在 .NET Core 中使用 systemd 套接字

Question

我已经在我的 Ubuntu 服务器上安装了一个 .NET Core 应用程序，当我手动运行和将其设置为系统服务。但是，由于该应用程序是通过 nginx Web 服务器运行运行的，而且我只想在用户访问它时启动该应用程序，因此我尝试使用 systemd 套接字对其进行设置，以便相应的服务仅在用户访问时启动套接字收到来自 nginx 的通知。在这种情况下，应用程序不工作并在发生时给出错误。有没有办法在 Linux 中为 .NET Core 应用程序设置基于套接字的激活？我想强调的是，同样的服务在没有被套接字激活时也能正常工作。以下是我收到的错误和 systemd 单位。

Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
Using an in-memory repository. Keys will not be persisted to storage.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59]
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {1c6b8e72-67bd-4653-b656-76f9dd136ee3} may be persisted to storage in unencrypted form.

ercot.service
[Unit]
Description=ERCOT trade uploader daemon
Requires=ercot.socket
After=network.target

[Service]
Type=notify
# the specific user that our service will run as
User=www-data
Group=www-data
# another option for an even more restricted service is
# DynamicUser=yes
# see http://0pointer.net/blog/dynamic-users-with-systemd.html
RuntimeDirectory=ercot
WorkingDirectory=/srv/netcore/ercot
ExecStart=/srv/netcore/ercot/DashboardWebServer
# ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

[Unit]
Description=ERCOT trade uploader socket

ercot.socket
[Socket]
ListenStream=/run/ercot.sock
# Our service won't need permissions for the socket, since it
# inherits the file descriptor by socket activation
# only the nginx daemon will need access to the socket
SocketUser=www-data
SocketGroup=www-data
# Optionally restrict the socket permissions even more.
# SocketMode=600

[Install]
WantedBy=sockets.target

相关 Google 搜索会在 IIS 中出现此错误，但这显然与这种情况无关。谢谢！

https://www.puresourcecode.com/dotnet/net-core/using-an-in-memory-repository-keys-will-not-be-persisted-to-storage-asp-net-core-under-iis/

Answer 1

所以事实证明我的问题有点不正确。该应用程序不支持套接字激活，因此它无法正常工作。相反，我想出的解决方案使用套接字代理来实现这一点，而 systemd-socket-proxyd 是要使用的应用程序。这是我制作的三个 systemd 单元。

ercot-proxy.socket
[Unit]
Description=ERCOT trade uploader proxy socket

[Socket]
ListenStream=/run/ercot-proxy.sock
SocketUser=www-data
SocketGroup=www-data

[Install]
WantedBy=sockets.target

ercot-proxy.service
[Unit]
Description=ERCOT trade uploader proxy service

BindsTo=ercot-proxy.socket
After=ercot-proxy.socket

Wants=ercot.service

[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:42222

ercot.service
[Unit]
Description=ERCOT trade uploader daemon
BindsTo=ercot-proxy.service

[Service]
WorkingDirectory=/srv/netcore/ercot
ExecStart=/srv/netcore/ercot/DashboardWebServer

在 .NET Core 中使用 systemd 套接字

Using systemd sockets with .NET Core

.net-core

systemd