FW: [whatwg/url] Addressing HTTP servers over Unix domain sockets (#577)

Seems like a web architecture problem to me.  None of the proposed work-arounds are compelling.

 

From: Erik Jensen <notifications@github.com> 
Sent: Friday, February 5, 2021 9:11 PM
To: whatwg/url <url@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [whatwg/url] Addressing HTTP servers over Unix domain sockets (#577)

 

It is often desirable to run various HTTP servers that are only locally connectable. These could be local daemons that expose an HTTP API and/or web GUI, a local dev instance of a web server, et cetera.

For these use cases, using Unix domain sockets provides two major advantages over TCP on localhost:

1. Namespacing. If two users on a system are running the same service, TCP requires them both to pick, configure, and remember different port numbers. With Unix domain sockets, each socket can live in the respective user's runtime directory and be named after the service.
2. Access control. Even if the service is diligent only to bind to localhost, TCP still allows any (non-sandboxed) process or user on the machine to connect. Any access control has to be implemented by the service itself, which often involves implementing (hopefully with sufficient security) its own password authentication mechanism. Unix domain sockets, on the other hand, can take advantage of the access control functionality provided by the filesystem, and thus can easily be restricted to a single user or set of users. In the event that a service wants to allows multiple users to connect and discriminate between them, several operating systems provide a means of querying the UID of the connecting process, again without requiring it's own authentication scheme.

Indeed, due to these advantages, many servers/services already provide options for listening via a Unix domain socket rather a local TCP port. Unfortunately, there is not currently an agreed-upon way to address such a service in a URL. As a result, clients who choose to support it end up creating there own bespoke approach (e.g., a special command-line flag, or a custom URL format), while others choose not to support it so as not to bring their URL parsing out-of-spec (among other potential concerns).

Here are some of the various URL formats I've seen used or suggested:

* Transport only: unix:/path/to/socket.sock. This lacks both the protocol and resource path, so it can only be used for clients that already know they'll be speaking to a specific HTTP API, and is not generally usable.
* HTTP with socket path as the port: http://localhost:[/path/to/socket.sock]/resource <http://localhost:[/path/to/socket.sock%5d/resource> . Only allowed when host is localhost. Paths containing ] could either be disallowed or URL encoded.
* Composite scheme with socket path as URL-encoded host: http+unix://%2Fpath%2Fto%2Fsocket.sock/resource. Distinct scheme allows existing http URL parsing to stay the same. URL encoding reduces read- and type-ability.
* Combining ideas from the previous two: http+unix://[/path/to/socket.sock]/resource or just http://[/path/to/socket.sock]/resource <http://[/path/to/socket.sock%5d/resource> . (The latter would require using the leading / of the socket path to disambiguate from an IPv6 address.)

References:
Archived Google+ post suggesting the socket-as-port approach:
https://web.archive.org/web/20190321081447/https://plus.google.com/110699958808389605834/posts/DyoJ6W6ufET <https://web.archive.org/web/20190321081447/https:/plus.google.com/110699958808389605834/posts/DyoJ6W6ufET> 
My request for this functionality if Firefox, which sent me here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1688774
Some previous discussion that was linked in the Firefox bug:
https://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
https://bugs.chromium.org/p/chromium/issues/detail?id=451721

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <https://github.com/whatwg/url/issues/577> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIQTK4R6B2Y4O5BPAIQWP3S5TFMRANCNFSM4XF4T5KQ> .  <https://github.com/notifications/beacon/AAIQTK23S2GLKTBQPYOYM4TS5TFMRA5CNFSM4XF4T5K2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4L6W4Z3A.gif> 

Received on Saturday, 6 February 2021 17:52:18 UTC