[Feature Request] Server listen on Unix socket

[vercas]

Specifically for cases where the wstunnel server is behind a reverse proxy, it would be useful to have the ability to listen on a Unix domain socket instead of having to use an IP address and port.
This would only be useful with non-secure ws, e.g. unix:///absolute/path/to/unix/socket or unix://relative/path/to/socket.
Unix domain sockets are subject to filesystem security models and mount namespaces, making them easier to restrict access to than traditional IP/port network endpoints, especially when you have Docker installed on the same system.
A command-line option for specifying the mode of the created socket would be handy too.

[erebe]

Hello,

Would you mind explaining how this facilitates the setup with a docker container ? If I am not mistaken, you can create a network namespace that you can share across multiple container.

[vercas]

It's for situations where you can't/won't put wstunnel and nginx in the same network namespace.
A common example is a bastion host - you want the reverse proxy container to only have access to a public facing network, while wstunnel containers would only have access to an internal network.

[pavel-orlov]

I'd also like to have similar to ssh alternative below.
ssh -N -f -R /tmp/zp3ft5fmps6bd4gep7iv:127.0.0.1:80 user@host

[ha-ku]

This would also help in scenarios like chained proxies, where forwarding via unix sockets seems to have better performance than local network loopbacks.

[erebe]

Hello,

Would you mind trying this pre-release https://github.com/erebe/wstunnel/releases/tag/v9.1.0 and let me know if it works for you ?
You should be able to start wstunnel client and specify something like -L unix:///tmp//wstunnel.sock:127.0.0.1:80

Regarding wstunnel server supporting receiving packets from a unix socket, I am not sure whether I am going to do it, as it will require a bit too much code change to my taste to support it, and I am not sure if there is a real need for it. Will check and let you know

P.s: I still need to support unix datagram socket, but as everything related to udp, it is a pain to implement.

[pavel-orlov]

Hello @erebe

Thank you for adding Unix socket support. That works for me with reverse connection. I noticed it does not delete a socket file when connection is finished and unable to reuse the file again, so when you try -R unix:///tmp//wstunnel.sock:127.0.0.1:80 again, the server rejects connection.

[erebe]

indeed thanks for reporting, I have made the fix 🙈 b7dbd86

and have re-created the release 9.2.0, so if you re-download it, it should be good now.