mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-03-04 02:14:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated systemd (markdown)

szemley 2021-03-25 09:14:55 +00:00
parent 999e39ed28
commit dae2041a44
1 changed files with 4 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
systemd.md

@ -167,11 +167,9 @@ In order to use DNSCrypt-Proxy but without systemd socket activation, User shoul
Despite all of this, User must know that systemd socket mechanism is designed to conserve system resources by preventing services starting until they are needed. There is also `NoDelay` option (vide `/lib/systemd/system/dnscrypt-proxy.socket` file) used to disable [Nagle's algorithm](https://en.wikipedia.org/wiki/Nagle's_algorithm) for "_reducing the number of packets that need to be sent over the network_" (generally it aims to combine many smaller TCP segments into larger one and send such packet over the network).
Moreover, there is additional advantage: systemd will open sockets, not the application process itself. That way, User don't have to grant additional permissions, such as `CAP_NET_BIND_SERVICE` capability (allows bind a socket to so-called "_Privileged Ports_" (port numbers less than `1024`). And one of the most important thing: when sockets are used, systemd runs DNSCrypt-Proxy as a dedicated user (e.g. `_dnscrypt-proxy` in Ubuntu), so there is no need to drop privileges etc.
Moreover, there is additional advantage: systemd will open sockets, not the application process itself. That way, User don't have to grant additional permissions, such as `CAP_NET_BIND_SERVICE` capability (allows bind a socket to so-called "_Privileged Ports_" - port numbers less than `1024`). And one of the most important thing: when sockets are used, systemd runs DNSCrypt-Proxy as a dedicated user (e.g. `_dnscrypt-proxy`), so there is no need to drop privileges etc.
Anyway, disabling systemd socket activation is relative simple, not to say trivial. In short, everything is about to stop and disable `dnscrypt-proxy.socket` unit, comment or remove options - related with systemd sockets - found in `dnscrypt-proxy.service` file (and eventually `dnscrypt-proxy-resolvconf.service`; see above examples [in:] **Usage with systemd**). The next step is to add a correct IP address to the `listen_addresses` option found in `dnscrypt-proxy.toml` configuration file. Finally, restart DNSCrypt-Proxy and check service status.
Below are commands used to achieve above goal. (Please note, that **mousepad** — a simple text editor was used, but it completely depends on User preferences - just use your favorite editor).
Anyway, disabling systemd socket activation is relative simple, not to say trivial. Below, there is a short "description" with comments and various commands used to achieve this goal. (Please note, that **mousepad** — a simple text editor was used, but it completely depends on User preferences - just use your favorite editor).
```sh
# Stop and disable socket units (it seems,
@ -204,9 +202,9 @@ sudo mousepad /etc/dnscrypt-proxy/dnscrypt-proxy.toml
sudo systemctl restart dnscrypt-proxy.service
# Check if everything is okay (there shouldn't be any
# `WARNING` or `FATAL` messages and information about
# 'WARNING' or 'FATAL' messages and information about
# "wiring systemd TCP/UDP sockets" should be replaced
# with "Now listening on TCP/UDP").
# with: "Now listening on TCP/UDP").
# ---------------------------------------------------
journalctl -u dnscrypt-proxy.service
systemctl status dnscrypt-proxy.service