notify_push
notify_push copied to clipboard
nextcloud
make socket the default
I think using a unix socket should be the default for notify_push, as it is both more efficient (which is what notify_push is about) and more secure (as access can be limited to the local www-data user). To do so I would suggest a couple of issues to be considered:
- what is the default location and mask for the socket? I would suggest a location in a subdir of the notify_push folder, and a mask of 660 (instead of 666); as a result it will be read/writeable to www-data only on default installations of nextcloud
- the notify_push.service difnition will have to be updated to set a socket rather than a port
- the nginx location definition should use
proxy_pass http://unix:/path_to/notify_push.sock:/;(anyone a suggestion for the corresponding Apache config?)
I think this is a fairly minor update which will make notify_push better.
I totally agree, just curious what makes Unix socket more efficient than TCP socket pointing to 127.0.0.1? AFAIK they are pretty much same kinds of byte streams.
The canonical place for putting sockets on Linux is /var/run/..., systemd even has RuntimeDirectory option for this reason. Speaking about systemd, socket activation would be nice. :)
I totally agree, just curious what makes Unix socket more efficient than TCP socket pointing to 127.0.0.1? AFAIK they are pretty much same kinds of byte streams.
Packets are encapsulated and decapsulated in the TCP network stack, even when using the loopback interface. That's totally unnecessary and can be avoided with a unix socket.
The canonical place for putting sockets on Linux is /var/run/..., systemd even has
RuntimeDirectoryoption for this reason. Speaking about systemd, socket activation would be nice. :)
I agree except that /var/run is /run these days.
