On 24/12/22 16:38, raf wrote:
I wouldn't be too keen to do that. UNIX domain sockets are faster than TCP.
This is the first time I've ever heard that. Can you back this up with a link or something, I'd like to find out more.
There's nothing dirty about them. It's just another network address family. And they have some nice benefits.
There are good and bad sides to either one. Unix sockets are not limited in number like TCP sockets are, and UNIX sockets tend to be more secure than TCP sockets because they cannot, by default, be accessed across the public internet.
TCP sockets tend to be easier to work with, and often times "just work" when file permissions, SELinux or such get in the way of UNIX sockets working. Also you don't have to share a directory for a TCP socket to work. They can be limited to listen on localhost, but cannot be further limited (e.g. you can't easily limit which users, containers, or applications can access a TCP socket). They Can also be limited by the use of a firewall to make them more secure.
At the end of the day, which one you use is entirely up to you, and it's completely understandable if you struggle with getting a UNIX socket to work and just give up and use a TCP socket instead.
Peter
