Systemd effectively acts as a proxy. I don't know that it's actually a proxy, but it keeps accepting connections from what I've seen. I use it for zero-downtime single-binary deploys, and it's great.
No, it's not a proxy, and it's not accepting connections (unless
you're using the inetd emulation, but that's rare and inefficient).
It's merely passing the listening socket as an already-open file descriptor to the spawned process.
The "keeps accepting" part is just the listening socket backlog.
Last I looked, systemd socket passing couldn't be used to do graceful shutdown, serving existing connections with the old version while having the new version receive new connections. Outside of that, it's very nice.
How does this work?
Or does it just mean it stops new connections while it's restarting?