Apache reverse-proxying to AF_UNIX servers
From
Rainer Weikusat@21:1/5 to
All on Thu Aug 4 15:27:19 2022
A handy feature Apache has gained fairly recently is acting as reverse
proxy for servers listening on AF_UNIX sockets (referred to as UDS
sockets in the code, presumably Unix Domain Sockets). As far as I can
tell, the exact syntax for this isn't documented anywhere (except in
form of unexplained examples), so, I'll put it here:
unix:</path/to/socket>|<url scheme>:
ie, the literal string unix: followed by the path of the server socket, followed by a pipe symbol and an absolute URL. The scheme part of this
URL is used to select a proxy module, eg, ws: for reverse-proxying
WebSocket traffic. Other parts (server, port, path etc) may but need not appear.
Related gotcha: In the interest of enhance suckurity, ie, generally
making programming the system suck more, apache get a so-called private
tmp (/tmp and /var/tmp) directories when being started from systemd (on
Debian, but that's just the kind of misfeature every suckurity guy is absolutely going to love, hence, the defect presumably exists everywhere
where the root cause - systemd - has also infected the system).
This means it won't have access to anything other processes put into
/tmp (like AF_UNIX sockets).
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)