[feature request] support abstract UNIX domain socket #5341
Comments
|
Hmm, I'm only now learning of abstract unix domain sockets. It seems like Go already supports this. Try using |
Then it should be |
I managed to make it work. Just do the following change: services:
caddy:
build: ./caddy/
cap_add:
- NET_BIND_SERVICE
cap_drop:
- ALL
container_name: composed-caddy
init: true
ports:
- "80:80"
- "443:443"
restart: always
volumes:
- - share-unix-socket:/tmp/unix-socket/
- type: bind
source: ./caddy/
target: /etc/caddy/
read_only: true
v2ray:
cap_drop:
- ALL
command: [ "run", "-d", "/usr/local/etc/v2ray/conf.d/" ]
container_name: composed-v2ray
image: v2fly/v2fly-core:latest
init: true
+ network_mode: "service:caddy"
read_only: true
restart: always
volumes:
- - share-unix-socket:/tmp/unix-socket/
- type: bind
source: ./v2ray/conf.d/
target: /usr/local/etc/v2ray/conf.d/
read_only: true
- volumes:
- share-unix-socket:{
admin off
}
REPLACE_ME_V2RAY_HOSTS {
root * /usr/share/caddy
encode zstd gzip
file_server
- reverse_proxy REPLACE_ME_V2RAY_PATH unix+h2c//tmp/unix-socket/send-to-v2ray.sock
+ reverse_proxy REPLACE_ME_V2RAY_PATH unix+h2c/@/tmp/unix-socket/send-to-v2ray.sock
}// you will also need to switch to the abstract UNIX domain socket on the backend. |
|
Although It seems caddy does not support padding abstract domain sockets yet, I have not yet been blocked by this problem. Closing this issue. Just for the record, here is the error log: And the Caddyfile configuration change the bind addr to |
|
What is this sorcery... I've also never heard of these 😵 I'm not sure what it takes to connect to a UDS prefixed with |
I think it might be a bug in Caddy, but I am afraid I do not have enough knowledge to collect solid proof for this thought. |
* core: Add optional unix socket file permissions This commit also changes the default unix socket file permissions to `u=w,g=,o=` (octal: `0200`). It used to default to the shell's umask (usually `u=rwx,g=rx,o=rx`, octal: `0755`). `/run/caddy.sock` -> `/run/caddy.sock` with `0200` default perms `/run/caddy.sock|0222` -> `/run/caddy.sock` with `0222` perms `|` instead of `:` is used as a separator, to account for the `:` in Windows drive letters (e.g. `C:\absolute\path.sock`) Fun fact: The old unix(7) man page (pre Jun 2016) stated a socket needs both read and write perms. Turns out, only write perms are needed. Corrected in mkerrisk/man-pages@7578ea2 Despite this, most implementations still default to read+write to this date. * Add cases with Windows paths to test * Require write perms for the owning user
Use Case & Problem:
There is a backend service that supports abstract UNIX domain sockets managed by the docker compose along with caddy. There is also a named volume for sharing the UNIX socket file between these two services.
Sometimes the backend will run into a panic and restart itself. Since there is no one cleaning the UNIX socket file before the backend restarted, the backend will fail to bind to the UNIX domain socket.
The best solution should be to make the caddy support the abstract UNIX domain socket.
I searched for configuring a pre-hook for docker compose, to intervene in the restarting process and manually clean the UNIX domain file. But only to my disappointment to find out that this is a long stale issue and the community is unwilling to approve such a feature.
The text was updated successfully, but these errors were encountered: