Switch to using a Unix socket bind for API and Content services
The use of a Unix socket between the deployed service and the reverse proxy provides tighter security as the only users who can access the socket are root and the configured SocketUser. The introduction of a systemd socket with a ListenStream also provides automatic activation of the underlying service and safer restarts.
This change is backwards incompatible as it removes the host and port parameters for the API and Content services in favor of a single bind parameter for each.
Added by Eric Helms over 3 years ago
Switch to using a Unix socket bind for API and Content services
The use of a Unix socket between the deployed service and the reverse
proxy provides tighter security as the only users who can access the
socket are root and the configured SocketUser. The introduction of
a systemd socket with a ListenStream also provides automatic activation
of the underlying service and safer restarts.
This change is backwards incompatible as it removes the host and port parameters
for the API and Content services in favor of a single bind parameter for each.