Closed francislavoie closed 4 years ago
Fair enough; note that a forceful shutdown may prevent the deletion of the socket file.
Looks like we have to chmod the file after creating it: https://github.com/golang/go/issues/11822
I feel like doing this without user consent might break some things though.
Maybe we add an admin_socket_permissions <octal>
global option if you're concerned?
I guess we can discuss that in another issue if it arises.
When using a unix socket for the admin API, there are a couple issues.
Caddyfile:
First time running Caddy works fine, the unix socket file is created. The second time, Caddy fails to start because the unix socket file already exists. Caddy should delete the unix socket file on shutdown to avoid this issue.
As a secondary issue, the file permissions of the unix socket file are too permissive by default. The default permissions I'm seeing are
755
Caddy should set them to660
I believe for better security.