mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-03-04 02:14:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated systemd (markdown)

szemley 2021-05-20 08:38:01 +00:00
parent 3edb4894cb
commit ec2ea6bc8a
1 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
systemd.md

@ -165,10 +165,6 @@ sudo systemctl enable dnscrypt-proxy.service
In order to use DNSCrypt-Proxy but without systemd socket activation, User should consider various pros and cons. For example, main Developer - Mr Frank Denis suggests to not using systemd socket at all. On the other hand, some Users express their own opinions, saying that systemd socket activaction is a better choice (for more informations, please check **[1]** - there are various threads about systemd and socket activation etc.)
Despite all of this, User must know that systemd socket mechanism is designed to conserve system resources by preventing services starting until they are needed. There is also `NoDelay` option (vide `/lib/systemd/system/dnscrypt-proxy.socket` file) used to disable [Nagle's algorithm](https://en.wikipedia.org/wiki/Nagle's_algorithm) for "_reducing the number of packets that need to be sent over the network_" (generally it aims to combine many smaller TCP segments into larger one and send such packet over the network).
Moreover, there is additional advantage: systemd will open sockets, not the application process itself. That way, User don't have to grant additional permissions, such as `CAP_NET_BIND_SERVICE` capability (allows bind a socket to so-called "_Privileged Ports_" - port numbers less than `1024`). And one of the most important thing: when sockets are used, systemd runs DNSCrypt-Proxy as a dedicated user (e.g. `_dnscrypt-proxy`), so there is no need to drop privileges etc.
Anyway, disabling systemd socket activation is relative simple, not to say trivial. Below, there is a short "description" with comments and various commands used to achieve this goal. (Please note, that **mousepad** is a simple text editor. Everything depends on User preferences - just use your favorite application/editor).
```sh
@ -190,9 +186,9 @@ sudo mousepad /lib/systemd/system/dnscrypt-proxy-resolvconf.service
# -----------------------------------------------------
sudo systemctl daemon-reload
# Edit configuration file, add the IP address and port
# number ('IP:port' format) to the `listen_address`
# option, e.g. '127.0.0.1:53'.
# Edit DNSCrypt-Proxy configuration file, next add
# the IP address and port number ('IP:port' format)
# to the `listen_address` option, e.g. '127.0.0.1:53'.
# ----------------------------------------------------
sudo mousepad /etc/dnscrypt-proxy/dnscrypt-proxy.toml