Replace TCP sockets for our services with Unix sockets #87
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Since everything is on one machine, we can use Unix sockets which are faster and more secure. I know that Mastodon supports Unix sockets but I'm not sure how to get it set up.
I configured Mastodon and nginx to use Unix sockets with
39753357f5
but I don't think I have the permissions tight enough.I made Redis and PostgreSQL only listen on Unix sockets and it took forever to fix all our configs to make that work out. The good thing is that we don't need to use password authentication anymore!
I tightened permissions on the Unix sockets' directories using systemd's
RuntimeDirectoryMode
.Jellyfin supports Unix sockets but can't configure permissions for them: https://github.com/jellyfin/jellyfin/issues/5311
This is the corresponding issue for PeerTube: https://github.com/Chocobozzz/PeerTube/issues/1951
Patching Jellyfin right now...
See this upstream issue: https://github.com/jellyfin/jellyfin/pull/7202
Upstream is now fixed and Jellyfin is confirmed working with a Unix socket! 🎉