-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Server listen on Unix socket #201
Comments
Hello, Would you mind explaining how this facilitates the setup with a docker container ? If I am not mistaken, you can create a network namespace that you can share across multiple container. |
It's for situations where you can't/won't put wstunnel and nginx in the same network namespace. |
I'd also like to have similar to ssh alternative below. |
This would also help in scenarios like chained proxies, where forwarding via unix sockets seems to have better performance than local network loopbacks. |
Hello, Would you mind trying this pre-release https://github.com/erebe/wstunnel/releases/tag/v9.1.0 and let me know if it works for you ? Regarding wstunnel server supporting receiving packets from a unix socket, I am not sure whether I am going to do it, as it will require a bit too much code change to my taste to support it, and I am not sure if there is a real need for it. Will check and let you know P.s: I still need to support unix datagram socket, but as everything related to udp, it is a pain to implement. |
Hello @erebe Thank you for adding Unix socket support. That works for me with reverse connection. I noticed it does not delete a socket file when connection is finished and unable to reuse the file again, so when you try -R unix:///tmp//wstunnel.sock:127.0.0.1:80 again, the server rejects connection. |
indeed thanks for reporting, I have made the fix 🙈 b7dbd86 and have re-created the release 9.2.0, so if you re-download it, it should be good now. |
Specifically for cases where the wstunnel server is behind a reverse proxy, it would be useful to have the ability to listen on a Unix domain socket instead of having to use an IP address and port.
This would only be useful with non-secure
ws
, e.g.unix:///absolute/path/to/unix/socket
orunix://relative/path/to/socket
.Unix domain sockets are subject to filesystem security models and mount namespaces, making them easier to restrict access to than traditional IP/port network endpoints, especially when you have Docker installed on the same system.
A command-line option for specifying the
mode
of the created socket would be handy too.The text was updated successfully, but these errors were encountered: