[WIP/RFC v4 0/5] Support abstract Unix sockets

Alejandro Colomar alx.manpages at gmail.com
Tue Aug 23 23:04:45 UTC 2022


Also, this is missing some context from v2, which I sent a week ago and 
also didn't reach the list:

On 8/19/22 16:21, Alejandro Colomar wrote:
 > Hi,
 >
 > This patch set intends to add support for abstract Unix domain
 > sockets for both 'listen' and 'proxy_pass'.
 >
 > In 'listen' I still get a chmod(2) error, which I'll fix soon.
 > That's not a problem.
 >
 > But 'proxy_pass' already works, so I'll send this initial patch
 > set for some discussion.
 >
 > Previous to this patch set, trying to use abstract sockets in
 > 'proxy_pass' could theoretically work.  One just needs to find a
 > way to embed a null character in <nginx.conf>.  That's trivial
 > with vim(1): Ctrl+v Ctrl+j
 >
 > That would make nginx listen to an abstract socket with a name
 > starting with the string stated in the config file, but with a lot
 > of trailing null characters, which made it unusable for most use
 > cases.  But it was already possible theoretically.
 >
 > This patch set makes it more usable, by removing those trailing
 > null characters.  I also pretend to makes it even simpler, by
 > allowing one to write a @ in the config file to mean ^@.  That's
 > how most other projects do it, to avoid using an escape sequence
 > for the null character.  But I haven't implemented that yet.
 >
 > To test it, I run an instance of nginx Unit that listens on 3
 > sockets.  One IP socket, one normal (fs) Unix socket, and one
 > abstract Unix socket.  Then nginx is configured to proxy_pass to
 > those sockets.
 >
 >
 > The Unit configuration for the tests is:
 >
 > $ cat abs_nginx.json
 >   {
 > 	"listeners": {
 > 		"unix:@unitd.static.sock": { "pass": "routes" },
 > 		"unix:/run/unit.static.sock": { "pass": "routes" },
 > 		"*:8080": { "pass": "routes" }
 > 	},
 > 	"routes": [{ "action": { "share": "/home/alx/srv/www/" } }]
 >   }
 >
 > The nginx configuration is the default one that comes with nginx
 > built from source, with minimal changes:
 >
 > $ cat nginx.conf
 >
 > worker_processes  1;
 >
 > events {
 >      worker_connections  1024;
 >   }
 >
 > http {
 >      include       mime.types;
 >      default_type  application/octet-stream;
 >
 >      sendfile        on;
 >
 >      keepalive_timeout  65;
 >
 >      server {
 >          #listen       unix:nginx-in;
 >          listen       80;
 >
 >          location /abs {
 >              proxy_pass   http://unix:^@unitd.static.sock;
 >              # replace that ^@ by the real NUL character.
 >          }
 >
 >          location /sock {
 >              proxy_pass   http://unix:/run/unit.static.sock;
 >          }
 >
 >          location /ip {
 >              proxy_pass   http://localhost:8080/;
 >          }
 >      }
 >
 >   }
 >
 >
 > And then the tests:
 >
 > $ curl localhost/ip
 > idx
 > $ curl localhost/sock
 > idx
 > $ curl localhost/abs
 > idx
 >
 >
 >
 > Cheers,
 >
 > Alex
 >
 >
 > Alejandro Colomar (5):
 >    Optimize string copy in Unix sockets.
 >    Use a minimal socklen.
 >    Support abstract Unix domain sockets.
 >    Log abstract Unix domain sockets with a leading '@'.
 >    Don't add a trailing '\0' for abstract Unix domain sockets.
 >
 >   src/core/ngx_connection.c | 28 ++++++++++++++++------------
 >   src/core/ngx_inet.c       | 33 +++++++++++++++++++++++++++------
 >   2 files changed, 43 insertions(+), 18 deletions(-)
 >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20220824/10b25a06/attachment.bin>


More information about the nginx-devel mailing list