在 .NET Core 中使用 systemd 套接字
Using systemd sockets with .NET Core
我已经在我的 Ubuntu 服务器上安装了一个 .NET Core 应用程序,当我手动 运行 和将其设置为系统服务。但是,由于该应用程序是通过 nginx Web 服务器 运行 运行的,而且我只想在用户访问它时启动该应用程序,因此我尝试使用 systemd 套接字对其进行设置,以便相应的服务仅在用户访问时启动套接字收到来自 nginx 的通知。在这种情况下,应用程序不工作并在发生时给出错误。有没有办法在 Linux 中为 .NET Core 应用程序设置基于套接字的激活?我想强调的是,同样的服务在没有被套接字激活时也能正常工作。以下是我收到的错误和 systemd 单位。
Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
Using an in-memory repository. Keys will not be persisted to storage.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59]
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {1c6b8e72-67bd-4653-b656-76f9dd136ee3} may be persisted to storage in unencrypted form.
ercot.service
[Unit]
Description=ERCOT trade uploader daemon
Requires=ercot.socket
After=network.target
[Service]
Type=notify
# the specific user that our service will run as
User=www-data
Group=www-data
# another option for an even more restricted service is
# DynamicUser=yes
# see http://0pointer.net/blog/dynamic-users-with-systemd.html
RuntimeDirectory=ercot
WorkingDirectory=/srv/netcore/ercot
ExecStart=/srv/netcore/ercot/DashboardWebServer
# ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[Unit]
Description=ERCOT trade uploader socket
ercot.socket
[Socket]
ListenStream=/run/ercot.sock
# Our service won't need permissions for the socket, since it
# inherits the file descriptor by socket activation
# only the nginx daemon will need access to the socket
SocketUser=www-data
SocketGroup=www-data
# Optionally restrict the socket permissions even more.
# SocketMode=600
[Install]
WantedBy=sockets.target
相关 Google 搜索会在 IIS 中出现此错误,但这显然与这种情况无关。谢谢!
所以事实证明我的问题有点不正确。该应用程序不支持套接字激活,因此它无法正常工作。相反,我想出的解决方案使用套接字代理来实现这一点,而 systemd-socket-proxyd 是要使用的应用程序。这是我制作的三个 systemd 单元。
ercot-proxy.socket
[Unit]
Description=ERCOT trade uploader proxy socket
[Socket]
ListenStream=/run/ercot-proxy.sock
SocketUser=www-data
SocketGroup=www-data
[Install]
WantedBy=sockets.target
ercot-proxy.service
[Unit]
Description=ERCOT trade uploader proxy service
BindsTo=ercot-proxy.socket
After=ercot-proxy.socket
Wants=ercot.service
[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:42222
ercot.service
[Unit]
Description=ERCOT trade uploader daemon
BindsTo=ercot-proxy.service
[Service]
WorkingDirectory=/srv/netcore/ercot
ExecStart=/srv/netcore/ercot/DashboardWebServer
我已经在我的 Ubuntu 服务器上安装了一个 .NET Core 应用程序,当我手动 运行 和将其设置为系统服务。但是,由于该应用程序是通过 nginx Web 服务器 运行 运行的,而且我只想在用户访问它时启动该应用程序,因此我尝试使用 systemd 套接字对其进行设置,以便相应的服务仅在用户访问时启动套接字收到来自 nginx 的通知。在这种情况下,应用程序不工作并在发生时给出错误。有没有办法在 Linux 中为 .NET Core 应用程序设置基于套接字的激活?我想强调的是,同样的服务在没有被套接字激活时也能正常工作。以下是我收到的错误和 systemd 单位。
Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
Using an in-memory repository. Keys will not be persisted to storage.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59]
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {1c6b8e72-67bd-4653-b656-76f9dd136ee3} may be persisted to storage in unencrypted form.
ercot.service
[Unit]
Description=ERCOT trade uploader daemon
Requires=ercot.socket
After=network.target
[Service]
Type=notify
# the specific user that our service will run as
User=www-data
Group=www-data
# another option for an even more restricted service is
# DynamicUser=yes
# see http://0pointer.net/blog/dynamic-users-with-systemd.html
RuntimeDirectory=ercot
WorkingDirectory=/srv/netcore/ercot
ExecStart=/srv/netcore/ercot/DashboardWebServer
# ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[Unit]
Description=ERCOT trade uploader socket
ercot.socket
[Socket]
ListenStream=/run/ercot.sock
# Our service won't need permissions for the socket, since it
# inherits the file descriptor by socket activation
# only the nginx daemon will need access to the socket
SocketUser=www-data
SocketGroup=www-data
# Optionally restrict the socket permissions even more.
# SocketMode=600
[Install]
WantedBy=sockets.target
相关 Google 搜索会在 IIS 中出现此错误,但这显然与这种情况无关。谢谢!
所以事实证明我的问题有点不正确。该应用程序不支持套接字激活,因此它无法正常工作。相反,我想出的解决方案使用套接字代理来实现这一点,而 systemd-socket-proxyd 是要使用的应用程序。这是我制作的三个 systemd 单元。
ercot-proxy.socket
[Unit]
Description=ERCOT trade uploader proxy socket
[Socket]
ListenStream=/run/ercot-proxy.sock
SocketUser=www-data
SocketGroup=www-data
[Install]
WantedBy=sockets.target
ercot-proxy.service
[Unit]
Description=ERCOT trade uploader proxy service
BindsTo=ercot-proxy.socket
After=ercot-proxy.socket
Wants=ercot.service
[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:42222
ercot.service
[Unit]
Description=ERCOT trade uploader daemon
BindsTo=ercot-proxy.service
[Service]
WorkingDirectory=/srv/netcore/ercot
ExecStart=/srv/netcore/ercot/DashboardWebServer