Commit 91909aca authored by Vladimír Čunát's avatar Vladimír Čunát

Merge !820: doc: systemd

parents dfc236e1 eb22dfe8
......@@ -21,7 +21,9 @@ Most notable examples of such systems are CentOS 7 and macOS.
If you're using our packages with systemd with sockets support (not supported
on CentOS 7), network interfaces are configured using systemd drop-in files.
Each protocol has its own configuration file:
Each protocol has its own configuration file. *By default, these are configured
to listen on localhost.*
.. csv-table::
:header: "**Network protocol**", "**Socket file name**"
......@@ -31,7 +33,12 @@ Each protocol has its own configuration file:
":ref:`mod-http-doh`","``kresd-doh.socket``"
":ref:`Web management <mod-http-built-in-services>`","``kresd-webmgmt.socket``"
To configure kresd to listen on a public interface using the original DNS protocol,
.. warning:: You MUST NOT repeat the localhost defaults in the following
drop-in overrides, otherwise the socket will fail to start with "Address in
use" error. To view the entire socket configuration, including any drop-ins,
use systemctl cat.
To configure kresd to listen on a **public interface** using the original DNS protocol,
create a drop-in file:
.. code-block:: bash
......@@ -78,7 +85,7 @@ distribution. It is also possible to check resulting configuration using
The default localhost interface/port can also be removed/overriden by using an
empty ``ListenDatagram=`` or ``ListenStream=`` directive. This can be used when
you want to configure kresd to listen on all IPv4/IPv6 network interfaces (if
you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ).
you've disabled IPv6 support in kernel, use ``0.0.0.0:port`` instead`` ).
.. code-block:: none
......@@ -86,8 +93,8 @@ you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ).
[Socket]
ListenDatagram=
ListenStream=
ListenDatagram=[::]:53
ListenStream=[::]:53
ListenDatagram=53
ListenStream=53
.. note:: Using IPv6 to bind to IPv4 interfaces is currently not compatible
with IPv4 syntax in ``view:addr()`` when using the ``view`` module. For
......@@ -145,7 +152,7 @@ on port 443, create the following drop-in file for ``kresd-doh.socket``:
# /etc/systemd/system/kresd-doh.socket.d/override.conf
[Socket]
ListenStream=
ListenStream=[::]:443
ListenStream=443
Make sure no other service is using port 443, as that will result in
unpredictable behaviour. Alternately, you can use port 44353 where a collision
......
......@@ -3,9 +3,8 @@
# Configure kresd-doh.socket to listen on all IPv4 and IPv6 interfaces.
# Empty ListenStream= directive is required to avoid port clash with default
# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0 instead of
# [::]
# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0:port instead
[Socket]
ListenStream=
ListenStream=[::]:443
ListenStream=443
......@@ -3,9 +3,8 @@
# Configure kresd-tls.socket to listen on all IPv4 and IPv6 interfaces.
# Empty ListenStream= directive is required to avoid port clash with default
# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0 instead of
# [::]
# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0:port instead
[Socket]
ListenStream=
ListenStream=[::]:853
ListenStream=853
......@@ -4,10 +4,10 @@
# Empty ListenDatagram= and ListenStream= directives are required to avoid port
# clash with default localhost. If you've disabled IPv6 support in kernel, use
# 0.0.0.0 instead of [::]
# 0.0.0.0:port instead
[Socket]
ListenDatagram=
ListenStream=
ListenDatagram=[::]:53
ListenStream=[::]:53
ListenDatagram=53
ListenStream=53
......@@ -28,7 +28,15 @@ system-kresd.slice
This manual page describes how to manage \fBkresd\fR using \fBsystemd\fR
units.
.B Socket activation
.B QUICKSTART
.nf
.RS 4n
\fBsystemctl start kresd@1\fR - single instance of kresd, responding on localhost
.RE
.fi
.B SOCKET ACTIVATION
\fBkresd\fR integration with systemd takes advantage of socket activation,
which enables the daemon to run without super user priviledges or any
......@@ -49,9 +57,15 @@ these systemd sockets associated with it:
.RE
.fi
.B Configuring network interfaces
.B CONFIGURING NETWORK INTERFACES
By default, \fBkresd is configured to listen on localhost\fR (see ports above).
You MUST NOT repeat these defaults in the following drop-in overrides,
otherwise the socket will fail to start with "Address in use" error. To view
the entire socket configuration, including any drop-ins, use \fBsystemctl
cat\fR.
To configure \fBkresd\fR to listen on public interfaces, drop-in files (see
To configure \fBkresd\fR to listen on \fBpublic interfaces\fR, drop-in files (see
\fIsystemd.unit\fR(5)) should be used. These can be created with:
.nf
......@@ -84,8 +98,8 @@ ListenStream=192.0.2.115:853
To configure \fBkresd\fR to listen on all IPv4 and IPv6 interfaces, use empty
\fIListenDatagram=\fR and \fIListenStream=\fR directives to remove the default
localhost address and then bind to the [::] address. If you've disabled IPv6
support in kernel, use the 0.0.0.0 address instead.
localhost address and then specify port to bind to. If you've disabled IPv6
support in kernel, use the 0.0.0.0:port syntax instead.
.nf
.RS 4n
......@@ -93,13 +107,13 @@ support in kernel, use the 0.0.0.0 address instead.
[Socket]
ListenDatagram=
ListenStream=
ListenDatagram=[::]:53
ListenStream=[::]:53
ListenDatagram=53
ListenStream=53
# /etc/systemd/system/kresd-tls.socket.d/override.conf
[Socket]
ListenStream=
ListenStream=[::]:853
ListenStream=853
.RE
.fi
......@@ -122,7 +136,7 @@ on port 443, create the following drop-in file for \fBkresd-doh.socket\fR:
# /etc/systemd/system/kresd-doh.socket.d/override.conf
[Socket]
ListenStream=
ListenStream=[::]:443
ListenStream=443
.RE
.fi
......@@ -132,7 +146,7 @@ is unlikely.
For more detailed socket configuration, see \fBsystemd.socket\fR(5).
.B Concurrent daemons
.B CONCURRENT DAEMONS
\fBkresd\fR daemon can be executed in multiple independent processes, which are
managed with \fBsystemd\fR via systemd templates (see \fBsystemd.unit\fR(5)).
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment