Add support for Unix sockets for Web Service and DoH#1753
Open
IngmarStein wants to merge 1 commit intoTechnitiumSoftware:masterfrom
Open
Add support for Unix sockets for Web Service and DoH#1753IngmarStein wants to merge 1 commit intoTechnitiumSoftware:masterfrom
IngmarStein wants to merge 1 commit intoTechnitiumSoftware:masterfrom
Conversation
This adds support for listening on Unix domain sockets in addition to TCP ports for both the Web Service (HTTP/HTTPS) and DNS-over-HTTPS (DoH). Unix sockets are often used for these reasons: - Secure Local IPC: They allow secure, high-performance connections from a local reverse proxy (like Nginx or HAProxy) without exposing the service on local TCP ports, which could be accessible to other local users or processes. - Performance: They avoid the overhead of the TCP/IP networking stack (routing, packet encapsulation, etc.), leading to lower latency and higher throughput for proxy setups. - Security: Access to Unix sockets can be strictly controlled using standard file system permissions (chown/chmod), providing an additional layer of security over local TCP loopback binding. The configuration has been updated to support a single Unix socket path for HTTP and HTTPS variants of the Web UI and DoH services.
Member
|
Thanks for the PR. Will review it soon. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds support for listening on Unix domain sockets in addition to TCP ports for both the Web Service (HTTP/HTTPS) and DNS-over-HTTPS (DoH).
Unix sockets are often used for these reasons:
The configuration has been updated to support a single Unix socket path for HTTP and HTTPS variants of the Web UI and DoH services.