exozyme/exozyme
7
12
Fork 0
Code Issues 4 Pull requests Projects Releases 39 Wiki Activity

Replace TCP sockets for our services with Unix sockets #87

New issue
Closed
opened 2022-01-04 22:53:40 +00:00 by a · 8 comments
a commented 2022-01-04 22:53:40 +00:00
Owner
Copy link

Since everything is on one machine, we can use Unix sockets which are faster and more secure. I know that Mastodon supports Unix sockets but I'm not sure how to get it set up.

Since everything is on one machine, we can use Unix sockets which are faster and more secure. I know that Mastodon supports Unix sockets but I'm not sure how to get it set up.
a added the
security
enhancement
 labels 2022-01-04 22:53:40 +00:00
a added this to the (deleted) project 2022-01-04 22:53:40 +00:00
a commented 2022-01-04 23:45:57 +00:00
Author
Owner
Copy link

I configured Mastodon and nginx to use Unix sockets with 39753357f5 but I don't think I have the permissions tight enough.

I configured Mastodon and nginx to use Unix sockets with https://git.exozy.me/exozyme/nginx/commit/39753357f5d9f65a3f59549237efaa26ce5dc23d but I don't think I have the permissions tight enough.
a commented 2022-01-05 04:31:24 +00:00
Author
Owner
Copy link

I made Redis and PostgreSQL only listen on Unix sockets and it took forever to fix all our configs to make that work out. The good thing is that we don't need to use password authentication anymore!

I made Redis and PostgreSQL only listen on Unix sockets and it took *forever* to fix all our configs to make that work out. The good thing is that we don't need to use password authentication anymore!
a commented 2022-01-05 16:32:43 +00:00
Author
Owner
Copy link

I tightened permissions on the Unix sockets' directories using systemd's RuntimeDirectoryMode.

I tightened permissions on the Unix sockets' directories using systemd's `RuntimeDirectoryMode`.
a commented 2022-01-05 17:55:31 +00:00
Author
Owner
Copy link

Jellyfin supports Unix sockets but can't configure permissions for them: https://github.com/jellyfin/jellyfin/issues/5311

Jellyfin supports Unix sockets but can't configure permissions for them: https://github.com/jellyfin/jellyfin/issues/5311
a commented 2022-01-22 03:52:09 +00:00
Author
Owner
Copy link

This is the corresponding issue for PeerTube: https://github.com/Chocobozzz/PeerTube/issues/1951

This is the corresponding issue for PeerTube: https://github.com/Chocobozzz/PeerTube/issues/1951
a commented 2022-01-22 04:03:28 +00:00
Author
Owner
Copy link

Jellyfin supports Unix sockets but can't configure permissions for them: https://github.com/jellyfin/jellyfin/issues/5311

Patching Jellyfin right now...

> Jellyfin supports Unix sockets but can't configure permissions for them: https://github.com/jellyfin/jellyfin/issues/5311 Patching Jellyfin right now...
a closed this issue 2022-01-22 04:17:46 +00:00
a commented 2022-01-22 04:38:44 +00:00
Author
Owner
Copy link

See this upstream issue: https://github.com/jellyfin/jellyfin/pull/7202

See this upstream issue: https://github.com/jellyfin/jellyfin/pull/7202
a commented 2022-01-23 00:05:18 +00:00
Author
Owner
Copy link

Upstream is now fixed and Jellyfin is confirmed working with a Unix socket! 🎉

Upstream is now fixed and Jellyfin is confirmed working with a Unix socket! 🎉
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v9.0
v8.8
v8.7
v8.6
v8.5
v8.4
v8.3
v8.2
v8.1
v8.0
v7.10
v7.9
v7.8
v7.7
v7.6
v7.5
v7.4
v7.3
v7.2
v7.1
v7.0
v6.1
v6.0
v5.1
v5.0
v4.2
v4.1
v4.0
v3.0
v2.5
v2.4
v2.3
v2.2
v2.1
v2.0
v1.3
v1.2
v1.1
v1.0
v0.3-beta
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
security

Security vulnerability

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: exozyme/exozyme#87
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?