shell2http icon indicating copy to clipboard operation
shell2http copied to clipboard

Published 20 hours ago verified publisher icon msoap

Support socket activation with launchd and systemd

Open reegnz opened this issue 5 years ago • 4 comments
trafficstars

This would allow shell2http to be used with inetd-like scenarios, eg. Systemd Socket activation, or Launchd socket activation.

This is especially useful if you want your application to bind to a privileged port (eg. 80), but don't want the application to run as root, but also don't want to set up a separate proxy process to proxy 80 -> 8080.

So in that case you would have a managing process (like launchd, systemd) open the socket on the privileged port and have it passed to the process instead.

Launchd: https://en.wikipedia.org/wiki/Launchd#Socket_activation_protocol https://github.com/sstephenson/launch_socket_server/blob/master/src/launch_socket_server.go

Systemd: http://0pointer.de/blog/projects/socket-activation.html https://www.darkcoding.net/software/systemd-socket-activation-in-go/ https://github.com/coreos/go-systemd/tree/master/examples/activation/httpserver

I am open to doing a PR if you would find the idea compatible with shell2http.

reegnz avatar Jun 08 '20 12:06 reegnz

Hi, sorry for delay. I want to keep the server as simple as possible, and not be tied to the features of the two launch systems (systemd and launchd). And there is no single standard for "socket activation".

About privileged ports, on Mac OS you can use any free port including the privileged one, just try shell2http -port 80 /d date. On Linux you can use CAP_NET_BIND_SERVICE capabilities, see stackoverflow.com and man capabilities

msoap avatar Sep 11 '20 16:09 msoap

It looks like systemd socket activation supports an inetd-compatible mode, which would avoid requirement to link with anything odd or add systemd-specific code. Would that be more acceptable? I guess it might not work with some advanced HTTP features but presumably they're not particularly important for shell2http anyway...

From systemd.socket(5):

Note that the daemon software configured for socket activation with socket units needs to be able to accept sockets from systemd, either via systemd's native socket passing interface (see sd_listen_fds(3) for details) or via the traditional inetd(8)-style socket passing (i.e. sockets passed in via standard input and output, using StandardInput=socket in the service file).

srd424 avatar Sep 12 '20 16:09 srd424

And according to https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html:

There are four ways to launch daemons using launchd. The preferred method is on-demand launching, but launchd can launch daemons that run continuously, and can replace inetdfor launching inetd-style daemons. In addition, launchd can start jobs at timed intervals.

srd424 avatar Sep 12 '20 16:09 srd424

This is interesting about inetd-style, where the socket is passed as stdin/stdout. I need to investigate this and try to make an experiment.

msoap avatar Sep 12 '20 17:09 msoap