diff --git a/TODO b/TODO
index f79f7b10158..9b898bb57db 100644
--- a/TODO
+++ b/TODO
@@ -105,7 +105,6 @@ Features:
* remove NSS usage from PID 1 (notably the specifiers)
* socket-proxyd:
- - Support multiple inherited sockets mapped to different remote hosts
- Use a nonblocking alternative to getaddrinfo
- Until we can start daemons directly, find a less ugly, less racy alternative than shell scripts for the second man page example.
- Support starting daemons directly without requiring a shell script; update man pages
diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml
index 4eb13e4d252..d57a59cf799 100644
--- a/man/systemd-socket-proxyd.xml
+++ b/man/systemd-socket-proxyd.xml
@@ -31,6 +31,12 @@
Strauss
david@davidstrauss.net
+
+ Developer
+ Lennart
+ Poettering
+ lennart@poettering.net
+
@@ -83,6 +89,17 @@
Options
The following options are understood:
+
+
+
+
+ Restricts listening to a
+ single inherited socket, specified
+ as a file descriptor. By default,
+ the proxy listens on all inherited
+ sockets.
+
+
@@ -196,8 +213,12 @@ while [ ! -f /tmp/nginx.pid ]
do
/usr/bin/inotifywait /tmp/nginx.pid
done
-exec /usr/bin/systemd-socket-proxyd localhost 8080]]>
+exec /usr/bin/systemd-socket-proxyd localhost:8080]]>
+ Make it executable:
+
+
+
@@ -215,6 +236,63 @@ server {
<![CDATA[# systemctl enable proxy-with-nginx.socket
# systemctl start proxy-with-nginx.socket
$ curl http://localhost:80/]]>
+</programlisting>
+ </example>
+ </refsect2>
+
+ <refsect2>
+ <title>Multiple Listeners with Multiple Destinations
+ When using namespaces, it may be useful to
+ have multiple listeners with each going to a unique
+ destination. systemd always passes sockets into
+ services in the order specified in the socket
+ unit, beginning with file descriptor 3.
+ In this example, port 80
+ will proxy to localhost:8080,
+ and port 443 will proxy to
+ localhost:8443.
+
+ /etc/systemd/system/multi-destination.socket
+
+
+
+
+
+ /etc/systemd/system/multi-destination.service
+
+
+
+
+
+
+
+ /usr/bin/socket-proxyd-multi-destination.sh
+
+
+
+ Make it executable:
+
+
+
+
+
+
+
+
diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c
index 432558d1903..362e8aae9f3 100644
--- a/src/socket-proxy/socket-proxyd.c
+++ b/src/socket-proxy/socket-proxyd.c
@@ -66,6 +66,7 @@ typedef struct Connection {
} Connection;
static const char *arg_remote_host = NULL;
+static int arg_listener = -1;
static void connection_free(Connection *c) {
assert(c);
@@ -554,8 +555,9 @@ static int help(void) {
printf("%s [HOST:PORT]\n"
"%s [SOCKET]\n\n"
"Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
- " -h --help Show this help\n"
- " --version Show package version\n",
+ " -l --listener=FD Listen on a specific, single file descriptor.\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n",
program_invocation_short_name,
program_invocation_short_name);
@@ -565,22 +567,22 @@ static int help(void) {
static int parse_argv(int argc, char *argv[]) {
enum {
- ARG_VERSION = 0x100,
- ARG_IGNORE_ENV
+ ARG_VERSION = 0x100
};
static const struct option options[] = {
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, ARG_VERSION },
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+ { "listener", required_argument, NULL, 'l' },
{}
};
- int c;
+ int c, fd;
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
+ while ((c = getopt_long(argc, argv, "hl:", options, NULL)) >= 0) {
switch (c) {
@@ -592,6 +594,18 @@ static int parse_argv(int argc, char *argv[]) {
puts(SYSTEMD_FEATURES);
return 0;
+ case 'l':
+ if (safe_atoi(optarg, &fd) < 0) {
+ log_error("Failed to parse listener file descriptor: %s", optarg);
+ return -EINVAL;
+ }
+ if (fd < SD_LISTEN_FDS_START) {
+ log_error("Listener file descriptor must be at least %d.", SD_LISTEN_FDS_START);
+ return -EINVAL;
+ }
+ arg_listener = fd;
+ break;
+
case '?':
return -EINVAL;
@@ -632,19 +646,26 @@ int main(int argc, char *argv[]) {
goto finish;
}
- n = sd_listen_fds(1);
- if (n < 0) {
- log_error("Failed to receive sockets from parent.");
- r = n;
- goto finish;
- } else if (n == 0) {
- log_error("Didn't get any sockets passed in.");
- r = -EINVAL;
- goto finish;
- }
-
- for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
- r = add_listen_socket(&context, event, fd);
+ if (arg_listener == -1) {
+ n = sd_listen_fds(1);
+ if (n < 0) {
+ log_error("Failed to receive sockets from parent.");
+ r = n;
+ goto finish;
+ } else if (n == 0) {
+ log_error("Didn't get any sockets passed in.");
+ r = -EINVAL;
+ goto finish;
+ }
+ log_info("Listening on %d inherited socket(s), starting with fd=%d.", n, SD_LISTEN_FDS_START);
+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
+ r = add_listen_socket(&context, event, fd);
+ if (r < 0)
+ goto finish;
+ }
+ } else {
+ log_info("Listening on single inherited socket fd=%d.", arg_listener);
+ r = add_listen_socket(&context, event, arg_listener);
if (r < 0)
goto finish;
}