Add unix+tcp: ingress service scheme#1611
Open
ikruglov wants to merge 2 commits intocloudflare:masterfrom
Open
Add unix+tcp: ingress service scheme#1611ikruglov wants to merge 2 commits intocloudflare:masterfrom
ikruglov wants to merge 2 commits intocloudflare:masterfrom
Conversation
…sockets
Introduce unixSocketTCPService, a new OriginService that dials a unix
socket and forwards raw bytes bidirectionally via WebSocket, without any
HTTP wrapping. This is the unix-socket analogue of tcpOverWSService.
A new ingress URL scheme unix+tcp:<path> is recognised during ingress
validation and maps to this service type. Example config:
ingress:
- hostname: ssh.example.com
service: unix+tcp:/run/sshd.sock
The scheme name unix+tcp mirrors the existing unix+tls modifier pattern:
the suffix describes the transport style, not the application protocol,
so the service works equally well for SSH, RDP, or any other stream-based
protocol whose daemon listens on a unix socket.
The implementation reuses the existing tcpOverWSConnection and
DefaultStreamHandler machinery; the only difference from ssh:// (TCP) is
that the underlying net.Conn is obtained via net.Dial("unix", path).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- TestParseUnixSocketTCP: standalone parse test verifying the unixSocketTCPService type and path extraction - TestParseIngress/Unix+TCP_service: table-driven parse test alongside existing ssh://, tcp://, unix://, etc. entries - TestUnixSocketTCPServiceEstablishConnection: verifies successful dial to a real unix socket and error on closed listener; uses /tmp to stay within the macOS 104-char unix socket path limit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduces a new unix+tcp: ingress service scheme that forwards raw bytes bidirectionally over a unix domain socket, bypassing HTTP entirely
Completes the unix socket scheme family alongside the existing unix: (HTTP) and unix+tls: (HTTPS) — unix+tcp: is their stream-based counterpart, analogous to ssh:// / tcp:// but targeting a unix socket instead of a TCP port
The scheme name follows the existing modifier pattern: unix = socket type, +tcp = transport style (raw stream), not application protocol — so it works for SSH, RDP, SMB, or any other stream-based daemon listening on a unix socket
Adds necessary tests to validate implementaiton
Example config:
implements #439