Open lukebakken opened 1 year ago
@jvary we'll keep an eye out for a PR. Thanks!
to add extra safety & segregation when used locally
@jvary what does that mean? Can you explain these two terms extra safety
and segregation
in more detail?
Specifically:
segregation
here? What benefits do Unix domain sockets have in this context?Like Loïc Hoguin said above.
@ansd
Can you explain these two terms extra safety and segregation in more detail?
Mostly any process running on the host can write to 127.0.0.1, and it is easier for mass produced devices to restrict service access by local UserFileSystemPermissions than using ClientSecrets. Likely the same reasons the ‘Docker daemon socket’ is by default an UnixDomainSocket as well.
Also, we encountered a few funky use cases were we would benefit from a UnixDomainSocket, among them :
Thank you for the detailed explanation of your reasoning @jvary
Hello all,
FYI, I did start the work, but while changing the core server-code itself to support UnixDomainSocket wasn't so horrible in itself, I got stuck in updating all the monitoring paths/tools that assumed an IP endpoint.
Given the scale of doing a clean PR that doesn't break the whole ecosystem, it became no longer rational for us to spend so much time on this.
If anyone would like a pet project, here is your chance to take over :-)
Our team has chosen to use RabbitMQ for our embedded system. At some point in our development, I will allow us to work on this issue. If you can share your early work, maybe we can collaborate and share the effort. Thanks, @jvary, for your update.
There are many monitoring-related parts that do assume a (hostname, port)
pair. Management UI, Prometheus scraping endpoint and CLI commands such as rabbitmq-diagnostics listeners
and derivatives such as rabbitmq-diagnostics report
will need to be adjusted.
I don't recall seeing a request for this from paying customers or regular contributors, so until 4.1.x or so, this has a close to zero probability of being worked on by the core team.
Discussed in https://github.com/rabbitmq/rabbitmq-server/discussions/7298