RFC for VIP17: unix domain sockets for listen and backend addresses

Geoff Simmons geoff at uplex.de
Mon May 8 12:05:55 CEST 2017

On 04/25/2017 04:42 PM, Dridi Boukelmoune wrote:
>> # How? ## Address notation I suggest that we require a prefix
>> such as ``unix:`` to identify UDS addresses (nginx uses
>> ``unix:``, haproxy uses ``unix@``): ``` varnishd -a
>> unix:/path/to/uds
> This should be enough:
> varnishd -a /path/to/uds

Dridi, I'm sorry I never answered all of this, after you put the
effort into responding.

On a tight schedule today (and I unfortunately can't make it to
bugwash today, May 8th), but I'd like to elaborate on this part a bit.

What I forgot to say in WIP17: I would suggest a varnishd parameter
uds_path, paralleling vcl_path and vmod_path, which specifies a path
in which to search for relative UDS paths in a -a argument and in
backend definitions.

From that it follows that we couldn't identify a UDS address
unambiguously as having a '/' as the first character, which is why I
think we should require the 'unix:' prefix (or some other prefix).

I think experience has shown that absolute paths in the Varnish
configuration, which used to be necessary for "include", for example,
leads to awkward problems, and the two *_path parameters have been a
relief. And I think we'll find that requiring absolute paths
everywhere for UDS addresses will lead to the same kinds of problems
-- say, you're running a test instance of your Varnish deployment in
an environment where files and directories a laid out differently from
the production environment. So then you'd have to get sed or something
replace all of the absolute paths, just like we used to have to do
with absolute include paths.

So I say do it right from the beginning this time, and make it
possible to use relative paths and just change the uds_path parameter
when you have to.

Notice that if we do have relative paths, it's not impossible to have
a file named "", or anything else that looks just like an IP
address, as the file that's meant to be a UDS address. Of course
that's very unlikely and just asking for trouble. But the point is
that, strictly speaking, we *couldn't* have an unambiguous distinction
between IP and UDS addresses *unless* we require all UDS paths to be
absolute (and begin with a '/').

I say let's do everyone a favor by having uds_path and the 'unix:' prefix.

** * * UPLEX - Nils Goroll Systemoptimierung

Scheffelstraße 32
22301 Hamburg

Tel +49 40 2880 5731
Mob +49 176 636 90917
Fax +49 40 42949753


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20170508/fec9d136/attachment.pgp>

More information about the varnish-dev mailing list