Radicale icon indicating copy to clipboard operation
Radicale copied to clipboard

Published 20 hours ago verified publisher icon Kozea

How to bind to Unix domain socket instead of localhost

Open flux77 opened this issue 1 year ago • 3 comments

Is it possible to bind Radicale to a Unix domain socket instead of localhost? I tried this in my configuration file:

[server]
hosts = /tmp/radicale.sock

But Radicale refuses to start. It gives this error message:

Invalid configuration: Invalid list_of_ip_address value for option 'hosts' in section 'server' in config file '/usr/local/etc/radicale/config': '/tmp/radicale.sock'

Is there a correct way to do this?

flux77 avatar Apr 20 '23 21:04 flux77

"radicale" is a network service, what would be the purpose for using a "unix domain socket"?

pbiering avatar Apr 21 '23 03:04 pbiering

The built-in WSGI server is minimalistic and doesn't support it. You have to use something like uWSGI or Gunicorn.

@pbiering For example, it can be useful in combination with a local reverse proxy. You don't need to expose a port on the loopback interface.

Unrud avatar Apr 21 '23 07:04 Unrud

Again what learnt, found also that Apache is supporting it:

https://stackoverflow.com/questions/51243332/apache-proxy-pass-to-unix-domain-socket

Can be helpful to prevent at least sniffing on loopback interface e.g. with ngrep for potentially unencrypted content. But potentially the SELinux policy must be adjusted beside adding support in radicale

pbiering avatar Apr 22 '23 06:04 pbiering