Add unix socket #287
Labels
No labels
Android
CS::needs customer feedback
CS::needs follow up
CS::needs on prem installation
CS::waiting
Chrome
Design:: Ready
Design:: in progress
Design::UX
E2EE
Edge
Firefox
GDPR
Iteration 13 IM
Linux
MacOS
Need::Discussion
Need::Steps to reproduce
Need::Upstream fix
Needs:: Planning
Needs::Dev-Team
Needs::More information
Needs::Priority
Needs::Product
Needs::Refinement
Needs::Severity
Priority::1-Critical
Priority::2-Max
Priority::3-Impending
Priority::4-High
Priority::5-Medium
Priority::6-Low
Priority::7-None
Progress::Backlog
Progress::Review
Progress::Started
Progress::Testing
Progress::Triage
Progress::Waiting
Reporter::Sentry
Safari
Target::Community
Target::Customer
Target::Internal
Target::PoC
Target::Security
Team:Customer-Success
Team:Design
Team:Infrastructure
Team:Instant-Messaging
Team:Product
Team:Workflows
Type::Bug
Type::Design
Type::Documentation
Type::Feature
Type::Improvement
Type::Support
Type::Tests
Windows
blocked
blocked-by-spec
cla-signed
conduit
contribution::advanced
contribution::easy
contribution::help needed
from::review
iOS
p::ti-tenant
performance
product::triage
proposal
refactor
release-blocker
s: dart_openapi_codegen
s::Famedly-Patient
s::Org-Directory
s::Passport-Generator
s::Requeuest
s:CRM
s:Famedly-App
s:Famedly-Web
s:Fhiroxide
s:Fhiroxide-cli
s:Fhiroxide-client
s:Fhirs
s:Hedwig
s:LISA
s:Matrix-Dart-SDK
s:Role-Manager
s:Synapse
s:User-Directory
s:WFS-Matrix
s:Workflow Engine
s:dtls
s:famedly-error
s:fcm-shared-isolate
s:matrix-api-lite
s:multiple-tab-detector
s:native-imaging
severity::1
severity::2
severity::3
severity::4
technical-debt
voip
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Matthias/conduit#287
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Is your feature request related to a problem? Please describe.
not related to a problem
Describe the solution you'd like
Since conduit is (often?) behind a reverse proxy, I think it could be beneficial to add the ability to use a unix socket in the config instead of only an ip:port (e.g. 127.0.0.1:6167).
Unix sockets are considered more secure, and a user can add file access control to it. As I understand, they are also considered faster/more efficient.
Thanks for the great project!
I hope this is helpful:
I did some poking around. Not sure if this is correct, but I think axum is being used for the networking stuff?
If so, they have a unix domain socket example:
https://github.com/tokio-rs/axum/blob/main/examples/unix-domain-socket/src/main.rs
Sorry, I somehow didn't see this issue yet, this is a good idea and it should probably not be too difficult to implement this. Are you interested in coding this @feinedsquirrel ? The axum code is in main.rs and you probably want to hide this behind a new config option by adding a new entry to src/config/mod.rs
Several projects do this as:
address
or the like can accept IPv4, IPv6 and unix socket path as well.If the string starts with
/
- and a valid path* - server assumes you want a unix socket connection.This way, we are not proliferating the settings variables, but the
port
will be ignored, which is a bit of a wart - address could contain that as wellIt would probably make sense to use hyperlocal for this.
mentioned in issue #363
I’ve taken a stab at this and will send in the patch.
mentioned in merge request !507