-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unix socket support #378
unix socket support #378
Changes from all commits
ae73ace
b055d27
d04a0a7
4c858fe
8d38785
2f2501e
c1dca54
06fcbb1
bf477c1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,3 +4,4 @@ node_modules | |
# Go workspaces | ||
go.work | ||
go.work.sum | ||
.idea |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,10 @@ import ( | |
"context" | ||
"embed" | ||
"encoding/json" | ||
"errors" | ||
"fmt" | ||
"io/fs" | ||
"net" | ||
"net/http" | ||
"os" | ||
"strings" | ||
|
@@ -216,12 +219,18 @@ func RunSyncV3Server(h http.Handler, bindAddr, destV2Server, tlsCert, tlsKey str | |
|
||
// Block forever | ||
var err error | ||
if tlsCert != "" && tlsKey != "" { | ||
logger.Info().Msgf("listening TLS on %s", bindAddr) | ||
err = http.ListenAndServeTLS(bindAddr, tlsCert, tlsKey, srv) | ||
if internal.IsUnixSocket(bindAddr) { | ||
logger.Info().Msgf("listening on unix socket %s", bindAddr) | ||
listener := unixSocketListener(bindAddr) | ||
err = http.Serve(listener, srv) | ||
} else { | ||
logger.Info().Msgf("listening on %s", bindAddr) | ||
err = http.ListenAndServe(bindAddr, srv) | ||
if tlsCert != "" && tlsKey != "" { | ||
logger.Info().Msgf("listening TLS on %s", bindAddr) | ||
err = http.ListenAndServeTLS(bindAddr, tlsCert, tlsKey, srv) | ||
} else { | ||
logger.Info().Msgf("listening on %s", bindAddr) | ||
err = http.ListenAndServe(bindAddr, srv) | ||
} | ||
} | ||
if err != nil { | ||
sentry.CaptureException(err) | ||
|
@@ -230,6 +239,23 @@ func RunSyncV3Server(h http.Handler, bindAddr, destV2Server, tlsCert, tlsKey str | |
} | ||
} | ||
|
||
func unixSocketListener(bindAddr string) net.Listener { | ||
err := os.Remove(bindAddr) | ||
if err != nil && !errors.Is(err, fs.ErrNotExist) { | ||
logger.Fatal().Err(err).Msg("failed to remove existing unix socket") | ||
} | ||
listener, err := net.Listen("unix", bindAddr) | ||
if err != nil { | ||
logger.Fatal().Err(err).Msg("failed to serve unix socket") | ||
} | ||
// TODO: safe default for now (rwxr-xr-x), could be extracted as env variable if needed | ||
err = os.Chmod(bindAddr, 0755) | ||
Comment on lines
+251
to
+252
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not sure what is meant by "safe default" here. To connect to and use a unix socket as a client, all you need is the
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I was under impression that 755 will only allow the owner to use it. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. According to unix(7), write permission is required to connect to a unix domain socket.
I'd suggest to make it at least user and group connectable, that is There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. First and foremost: Sorry for my original comment. Multiple /bit flips/ happened in my original comment, which I want to point out:
I just was very happy to see unix socket support implemented so soon, but then saw some unusual permission bits. Given I worked on unix socket permission bits as part of caddyserver/caddy#4741, I figured I should comment. Which then lead to that hastily, and more importantly, incorrect comment. Sorry for that. According to the current For more details on this, see caddyserver/caddy#4741 (comment).
I would suggest the same, but without |
||
if err != nil { | ||
logger.Fatal().Err(err).Msg("failed to set unix socket permissions") | ||
} | ||
return listener | ||
} | ||
|
||
type HandlerError struct { | ||
StatusCode int | ||
Err error | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please document the respective r/w/x permissions you wish to give to this socket as a comment.