Tristan

For others maybe looking into this problem for similar reasons (unprivileged reverse proxy user calling oauth2-proxy's socket), abstract unix sockets happen to do the job fine: ```toml # oauth2-proxy.toml http_address...

> Isn't that the same though as allowing it to the whole system? It is allowing the whole system to send requests to oauth2-proxy, yes. Which is not entirely ideal,...

For the runtime setup, this works easily enough indeed, but as you rightly point out in the first message this isn't nearly as easy to work with for the test...

Actually, scratch that, found someone asking the same question for the same reasons here https://www.eclipse.org/lists/jetty-users/msg10348.html Quoting: > Date: Wed, 9 Nov 2022 13:59:43 -0600 > Jetty 12 already has Alpha...

Since I can somewhat reliably reproduce it, I'll try to get traces and so on on a mainline build.

> I had some tests on my side using chrome as browser but I cannot reproduce it for now. Yeah it is quite tricky alas, and seems to require multiple...

Still think that even just a warning saying that « mons are unreachable [ip1, ip2, ip3] » in logs (and maybe even k8s resource events?) would go a long way...