhost/]]>
+</programlisting>
+ </example>
+ </refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
} Connection;
static const char *arg_remote_host = NULL;
+static int arg_listener = -1;
static void connection_free(Connection *c) {
assert(c);
printf("%s [HOST:PORT]\n"
"%s [SOCKET]\n\n"
"Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
- " -h --help Show this help\n"
- " --version Show package version\n",
+ " -l --listener=FD Listen on a specific, single file descriptor.\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n",
program_invocation_short_name,
program_invocation_short_name);
static int parse_argv(int argc, char *argv[]) {
enum {
- ARG_VERSION = 0x100,
- ARG_IGNORE_ENV
+ ARG_VERSION = 0x100
};
static const struct option options[] = {
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, ARG_VERSION },
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+ { "listener", required_argument, NULL, 'l' },
{}
};
- int c;
+ int c, fd;
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
+ while ((c = getopt_long(argc, argv, "hl:", options, NULL)) >= 0) {
switch (c) {
puts(SYSTEMD_FEATURES);
return 0;
+ case 'l':
+ if (safe_atoi(optarg, &fd) < 0) {
+ log_error("Failed to parse listener file descriptor: %s", optarg);
+ return -EINVAL;
+ }
+ if (fd < SD_LISTEN_FDS_START) {
+ log_error("Listener file descriptor must be at least %d.", SD_LISTEN_FDS_START);
+ return -EINVAL;
+ }
+ arg_listener = fd;
+ break;
+
case '?':
return -EINVAL;
goto finish;
}
- n = sd_listen_fds(1);
- if (n < 0) {
- log_error("Failed to receive sockets from parent.");
- r = n;
- goto finish;
- } else if (n == 0) {
- log_error("Didn't get any sockets passed in.");
- r = -EINVAL;
- goto finish;
- }
-
- for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
- r = add_listen_socket(&context, event, fd);
+ if (arg_listener == -1) {
+ n = sd_listen_fds(1);
+ if (n < 0) {
+ log_error("Failed to receive sockets from parent.");
+ r = n;
+ goto finish;
+ } else if (n == 0) {
+ log_error("Didn't get any sockets passed in.");
+ r = -EINVAL;
+ goto finish;
+ }
+ log_info("Listening on %d inherited socket(s), starting with fd=%d.", n, SD_LISTEN_FDS_START);
+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
+ r = add_listen_socket(&context, event, fd);
+ if (r < 0)
+ goto finish;
+ }
+ } else {
+ log_info("Listening on single inherited socket fd=%d.", arg_listener);
+ r = add_listen_socket(&context, event, arg_listener);
if (r < 0)
goto finish;
}