Envoy: How to listen file descriptor, perhaps using systemd activation protocol

Created on 12 Jun 2018 · 4Comments · Source: envoyproxy/envoy

It would be nice to be able to listen standard port 80 and 443 without starting envoy as root user. Systemd provides the standard protocol for that called socket activation protocol. There are also other ways to do the same with e.g. nginx even if it doesn't support that particular protocol.

Is there any equivalent of passing fd to envoy?

If you're not familiar with the concept. It's something like this: supervisor (for example systemd) binds a socket at port say 80. Then it puts the file descriptor into fixed number usually 3 (or starting from three if there are multiple) and removes CLOEXEC flag. So when process starts it has normal stdio file descriptors 0 (stdin), 1 (stdout), 2 (stderr), and also 3 which is a listening socket and can use the latter as a normal socket.

design proposal no stalebot

Source

tailhook

👍1

Most helpful comment

@tailhook yeah, this actually seems quite reasonable to me. We (Google) have some use cases that would benefit from having prebound listener FDs passed. In our case, we want these to be delivered over UDS, but I think there could be common ground.

htuch on 25 Jul 2018

👍4

All 4 comments

This is not supported today. I've marked "design proposal" wanted since I think it would be good to discuss whether we want to implement something like this or not.

mattklein123 on 12 Jun 2018

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.