Allow Bind Monitoring HTTP Server to bind to socket file

nats-io / nats-server

High-Performance server for NATS.io, the cloud and edge native messaging system.

https://nats.io

Apache License 2.0

15.2k stars 1.37k forks source link

Allow Bind Monitoring HTTP Server to bind to socket file #1216

Open CaptainYarb opened 4 years ago

CaptainYarb commented 4 years ago

[ ] Defect
[x] Feature Request or Change Proposal

Feature Requests

Accept configuration to operate monitoring server via HTTP(s) socket files as an alternative to strictly a port definition.

Use Case:

Securely expose monitoring routes in a cloud Docker environment where firewalls are not reliable or secure.

Our use case: we have a local healthcheck service which connects to the local nats server as apart of the cluster and sends a request to the monitoring route to ensure it's apart of the cluster and is healthy.

Proposed Change:

-ms ./path/to/sock or --monitor-socket ./path/to/sock to enable monitoring socket file.

Who Benefits From The Change(s)?

Docker users

Alternative Approaches

Firewall the port from public/internet access
Listen to a local ip and forward traffic through another web application like Nginx

derekcollison commented 4 years ago

We plan on supporting websockets as a way to work around this.

You can just run the client port on port 80 or 443 as well.

CaptainYarb commented 4 years ago

@derekcollison Really excited to hear more about the websocket features, however, I'm talking about a unix file socket as an alternative to using a hostname/port to bind the monitoring http server. Otherwise, it leaks publically available IP's.

ripienaar commented 4 years ago

If the IP leak is the only concern why not bind to 127.0.0.1 which is unique to the container

CaptainYarb commented 4 years ago

@ripienaar We don't want to expose this server to any networking, which is the primary reason behind using a unix socket file.

mo-rige commented 1 month ago

This is a good idea. Currently, I also require such a feature. Our industrial embedded system uses a built-in NATS server as the event bus, which decouples the hardware layer's messages from the logic layer. This helps us simulate the complete process of the logic layer using external data sources, and the hardware level data is mostly very fast. Using uinx sockets can help us improve the overall response speed

derekcollison commented 1 month ago

TCP/IP over loopback (127.0.0.1) should be as fast, and maybe faster then unix domain sockets these days in my opinion.