-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More flexible server.address configuration (file descriptor, PROXY...) #5971
Comments
I don't think that syntax is very common and it looks fairly unfriendly to users which would likely be a larger support and documentation burden. I also don't think adding another dependency specifically for a very narrow feature is very wise. In addition several changes to this area have been avoided due to them being a breaking change which would be hard to mitigate. The certificates/key/client_certificates configuration is one of those. Our goal is uniformity with all of the listeners and dialers (and various other things like configuring certificates and keys) as closely as possible so the burden for users is low. We also want to preserve the secrets functionality while still making the overall configuration experience better for users. Instead we could just add support for fd's. When parsing a string like that with url.Parse I believe the |
Description
First of all, thank you for this nice project!
I would like to deploy authelia using systemd sockets (systemd opens the privileged port and handles it to authelia).
Looking at the code, it seems that
server.address
currently supportstcp(4|6)
andunix
(with?umask
).It would be nice if listening to file descriptor was possible.
Use Case
Better integration with systemd (so that the authelia service does not need to bind on any socket).
Details
Instead of reinventing the wheel, maybe something like https://github.com/AGWA/go-listener/ could be used. It allows to create a
net.Listener
by parsing a string. For instance:Those listeners can also be wrapped, by prepending them. For instance the
tls
subpackage allows:Another (currently) missing feature of
go-listener
is client certificates. I could also look into implementing them upstream or in a dedicated package.Example of the proposed change on the config
Current
Proposed:
Other examples:
Contributing
I would be willing to craft a PR, if you think that this approach sound sensible.
Documentation
No response
Pre-Submission Checklist
I agree to follow the Code of Conduct
I have checked for related issues and checked the documentation
The text was updated successfully, but these errors were encountered: