Skip to content

Listen on UNIX Sockets #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jamescun wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Listen on UNIX Sockets #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a73816f
add support for unix sockets
jamescun Feb 24, 2020
40339fb
update documentation
jamescun Feb 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,9 @@ Helpers:

Options:
--device=<name> (required) name of WireGuard device to manager
--listen=<[host:]port> address where API server will bind
--listen=<[host:]port> address where API server will bind, this can either
be a [host:]port combination, or a absolute filename
for a UNIX socket
(default localhost:8080)
--tls enable Transport Layer Security (SSL) on server
--tls-key TLS private key
Expand All @@ -77,7 +79,7 @@ Warnings:

The only required argument is `--device`, which tells WG-API which WireGuard device to control. To control multiple WireGuard devices, launch multiple instances of WG-API.

By default, this launches WG-API on `localhost:8080` which may conflict with the typical development environment. To bind it elsewhere, use `--listen`:
By default, this launches WG-API on `localhost:8080` which may conflict with the typical development environment. To bind it elsewhere, use `--listen`. WG-API can either listen on a network interface, or a UNIX socket by specifying an absolute path:

```sh
$ wg-api --device=<my device> --listen=localhost:1234
Expand Down
33 changes: 28 additions & 5 deletions cmd/wg-api.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ import (
"fmt"
"io/ioutil"
"log"
"net"
"net/http"
"os"
"path"
"strings"

wireguardapi "github.com/jamescun/wg-api"
Expand All @@ -28,7 +30,9 @@ Helpers:

Options:
--device=<name> (required) name of WireGuard device to manager
--listen=<[host:]port> address where API server will bind
--listen=<[host:]port> address where API server will bind, this can either
be a [host:]port combination, or a absolute filename
for a UNIX socket
(default localhost:8080)
--tls enable Transport Layer Security (SSL) on server
--tls-key TLS private key
Expand Down Expand Up @@ -121,15 +125,18 @@ func main() {
handler = server.PreventReferer(handler)

s := &http.Server{
Addr: *listenAddr,
Handler: handler,
}

if *enableTLS {
if *tlsKey == "" || *tlsCert == "" {
exitError("tls key and cert required for TLS")
} else if path.IsAbs(*listenAddr) {
exitError("tls can only listen on an interface")
}

s.Addr = *listenAddr

if *tlsClientCA != "" {
pool, err := loadCertificatePool(*tlsClientCA)
if err != nil {
Expand All @@ -148,10 +155,26 @@ func main() {
log.Fatalln("fatal: server:", err)
}
} else {
log.Printf("info: server: listening on http://%s\n", s.Addr)
if path.IsAbs(*listenAddr) {
ln, err := net.Listen("unix", *listenAddr)
if err != nil {
log.Fatalln("fatal: server:", err)
}
defer ln.Close()

if err := s.ListenAndServe(); err != nil {
log.Fatalln("fatal: server:", err)
log.Printf("info: server: listening on unix://%s\n", *listenAddr)

if err := s.Serve(ln); err != nil {
log.Fatalln("fatal: server:", err)
}
} else {
s.Addr = *listenAddr

log.Printf("info: server: listening on http://%s\n", s.Addr)

if err := s.ListenAndServe(); err != nil {
log.Fatalln("fatal: server:", err)
}
}
}
}
Expand Down