linux service TCP Gateway with service starting

networking linux services tcp

Technically, yes.

In 1986, the 4.3BSD Unix OS had the inetd service whose job was simply to listen for TCP connections and spawn the real service on activity. Inetd did not need to forward actual traffic – the service itself would inherit the real TCP socket and would be able to directly read/write the network data. However, the service did need to be written specifically to expect the socket to be already provided, instead of setting up everything on its own.

Many BSDs still have inetd (although it's mostly unused), and most Linux distributions have xinetd available. Additionally, every Linux distribution using systemd has this functionality available through systemd.socket units where it's called "socket activation".

(It is even possible to start whole containers this way, but the container manager also needs specific support for this feature. For example, systemd-nspawn makes it possible – unfortunately, as far as I know, Docker does not. This did not stop a few companies from using on-demand started containers in production, though.)

A proxy/gateway tool can be used to implement on-demand startup for programs (or containers) which don't support socket passing on their own. For example, systemd again has systemd-socket-proxyd which will start the real thing and relay connections to it (there's an example with Podman on the Red Hat blog, and here's a Docker example); this can also be implemented with (x)inetd using ordinary netcat or socat as the relay.


If the service inside the container supports socket activation, you will soon (or already) be able to use Systemd together with Podman to have Systemd listen on the TCP socket. In case a client connects to the TCP socket, Systemd will start Podman in such a way that the socket file descriptor is available to the Podman process. Podman will pass on the file descriptor to the container.

It seems that Podman got support for socket activation in August 2021.
https://github.com/containers/podman/pull/11316

I haven't seen any blog posts, demonstrations or announcements of this new functionality yet. (Maybe there is still some development work going on?)

Related

code.exe blocked after choosing wrong option in update via integrated terminal
What NVME speeds should I expect from this motherboard's PCIe slots?
How to install this extension in Octave (pcbmodelgen for openEMS)
How can I identify what is preventing my HDDs from suspending?
Unable to installed ie 11 in windows 10
Can we connect 2 cat6 cables as a input to a cat 6 jack
How can I archive multiple folders into a single tar file where all the folders are contained inside a single folder? [duplicate]
bash && zsh: referencing / repeating a previous command line *argument* while still crafting the same line
Folder permission loophole with Nextcloud installation
Chrome shortcut to open new tab in same tab group
VMWare and Docker on Same Windows 10 PC
MySQL diacritic insensitive search (spanish accents)