You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- All users of the ASGI specification using a unix socket as a listener.
Hello Nginx Team and Contributors,
Today I found a problem when using unix socket with ASGI spec.
I’ll note right away that at the time of testing, the WSGI specification using a tcp socket and a unix socket works correctly.
ASGI with tcp sockets also works fine.
When you use ASGI with a unix listener, you get an error (#635):
[alert] 32427#513572 [unit] #8: Python failed to create 'client' pair
[alert] 32427#513572 [unit] Python failed to call 'loop.call_soon'
Traceback (most recent call last):
File "/home/shared/Builds/Python-3.10.2/lib/python3.10/asyncio/base_events.py", line 745, in call_soon
self._check_closed()
ValueError: invalid literal for int() with base 10: ''
As I think, the problem is hidden initially in the function: nxt_py_asgi_create_address which parses the address incorrectly and uses a "unix:" client address that cannot be replaced with "X-Forwarded-For" due to configuration validators that only allow replacement for source CIDR addresses that cannot be source when using unix-socket.
@VBart's suggestion of using the "X-Forwarded-For" header for unix sockets could be a solution if the config validator accepts options that match not only CIDR, but also specify a mask like: "*" or "unix" or "0.0.0.0/0"(applicable to unix sockets) that trusts any source address to replace and specify the client address when using a unix socket.
As far as I remember, something similar is used, for example, in the implementation of uWSGI and ALLOWED_HOSTS.
It is currently not possible to get a listener to work using a unix socket and ASGI at the same time. For me personally, this is a serious problem, given the specifics of tcp and unix sockets.
UPDATE:
After additional research of the problem, I came to the conclusion that this problem consists of two, in connection with this, I decided to separate the two different problems:
This issue is only partly related to issue #642, since the header: "X-Forwarded-For" may or may not be set, but ASGI spec should work with the unix: socket properly.
The text was updated successfully, but these errors were encountered:
Good afternoon mar0x. Yes, this is a duplicate of the essence of the problem, but it gives detailed definitions without reference to the framework used, as was the case in #635. I hope that the information I have provided will help the community to quickly understand this problem and propose a solution. Since the problem was identified as a bug in #635, no working solution other than temporarily bypassing the problem by switching to a tcp socket has been proposed (thanks for that nonetheless).
Who is affected?
- All users of the ASGI specification using a unix socket as a listener.
Hello Nginx Team and Contributors,
Today I found a problem when using unix socket with ASGI spec.
I’ll note right away that at the time of testing, the WSGI specification using a tcp socket and a unix socket works correctly.
ASGI with tcp sockets also works fine.
When you use ASGI with a unix listener, you get an error (#635):
As I think, the problem is hidden initially in the function:
nxt_py_asgi_create_address
which parses the address incorrectly and uses a"unix:"
client address that cannot be replaced with"X-Forwarded-For"
due to configuration validators that only allow replacement for source CIDR addresses that cannot be source when using unix-socket.@VBart's suggestion of using the
"X-Forwarded-For"
header for unix sockets could be a solution if the config validator accepts options that match not only CIDR, but also specify a mask like:"*"
or"unix"
or"0.0.0.0/0"
(applicable to unix sockets) that trusts anysource
address to replace and specify the client address when using a unix socket.As far as I remember, something similar is used, for example, in the implementation of uWSGI and ALLOWED_HOSTS.
It is currently not possible to get a listener to work using a unix socket and ASGI at the same time. For me personally, this is a serious problem, given the specifics of tcp and unix sockets.
UPDATE:
After additional research of the problem, I came to the conclusion that this problem consists of two, in connection with this, I decided to separate the two different problems:
This issue is only partly related to issue #642, since the header:
"X-Forwarded-For"
may or may not be set, but ASGI spec should work with theunix:
socket properly.The text was updated successfully, but these errors were encountered: