[WIP/RFC v4 0/5] Support abstract Unix sockets
Alejandro Colomar
alx.manpages at gmail.com
Tue Aug 23 23:04:45 UTC 2022
Also, this is missing some context from v2, which I sent a week ago and
also didn't reach the list:
On 8/19/22 16:21, Alejandro Colomar wrote:
> Hi,
>
> This patch set intends to add support for abstract Unix domain
> sockets for both 'listen' and 'proxy_pass'.
>
> In 'listen' I still get a chmod(2) error, which I'll fix soon.
> That's not a problem.
>
> But 'proxy_pass' already works, so I'll send this initial patch
> set for some discussion.
>
> Previous to this patch set, trying to use abstract sockets in
> 'proxy_pass' could theoretically work. One just needs to find a
> way to embed a null character in <nginx.conf>. That's trivial
> with vim(1): Ctrl+v Ctrl+j
>
> That would make nginx listen to an abstract socket with a name
> starting with the string stated in the config file, but with a lot
> of trailing null characters, which made it unusable for most use
> cases. But it was already possible theoretically.
>
> This patch set makes it more usable, by removing those trailing
> null characters. I also pretend to makes it even simpler, by
> allowing one to write a @ in the config file to mean ^@. That's
> how most other projects do it, to avoid using an escape sequence
> for the null character. But I haven't implemented that yet.
>
> To test it, I run an instance of nginx Unit that listens on 3
> sockets. One IP socket, one normal (fs) Unix socket, and one
> abstract Unix socket. Then nginx is configured to proxy_pass to
> those sockets.
>
>
> The Unit configuration for the tests is:
>
> $ cat abs_nginx.json
> {
> "listeners": {
> "unix:@unitd.static.sock": { "pass": "routes" },
> "unix:/run/unit.static.sock": { "pass": "routes" },
> "*:8080": { "pass": "routes" }
> },
> "routes": [{ "action": { "share": "/home/alx/srv/www/" } }]
> }
>
> The nginx configuration is the default one that comes with nginx
> built from source, with minimal changes:
>
> $ cat nginx.conf
>
> worker_processes 1;
>
> events {
> worker_connections 1024;
> }
>
> http {
> include mime.types;
> default_type application/octet-stream;
>
> sendfile on;
>
> keepalive_timeout 65;
>
> server {
> #listen unix:nginx-in;
> listen 80;
>
> location /abs {
> proxy_pass http://unix:^@unitd.static.sock;
> # replace that ^@ by the real NUL character.
> }
>
> location /sock {
> proxy_pass http://unix:/run/unit.static.sock;
> }
>
> location /ip {
> proxy_pass http://localhost:8080/;
> }
> }
>
> }
>
>
> And then the tests:
>
> $ curl localhost/ip
> idx
> $ curl localhost/sock
> idx
> $ curl localhost/abs
> idx
>
>
>
> Cheers,
>
> Alex
>
>
> Alejandro Colomar (5):
> Optimize string copy in Unix sockets.
> Use a minimal socklen.
> Support abstract Unix domain sockets.
> Log abstract Unix domain sockets with a leading '@'.
> Don't add a trailing '\0' for abstract Unix domain sockets.
>
> src/core/ngx_connection.c | 28 ++++++++++++++++------------
> src/core/ngx_inet.c | 33 +++++++++++++++++++++++++++------
> 2 files changed, 43 insertions(+), 18 deletions(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20220824/10b25a06/attachment.bin>
More information about the nginx-devel
mailing list