Optionally listen on unix sockets

dometto · dometto · commit f618d0b166c4 · 2025-12-08T20:26:52.000+01:00
diff --git a/bin/configurable-http-proxy b/bin/configurable-http-proxy
@@ -21,6 +21,7 @@ cli
   .version(pkg.version)
   .option("--ip <ip-address>", "Public-facing IP of the proxy")
   .option("--port <n> (defaults to 8000)", "Public-facing port of the proxy", parseInt)
+  .option("--socket <path>", "Path to a UNIX domain socket for the proxy to listen on. Alternative to specifying IP and port.")
   .option("--ssl-key <keyfile>", "SSL key to use, if any")
   .option("--ssl-cert <certfile>", "SSL certificate to use, if any")
   .option("--ssl-ca <ca-file>", "SSL certificate authority, if any")
@@ -39,6 +40,7 @@ cli
     "Inward-facing port for API requests (defaults to --port=value+1)",
     parseInt
   )
+  .option("--api-socket <path>", "Path to a UNIX domain socket for the API server to listen on. Alternative to specifying API IP and port.")
   .option("--api-ssl-key <keyfile>", "SSL key to use, if any, for API requests")
   .option("--api-ssl-cert <certfile>", "SSL certificate to use, if any, for API requests")
   .option("--api-ssl-ca <ca-file>", "SSL certificate authority, if any, for API requests")
@@ -93,6 +95,7 @@ cli
   .option("--host-routing", "Use host routing (host as first level of path)")
   .option("--metrics-ip <ip>", "IP for metrics server", "")
   .option("--metrics-port <n>", "Port of metrics server. Defaults to no metrics server")
+  .option("--metrics-socket <path>", "Path to a UNIX domain socket for the metrics server to listen on. Alternative to specifying metrics IP and port.")
   .option("--log-level <loglevel>", "Log level (debug, info, warn, error)", "info")
   .option(
     "--timeout <n>",
@@ -321,41 +324,62 @@ options.storageBackend = args.storageBackend;
 var proxy = new ConfigurableProxy(options);
 
 var listen = {};
-listen.port = parseInt(args.port) || 8000;
-if (args.ip === "*") {
-  // handle ip=* alias for all interfaces
+
+if (args.socket) {
+  listen.proxyTarget = [args.socket];
   log.warn(
-    "Interpreting ip='*' as all-interfaces. Preferred usage is 0.0.0.0 for all IPv4 or '' for all-interfaces."
+    "Proxy will listen on UNIX domain socket, --ip and --port options will be ignored."
   );
-  args.ip = "";
+} else {
+  listen.port = parseInt(args.port) || 8000;
+  if (args.ip === "*") {
+    // handle ip=* alias for all interfaces
+    log.warn(
+      "Interpreting ip='*' as all-interfaces. Preferred usage is 0.0.0.0 for all IPv4 or '' for all-interfaces."
+    );
+    args.ip = "";
+  }
+  listen.ip = args.ip;
+  listen.proxyTarget = [listen.port, listen.ip];
 }
-listen.ip = args.ip;
-listen.apiIp = args.apiIp;
-listen.apiPort = args.apiPort || listen.port + 1;
-listen.metricsIp = args.metricsIp;
-listen.metricsPort = args.metricsPort;
-
-proxy.proxyServer.listen(listen.port, listen.ip);
-proxy.apiServer.listen(listen.apiPort, listen.apiIp);
-if (listen.metricsPort) {
-  proxy.metricsServer.listen(listen.metricsPort, listen.metricsIp);
+
+if (args.apiSocket) {
+  listen.apiSocket = [args.apiSocket];
+  log.warn(
+    "API server will listen on UNIX domain socket, --api-ip and --api-port options will be ignored."
+  );
+} else {
+  listen.apiTarget = [args.apiPort || (listen.port ? listen.port + 1 : 8001), args.apiIp];
+}
+
+if (args.metricsSocket) {
+  listen.metricsSocket = [args.metricsSocket];
+  log.warn(
+    "Metrics server will listen on UNIX domain socket, --metrics-ip and --metrics-port options will be ignored."
+  );
+} else {
+  listen.metricsTarget = [args.metricsPort, args.metricsIp];
+}
+
+proxy.proxyServer.listen(...listen.proxyTarget);
+proxy.apiServer.listen(...listen.apiTarget);
+if (listen.metricsTarget) {
+  proxy.metricsServer.listen(...listen.metricsTarget);
 }
 
 log.info(
-  "Proxying %s://%s:%s to %s",
+  "Proxying %s://%s to %s",
   options.ssl ? "https" : "http",
-  listen.ip || "*",
-  listen.port,
+  listen.proxyTarget.join(":"),
   options.defaultTarget || "(no default)"
 );
 log.info(
-  "Proxy API at %s://%s:%s/api/routes",
+  "Proxy API at %s://%s/api/routes",
   options.apiSsl ? "https" : "http",
-  listen.apiIp || "*",
-  listen.apiPort
+  listen.apiTarget.join(":")
 );
 if (listen.metricsPort) {
-  log.info("Serve metrics at %s://%s:%s/metrics", "http", listen.metricsIp, listen.metricsPort);
+  log.info("Serve metrics at %s://%s/metrics", "http", listen.metricsTarget.join(":"));
 }
 
 if (args.pidFile) {
@@ -370,7 +394,7 @@ if (args.pidFile) {
 }
 
 // Redirect HTTP to HTTPS on the proxy's port
-if (options.redirectPort && listen.port !== 80) {
+if (options.redirectPort && listen.port && listen.port !== 80) {
   var http = require("http");
   var redirectPort = options.redirectTo ? options.redirectTo : listen.port;
   var server = http
diff --git a/lib/testutil.js b/lib/testutil.js
@@ -9,24 +9,12 @@ import { defaultLogger } from "./log.js";
 var servers = [];
 
 // TODO: make this an options dict
-export function addTarget(proxy, path, port, websocket, targetPath, sslOptions, unixSocketPath) {
-  var proto;
-  var listenTarget;
-  var target;
-
-  if (unixSocketPath) {
-    listenTarget = decodeURIComponent(unixSocketPath);
-    proto = "http";
-    target = "unix+" + proto + "://" + unixSocketPath;
-  } else {
-    proto = sslOptions ? "https" : "http";
-    target = proto + "://" + "127.0.0.1:" + port;
-    listenTarget = port;
-  }
+export function addTarget(proxy, path, port, websocket, targetPath, sslOptions) {
+  var proto = sslOptions ? "https" : "http";
+  var target = proto + "://127.0.0.1:" + port;
   if (targetPath) {
     target = target + targetPath;
   }
-
   var server;
   var data = {
     target: target,
@@ -60,7 +48,7 @@ export function addTarget(proxy, path, port, websocket, targetPath, sslOptions,
     });
   }
 
-  server.listen(listenTarget);
+  server.listen(port);
   servers.push(server);
   return proxy.addRoute(path, { target: target }).then(() => {
     // routes are created with an activity timestamp artificially shifted into the past
@@ -166,6 +154,7 @@ export function teardownServers(callback) {
   };
   for (var i = servers.length - 1; i >= 0; i--) {
     servers[i].close(onclose);
+
     // closeAllConnections is implied in close in node >=19
     // but this avoids waits between all tests with node 18
     servers[i].closeAllConnections();
diff --git a/test/proxy_spec.js b/test/proxy_spec.js
@@ -515,7 +515,7 @@ describe("Proxy Tests", function () {
 
   it("proxy to unix socket test", function (done) {
     var proxyPort = 55557;
-    var unixSocketUri = "%2Ftmp%2Ftest.sock";
+    var unixSocketUri = encodeURIComponent(tmp.tmpNameSync());
 
     util
       .setupProxy(proxyPort, {}, [])
@@ -530,3 +530,84 @@ describe("Proxy Tests", function () {
       .then(done);
   });
 });
+
+describe("Proxy Tests with Unix socket", function () {
+  var listenOptions = {
+    socket: tmp.tmpNameSync(),
+  };
+  var requestOptions = new URL("http://localhost");
+  requestOptions.socketPath = listenOptions.socket;
+  var proxy;
+
+  beforeEach(function (callback) {
+    util.setupProxy(listenOptions).then(function (newProxy) {
+      proxy = newProxy;
+      callback();
+    });
+  });
+
+  afterEach(function (callback) {
+    util.teardownServers(callback);
+  });
+
+  it("unix socket HTTP request", function (done) {
+    http
+      .request(requestOptions, (res) => {
+        let recvData = [];
+        res.on("data", (chunk) => {
+          recvData.push(chunk);
+        });
+        res.on("end", () => {
+          const body = JSON.parse(Buffer.concat(recvData).toString());
+          expect(body).toEqual(
+            jasmine.objectContaining({
+              path: "/",
+            })
+          );
+        });
+        return proxy._routes.get("/").then((route) => {
+          expect(route.last_activity).toBeGreaterThan(proxy._setup_timestamp);
+          done();
+        });
+      })
+      .on("error", (err) => {
+        expect("error").toEqual("ok");
+        done();
+      })
+      .end();
+  });
+
+  it("unix socket WebSocket request", function (done) {
+    var ws = new WebSocket("ws+unix:" + listenOptions.socket);
+    ws.on("error", function () {
+      // jasmine fail is only in master
+      expect("error").toEqual("ok");
+      done();
+    });
+    var nmsgs = 0;
+    ws.on("message", function (msg) {
+      msg = msg.toString();
+      if (nmsgs === 0) {
+        expect(msg).toEqual("connected");
+      } else {
+        msg = JSON.parse(msg);
+        expect(msg).toEqual(
+          jasmine.objectContaining({
+            path: "/",
+            message: "hi",
+          })
+        );
+        // check last_activity was updated
+        return proxy._routes.get("/").then((route) => {
+          expect(route.last_activity).toBeGreaterThan(proxy._setup_timestamp);
+          ws.close();
+          done();
+        });
+      }
+      nmsgs++;
+    });
+    ws.on("open", function () {
+      ws.send("hi");
+    });
+  });
+});
