Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connecting Rspamd to Redis and Nginx via Unix sockets #1905

quicktrick opened this issue Nov 3, 2017 · 7 comments

Connecting Rspamd to Redis and Nginx via Unix sockets #1905

quicktrick opened this issue Nov 3, 2017 · 7 comments


Copy link

quicktrick commented Nov 3, 2017

This is not an issue, this is a config example (everything is working on openSUSE Tumbleweed, Rspamd 1.6.5).


/etc/redis/rspamd.conf (changes only)

port 0
unixsocket /var/run/redis/rspamd.sock
unixsocketperm 770
pidfile /var/run/redis/
logfile /var/log/redis/rspamd.log
dir /var/lib/redis/rspamd/

You should create the directory /var/lib/redis/rspamd and make it writable for user redis.

If you need to launch a separate Redis instance for Rspamd, follow these instructions.


servers = "/var/run/redis/rspamd.sock";


backend = "redis";
autolearn = true;

Don't forget to add the user _rspamd to the group redis (run usermod -a -G redis _rspamd)

You can check the connection with this:

myserver:~ # redis-cli -s /run/redis/rspamd.sock
redis /run/redis/rspamd.sock> ping
redis /run/redis/rspamd.sock> monitor
1509722016.014458 [0 unix:/var/run/redis/rspamd.sock] "SMEMBERS" "BAYES_HAM_keys"
1509722018.522879 [0 unix:/var/run/redis/rspamd.sock] "SMEMBERS" "BAYES_SPAM_keys"
1509722018.523305 [0 unix:/var/run/redis/rspamd.sock] "HLEN" "BAYES_SPAM"
1509722018.523334 [0 unix:/var/run/redis/rspamd.sock] "HGET" "BAYES_SPAM" "learns"
1509722024.892442 [0 unix:/var/run/redis/rspamd.sock] "SMEMBERS" "BAYES_SPAM_keys"
1509722024.892870 [0 unix:/var/run/redis/rspamd.sock] "HLEN" "BAYES_SPAM"
1509722024.892899 [0 unix:/var/run/redis/rspamd.sock] "HGET" "BAYES_SPAM" "learns"


/etc/tmpfiles.d/rspamd.conf (create this file if needed and run systemd-tmpfiles --create)

d  /var/run/rspamd  0755  _rspamd  _rspamd  -


bind_socket = "/run/rspamd/worker-controller.socket mode=0666 owner=_rspamd";
password = "$2$paparrytknfm8...";
enable_password = "$2$paparrytknfm8...";


location /rspamd/ {
    auth_basic "Restricted Area";
    auth_basic_user_file /srv/www/.mydomain.tld.htpasswd;

    map $status $loggable {
        ~^[23]  0;
        default 1;
    access_log /var/log/nginx/rspamd.access.log combined if=$loggable;
    error_log /var/log/nginx/rspamd.error.log warn;
    proxy_pass http://unix:/run/rspamd/worker-controller.socket:/;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

I wrote this mainly for myself to store as an example for future use.

Copy link

vstakhov commented Nov 4, 2017

Why this issue is closed? We should add this information to the documentation I suppose (e.g. to a FAQ section).

@vstakhov vstakhov reopened this Nov 4, 2017
Copy link

fatalbanana commented Nov 4, 2017

Because it self-identifies as not an issue I suppose. :) This could go somewhere indeed but I'm not sure where, perhaps FAQ is best.

Copy link

vstakhov commented Nov 5, 2017

I have slightly changed Rspamd config sample to:

bind_socket = "/run/rspamd/worker-controller.socket mode=0660 owner=_rspamd group=www";

To avoid world readable/writable sockets. That should be a better approach if nginx uses www group.

Copy link

quicktrick commented Nov 6, 2017


Всеволод, it doesn't work that way. Even after you add your Nginx user to the group _rspamd. I don't know why. I tried it before I wrote my instruction.

Oh, sorry, I didn't try the Nginx group as the socket owner. I'll try it later. But... at the first glance it looks somewhat illogical for me to use another group owner for the Rspamd's socket than _rspamd group itself. I think it's better to find out why the Nginx user doesn't work even after its adding to the group _rspamd.

There is one more issue with the sockets. Every time I stop Rspamd manually, the temporary directory /var/run/rspamd disappears. It seems like Rspamd removes it. And I have to run systemd-tmpfiles --create every time I start the service manually after stopping it.

Vsevolod, I tried your change. It doesn't work on my server. Does it work on your server?

Copy link

fenice2 commented Nov 26, 2017


My 2c on this would be to add it to a new section of documentation that lists "How To" examples for rspamd configurations (and possibly 'tweaking'). While the FAQ, as such, is great for some information it's not the best place for anyone that wants to see or try a specific configuration in rspamd - not everyone that uses rspamd is an expert in this technology and yes, I'm in that bracket. :)

Copy link

Jean-Daniel commented Jan 16, 2018

I think that a quick change can be to simply add a line in the Upstream configuration doc to tell that servers also accept unix socket (in addition to ipv4 and ipv6). It would be very helpful and would have saved me a lot of time (I had to browse the sources to find how to specify a unix socket in the configuration…).

That does not prevent to also include the full sample elsewhere in the doc.

Copy link

fatalbanana commented Feb 24, 2018

FAQ was updated. Please send PRs for the website: it lives here - tips for working on it are here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

5 participants