How to forward Unix domain sockets


(Yang.Y) #1

Core Tunnel supports Unix domain socket forwarding. This feature allows a Unix domain socket on the local machine to be forward to a remote TCP port, or a remote TCP port to be forwarded to a local Unix domain socket—using the same syntax that OpenSSH supports for forwarding to TCP ports. For example, a remote PostgreSQL database instance could be connected over a secure SSH channel to a Unix domain socket on the local machine:

The equivalent ssh command:

ssh -L/tmp/ username@someserver

It is also possible to connect two local Unix domain sockets over a SSH connection.

How can I enter unix socket path in address field?

By default, the forwarding table presents you a row with TCP/IP address field when editing a tunnel. It’s easy to transform into a unix domain socket field, just enter the absolute path of the domain socket in address field:

Then press Enter key:

Cleanup the domain socket after disconnection

If you don’t cleanup the domain socket after disconnection, the next time you connect to the tunnel, you are likely to run into trouble:

error: bind: Address already in use
error: unix_listener: cannot bind to path: /tmp/foo.sock

The unix domain sockets are not automatically removed when the socket is closed. The solution is to set the option of StreamLocalBindUnlink to yes:

A specific socket file can be used within one tunnel, reuse the socket file between tunnels can leads the old tunnel hanging after the new tunnel is connected.

FAQ – Core Tunnel
Support using a path on the remote side