litefs icon indicating copy to clipboard operation
litefs copied to clipboard
verified publisher icon superfly

Systemd socket activation

Open mildred opened this issue 2 years ago • 2 comments

It would be nice to allow for systemd socket activation of litefs for its replication HTTP server. This could allow better handling of the listening socket to better protect it from the outside.

My use case is to make it listen on a unix domain socket that is initialized by systemd (with proper file permissions, access only to the systemd service running litefs and the reverse proxy). This ensures that no other process on the same machine can tap into this socket.

This is just a matter of using https://pkg.go.dev/github.com/coreos/go-systemd/[email protected]/activation and use the provided net.Listener if available from systemd. Else fall back to opening the net.Listener as usual.

I volunteer for the pull request, just wants to discuss it here first.

mildred avatar Mar 07 '23 21:03 mildred

I don't think I quite understand. You want to run the HTTP replication over a socket-activated Unix socket?

benbjohnson avatar Mar 12 '23 02:03 benbjohnson

Yes, that's it. The main advantage is that it's possible to assign listening ports at the system level and increased security.

mildred avatar Mar 27 '23 21:03 mildred