Re: relayd(8) relay to unix domain socket
> > > That's a good question. A similar question I would have is whether it is > able to relay connections arbitrarily between IPv4 and IPv6. > from relayd.conf: inet6 address-prefix: If the requested destination is an IPv4 address, relayd(8) will forward the connection to an IPv6 address So I believe it should work, but I have not tried it because I do not use ipv6. > > I wonder if it wouldn't be easier to hack something together with > inetd(8) if you want to serve a unix domain socket over TCP/IP. > I like application level (level 7) relay that relayd does for me, I do not think inetd(8) is aware of http:) And I also need TLS (https) that httpd and relayd can do. It seems that I have 2 solutions: 1) client--relayd--(http over tcp)--my_app_server 2) client--httpd--(fastcgi over domain socket)--my_app_server I want to serve my static files with httpd (should be faster than my application server, and more secure thanks to chroot), so I will go with second approach probably.
Re: relayd(8) relay to unix domain socket
On Sun, 3 Jun 2018 00:57:11 +0300 IL Ka wrote: > Is it possible to relay to unix domain socket using relayd(8)? > It seems that relayd(8) only works with protocols on top of IP. That's a good question. A similar question I would have is whether it is able to relay connections arbitrarily between IPv4 and IPv6. I wonder if it wouldn't be easier to hack something together with inetd(8) if you want to serve a unix domain socket over TCP/IP.
relayd(8) relay to unix domain socket
Hello, Is it possible to relay to unix domain socket using relayd(8)? It seems that relayd(8) only works with protocols on top of IP. Here is my usecase: I have application server that only able to listen HTTP. (there are alternatives that work with fastcgi, and I can use them with httpd(8), but I want to run this one). I can make my server listen localhost, but I believe that two servers running on same machine should use domain sockets: it is simpler to implement security (no need to use pf, I can stay with file permissions to restrict which processes may access it) and in theory there is no TCP/IP overhead. Ilya
