provide a way for systemd-supervised services to listen on TLS via socket activation

author Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Sun, 17 Jul 2016 13:02:29 +0000 (15:02 +0200)

committer Ondřej Surý <ondrej@sury.org>

Fri, 5 Aug 2016 09:47:14 +0000 (11:47 +0200)
author Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Sun, 17 Jul 2016 13:02:29 +0000 (15:02 +0200)
committer Ondřej Surý <ondrej@sury.org>
Fri, 5 Aug 2016 09:47:14 +0000 (11:47 +0200)
diff --git a/daemon/main.c b/daemon/main.c

index c02adb0f2365c9641e70e640a6c2ea316eee6999..5c6dafb7ca61e732da7047e89ebf1a280869f9b7 100644 (file)
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -510,6 +510,8 @@ int main(int argc, char **argv)
                 }
                 if (!strcasecmp("control",socket_names[i])) {
                         control_fd = fd;
+               } else if (!strcasecmp("tls",socket_names[i])) {
+                       array_push(tls_fd_set, fd);
                 } else {
                         array_push(fd_set, fd);
                 }
diff --git a/systemd/knot-resolver-tls.socket b/systemd/knot-resolver-tls.socket

new file mode 100644 (file)

index 0000000..317dd2e
--- /dev/null
+++ b/systemd/knot-resolver-tls.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=Knot DNS Resolver TLS network listener
+Documentation=man:kresd(8)
+Before=sockets.target
+
+[Socket]
+ListenStream=853
+FileDescriptorName=tls
+Service=knot-resolver.service
+
+[Install]
+WantedBy=sockets.target
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Sun, 17 Jul 2016 13:02:29 +0000 (15:02 +0200)
committer	Ondřej Surý <ondrej@sury.org>
	Fri, 5 Aug 2016 09:47:14 +0000 (11:47 +0200)
daemon/main.c		patch \| blob \| blame \| history
systemd/knot-resolver-tls.socket	[new file with mode: 0644]	patch \| blob