Nothing4You
commented
2 years ago did you consider a PR of https://github.com/markslater/haproxy-lua-http/commit/12423fbafeb1afc26c8767f24276a9c0af6aa9bf to get that upstreamed (if accepted)?
Open markslater opened 3 years ago
Nothing4You
commented
2 years ago did you consider a PR of https://github.com/markslater/haproxy-lua-http/commit/12423fbafeb1afc26c8767f24276a9c0af6aa9bf to get that upstreamed (if accepted)?
The Socket class used for making connections supports connecting to UNIX sockets, by passing an address of e.g.
unix@/run/foo. Right now, it's not possible to use this feature through the HTTP library because the library mandates a prefix ofhttp[s], and also always passes a port.It would be really useful for tighter control of calls to sensitive endpoints to be able to use UNIX sockets. For example in the Let's Encrypt example, it would be preferable for the proxied ACME endpoints to be exposed on UNIX sockets (where they could be restricted by file system permissions), rather than 127.0.0.1 (where any user with access to the host could hit them).