nsqd: add Unix domain socket HTTP listener alongside TCP#1528
Open
hwde wants to merge 3 commits into
Open
Conversation
Add an additional listener for local unix domain sockets. This allows to listen on default http-address, which is used by nsqlookupd.
|
ready for review |
There was a problem hiding this comment.
Pull request overview
Adds support for running an additional HTTP listener over a Unix domain socket (UDS) in nsqd, alongside the existing TCP HTTP listener, including new CLI/config options and tests to validate coexistence and permission behavior.
Changes:
- Introduces
--unix-socket-pathand--unix-socket-permissionoptions for an additional UDS HTTP listener. - Adds UDS listener creation/serving logic to
NSQDplus aRealUDSAddr()accessor. - Adds UDS-focused tests and updates the example config with the new settings.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| nsqd/uds_http_test.go | Adds tests covering UDS+TCP coexistence, endpoint availability over UDS, permission handling, cleanup, and TLSRequired bypass behavior. |
| nsqd/options.go | Adds option fields for UDS path and permission. |
| nsqd/nsqd.go | Implements the UDS listener lifecycle, permission parsing/application, serving plain HTTP over UDS, and exposes RealUDSAddr(). |
| contrib/nsqd.cfg.example | Documents the new config options with commented examples. |
| apps/nsqd/options.go | Exposes the new flags for the nsqd CLI. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "strings" | ||
| "sync" | ||
| "sync/atomic" | ||
| "syscall" |
Comment on lines
+194
to
+211
| if mode != 0 { | ||
| oldMask := syscall.Umask(int(^mode & 0777)) | ||
| n.udsListener, err = net.Listen("unix", opts.UnixSocketPath) | ||
| syscall.Umask(oldMask) | ||
| } else { | ||
| n.udsListener, err = net.Listen("unix", opts.UnixSocketPath) | ||
| } | ||
| if err != nil { | ||
| return nil, fmt.Errorf("listen (%s) failed - %s", opts.UnixSocketPath, err) | ||
| } | ||
| if mode != 0 { | ||
| // Belt-and-braces: ensure the final mode matches even if the platform | ||
| // applied additional restrictions during Listen. | ||
| err = os.Chmod(opts.UnixSocketPath, mode) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to set unix socket permission - %s", err) | ||
| } | ||
| } |
| // permissions on the socket path (see --unix-socket-permission). | ||
| udsHttpServer := newHTTPServer(n, false, false) | ||
| n.waitGroup.Wrap(func() { | ||
| exitFunc(http_api.Serve(n.udsListener, udsHttpServer, "HTTP", n.logf)) |
| @@ -0,0 +1,338 @@ | |||
| package nsqd | |||
Comment on lines
+39
to
+47
| // wait briefly for Main() to actually start serving on the UDS | ||
| deadline := time.Now().Add(2 * time.Second) | ||
| for time.Now().Before(deadline) { | ||
| if _, err := os.Stat(udsPath); err == nil { | ||
| break | ||
| } | ||
| time.Sleep(10 * time.Millisecond) | ||
| } | ||
| return httpAddr, udsPath, nsqd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an optional Unix domain socket HTTP listener to
nsqdthat runs inaddition to the regular TCP HTTP listener. Previously it was only possible to
serve HTTP either over TCP or over a unix socket (via
--http-address=<path>),not both at the same time.
New options
--unix-socket-path=<path>— if set,nsqdadditionally listens for HTTPclients on this unix socket. Independent from
--http-address.--unix-socket-permission=<octal>— file permission of the socket inode,parsed as an octal string (e.g.
0660). Empty means nochmod(umaskapplies).
Both options are opt-in; default behavior is unchanged.
Behavior notes
tls_required. Access control is delegated to filesystem permissions on thesocket path (that's what
--unix-socket-permissionis for).nsqdis found at theconfigured path, it is removed automatically before
Listen. A regular fileor directory at that path is never removed;
nsqdrefuses to startinstead.
net.Listenso the socket inode iscreated with the intended permissions from the start, closing the race window
between
Listenand the follow-upchmod.RealUDSAddr()accessor is exposed analogous toRealTCPAddr/RealHTTPAddr.Tests
New file
nsqd/uds_http_test.gocovers:/pubover both)./ping,/info,/stats) served over UDS.(not a panic).
Exit.rejected without being deleted.
tls_requiredis correctly bypassed on the UDS listener."","").RealUDSAddrreturns the configured path and a zero value when no UDS isconfigured.
All tests pass with and without
-race.Docs
contrib/nsqd.cfg.examplehas new commented-out entries for both options.Test plan
go build ./...go test ./nsqd -count=1go test ./nsqd -count=1 -racensqdwith--unix-socket-path=/tmp/nsqd.sock --unix-socket-permission=0660, publish viacurl --unix-socket /tmp/nsqd.sock http://localhost/pub?topic=test -d hello, confirm theregular TCP HTTP endpoint still works in parallel.