Add support for serving on Unix domain socket

ring-jetty-adapter/project.clj

@@ -7,11 +7,13 @@
  :dependencies [[org.clojure/clojure "1.7.0"]
  [ring/ring-core "1.10.0"]
  [ring/ring-servlet "1.10.0"]
- [org.eclipse.jetty/jetty-server "9.4.51.v20230217"]]
+ [org.eclipse.jetty/jetty-server "9.4.51.v20230217"]
+ [org.eclipse.jetty/jetty-unixsocket "9.4.51.v20230217"]]
  :aliases {"test-all" ["with-profile" "default:+1.8:+1.9:+1.10:+1.11" "test"]}
  :profiles
  {:dev {:dependencies [[clj-http "3.12.3"]
- [less-awful-ssl "1.0.6"]]
+ [less-awful-ssl "1.0.6"]
+ [io.projectreactor.netty/reactor-netty "1.1.5"]]
  :jvm-opts ["-Dorg.eclipse.jetty.server.HttpChannelState.DEFAULT_TIMEOUT=500"]}
  :1.8 {:dependencies [[org.clojure/clojure "1.8.0"]]}
  :1.9 {:dependencies [[org.clojure/clojure "1.9.0"]]}

ring-jetty-adapter/src/ring/adapter/jetty.clj

@@ -2,7 +2,8 @@
  "A Ring adapter that uses the Jetty 9 embedded web server.
 
  Adapters are used to convert Ring handlers into running web servers."
- (:require [ring.util.servlet :as servlet])
+ (:require [clojure.java.io :as io]
+ [ring.util.servlet :as servlet])
  (:import [org.eclipse.jetty.server
  Request
  Server
@@ -13,11 +14,13 @@
  SslConnectionFactory
  SecureRequestCustomizer]
  [org.eclipse.jetty.server.handler AbstractHandler]
+ [org.eclipse.jetty.unixsocket UnixSocketConnector]
  [org.eclipse.jetty.util BlockingArrayQueue]
  [org.eclipse.jetty.util.thread ThreadPool QueuedThreadPool]
  [org.eclipse.jetty.util.ssl SslContextFactory$Server KeyStoreScanner]
  [javax.servlet AsyncContext DispatcherType AsyncEvent AsyncListener]
  [javax.servlet.http HttpServletRequest HttpServletResponse]))
+(set! *warn-on-reflection* true)
 
 (defn- ^AbstractHandler proxy-handler [handler]
  (proxy [AbstractHandler] []
@@ -130,6 +133,25 @@
  (.setHost (options :host))
  (.setIdleTimeout (options :max-idle-time 200000)))))
 
+(defn- socket-connector
+ ^UnixSocketConnector [^Server server {:keys [unix-socket] :as options}]
+ (when (->> (System/getProperty "os.name")
+ (re-find #"(?i)^windows"))
+ (throw (ex-info "Unix sockets not supported on windows"
+ {:os (System/getProperty "os.name")
+ :unix-socket unix-socket})))
+ (let [http-factory (HttpConnectionFactory. (http-config options))
+ socket (io/file unix-socket)]
+ (when (.exists socket)
+ (throw (ex-info "File already exists at socket path; should be deleted before starting server"
+ {:unix-socket unix-socket})))
+ (.deleteOnExit socket)
+ (doto (UnixSocketConnector.
+ server
+ #^"[Lorg.eclipse.jetty.server.ConnectionFactory;" (into-array ConnectionFactory [http-factory]))
+ (.setUnixSocket (.getAbsolutePath socket))
+ (.setIdleTimeout (options :max-idle-time 200000)))))
+
 (defn- ^ThreadPool create-threadpool [options]
  (let [min-threads (options :min-threads 8)
  max-threads (options :max-threads 50)
@@ -150,10 +172,15 @@
 (defn- ^Server create-server [options]
  (let [pool (or (:thread-pool options) (create-threadpool options))
  server (Server. pool)]
- (when (:http? options true)
+ (when (:http? options (or ;; default is enabled when no socket specified
+ (not (:unix-socket options))
+ ;; enabled with socket when host/port set
+ (some options [:host :port])))
  (.addConnector server (http-connector server options)))
  (when (or (options :ssl?) (options :ssl-port))
  (.addConnector server (ssl-connector server options)))
+ (when (:unix-socket options)
+ (.addConnector server (socket-connector server options)))
  server))
 
 (defn ^Server run-jetty
@@ -170,10 +197,14 @@
  :join? - blocks the thread until server ends
  (defaults to true)
  :daemon? - use daemon threads (defaults to false)
- :http? - listen on :port for HTTP traffic (defaults to true)
+ :http? - listen on :port for HTTP traffic (defaults to true
+ unless :unix-socket is set)
  :ssl? - allow connections over HTTPS
  :ssl-port - the SSL port to listen on (defaults to 443, implies
  :ssl? is true)
+ :unix-socket - File to be used as a Unix domain socket; will be
+ passed to [io/file]. Ensure there is no file at
+ this location when starting the server.
  :ssl-context - an optional SSLContext to use for SSL connections
  :exclude-ciphers - when :ssl? is true, additionally exclude these
  cipher suites

ring-jetty-adapter/test/ring/adapter/test/jetty.clj

@@ -12,8 +12,12 @@
  [java.net ServerSocket ConnectException]
  [java.security KeyStore]
  [java.io SequenceInputStream ByteArrayInputStream InputStream
- IOException]
- [org.apache.http MalformedChunkCodingException]))
+ IOException
+ File]
+ [java.util.function Supplier]
+ [org.apache.http MalformedChunkCodingException]
+ [io.netty.channel.unix DomainSocketAddress]
+ [reactor.netty.http.client HttpClient]))
 
 (defn- hello-world [request]
  {:status 200
@@ -98,6 +102,23 @@
  "text/plain"))
  (is (= (:body response) "Hello World")))))
 
+ (testing "socket server"
+ (let [sock (File/createTempFile "ring-jetty-server-" ".sock")]
+ (.delete sock)
+ (with-server hello-world {:unix-socket sock}
+ (is (= (-> (HttpClient/create)
+ (.remoteAddress
+ (reify Supplier
+ (get [_]
+ (DomainSocketAddress. (.getAbsolutePath sock)))))
+ .get (.uri "/") .responseContent .aggregate .asString .block)
+ "Hello World")
+ "able to serve basic request")
+ (is (thrown-with-msg?
+ clojure.lang.ExceptionInfo #"File already exists"
+ (run-jetty hello-world {:unix-socket sock, :join? false}))
+ "starting a new server on existing socket should fail"))))
+
  (testing "HTTPS server"
  (with-server hello-world {:port test-port
  :ssl-port test-ssl-port