• Apache reverse-proxying to AF_UNIX servers

    From Rainer Weikusat@21:1/5 to All on Thu Aug 4 15:27:19 2022
    A handy feature Apache has gained fairly recently is acting as reverse
    proxy for servers listening on AF_UNIX sockets (referred to as UDS
    sockets in the code, presumably Unix Domain Sockets). As far as I can
    tell, the exact syntax for this isn't documented anywhere (except in
    form of unexplained examples), so, I'll put it here:

    unix:</path/to/socket>|<url scheme>:

    ie, the literal string unix: followed by the path of the server socket, followed by a pipe symbol and an absolute URL. The scheme part of this
    URL is used to select a proxy module, eg, ws: for reverse-proxying
    WebSocket traffic. Other parts (server, port, path etc) may but need not appear.

    Related gotcha: In the interest of enhance suckurity, ie, generally
    making programming the system suck more, apache get a so-called private
    tmp (/tmp and /var/tmp) directories when being started from systemd (on
    Debian, but that's just the kind of misfeature every suckurity guy is absolutely going to love, hence, the defect presumably exists everywhere
    where the root cause - systemd - has also infected the system).

    This means it won't have access to anything other processes put into
    /tmp (like AF_UNIX sockets).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)