unix socket support (#2974)

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off below using a legally
identifiable
name](https://matrix-org.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: `Boris Rybalkin <ribalkin@gmail.com>`

I need this for Syncloud project (https://github.com/syncloud/platform)
where I run multiple apps behind an nginx on the same RPi like device so
unix socket is very convenient to not have port conflicts between apps.
Also someone opened this Issue:
https://github.com/matrix-org/dendrite/issues/2924

---------

Co-authored-by: kegsay <kegan@matrix.org>
Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>

2 files changed, 76 insertions, 11 deletions

diff --git a/setup/base/base.go b/setup/base/base.go
index aabdd793..dfe48ff3 100644
--- a/setup/base/base.go
+++ b/setup/base/base.go
@@ -20,9 +20,11 @@ import (
 	"database/sql"
 	"embed"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"html/template"
 	"io"
+	"io/fs"
 	"net"
 	"net/http"
 	_ "net/http/pprof"
@@ -85,8 +87,6 @@ type BaseDendrite struct {
 	startupLock            sync.Mutex
 }
 
-const NoListener = ""
-
 const HTTPServerTimeout = time.Minute * 5
 
 type BaseDendriteOptions int
@@ -345,18 +345,17 @@ func (b *BaseDendrite) ConfigureAdminEndpoints() {
 // SetupAndServeHTTP sets up the HTTP server to serve client & federation APIs
 // and adds a prometheus handler under /_dendrite/metrics.
 func (b *BaseDendrite) SetupAndServeHTTP(
-	externalHTTPAddr config.HTTPAddress,
+	externalHTTPAddr config.ServerAddress,
 	certFile, keyFile *string,
 ) {
 	// Manually unlocked right before actually serving requests,
 	// as we don't return from this method (defer doesn't work).
 	b.startupLock.Lock()
-	externalAddr, _ := externalHTTPAddr.Address()
 
 	externalRouter := mux.NewRouter().SkipClean(true).UseEncodedPath()
 
 	externalServ := &http.Server{
-		Addr:         string(externalAddr),
+		Addr:         externalHTTPAddr.Address,
 		WriteTimeout: HTTPServerTimeout,
 		Handler:      externalRouter,
 		BaseContext: func(_ net.Listener) context.Context {
@@ -419,7 +418,7 @@ func (b *BaseDendrite) SetupAndServeHTTP(
 
 	b.startupLock.Unlock()
 
-	if externalAddr != NoListener {
+	if externalHTTPAddr.Enabled() {
 		go func() {
 			var externalShutdown atomic.Bool // RegisterOnShutdown can be called more than once
 			logrus.Infof("Starting external listener on %s", externalServ.Addr)
@@ -437,9 +436,30 @@ func (b *BaseDendrite) SetupAndServeHTTP(
 					}
 				}
 			} else {
-				if err := externalServ.ListenAndServe(); err != nil {
-					if err != http.ErrServerClosed {
-						logrus.WithError(err).Fatal("failed to serve HTTP")
+				if externalHTTPAddr.IsUnixSocket() {
+					err := os.Remove(externalHTTPAddr.Address)
+					if err != nil && !errors.Is(err, fs.ErrNotExist) {
+						logrus.WithError(err).Fatal("failed to remove existing unix socket")
+					}
+					listener, err := net.Listen(externalHTTPAddr.Network(), externalHTTPAddr.Address)
+					if err != nil {
+						logrus.WithError(err).Fatal("failed to serve unix socket")
+					}
+					err = os.Chmod(externalHTTPAddr.Address, externalHTTPAddr.UnixSocketPermission)
+					if err != nil {
+						logrus.WithError(err).Fatal("failed to set unix socket permissions")
+					}
+					if err := externalServ.Serve(listener); err != nil {
+						if err != http.ErrServerClosed {
+							logrus.WithError(err).Fatal("failed to serve unix socket")
+						}
+					}
+
+				} else {
+					if err := externalServ.ListenAndServe(); err != nil {
+						if err != http.ErrServerClosed {
+							logrus.WithError(err).Fatal("failed to serve HTTP")
+						}
 					}
 				}
 			}
diff --git a/setup/base/base_test.go b/setup/base/base_test.go
index d906294c..658dc5b0 100644
--- a/setup/base/base_test.go
+++ b/setup/base/base_test.go
@@ -2,10 +2,13 @@ package base_test
 
 import (
 	"bytes"
+	"context"
 	"embed"
 	"html/template"
+	"net"
 	"net/http"
 	"net/http/httptest"
+	"path"
 	"testing"
 	"time"
 
@@ -18,7 +21,7 @@ import (
 //go:embed static/*.gotmpl
 var staticContent embed.FS
 
-func TestLandingPage(t *testing.T) {
+func TestLandingPage_Tcp(t *testing.T) {
 	// generate the expected result
 	tmpl := template.Must(template.ParseFS(staticContent, "static/*.gotmpl"))
 	expectedRes := &bytes.Buffer{}
@@ -35,7 +38,9 @@ func TestLandingPage(t *testing.T) {
 	s.Close()
 
 	// start base with the listener and wait for it to be started
-	go b.SetupAndServeHTTP(config.HTTPAddress(s.URL), nil, nil)
+	address, err := config.HTTPAddress(s.URL)
+	assert.NoError(t, err)
+	go b.SetupAndServeHTTP(address, nil, nil)
 	time.Sleep(time.Millisecond * 10)
 
 	// When hitting /, we should be redirected to /_matrix/static, which should contain the landing page
@@ -55,3 +60,43 @@ func TestLandingPage(t *testing.T) {
 	// Using .String() for user friendly output
 	assert.Equal(t, expectedRes.String(), buf.String(), "response mismatch")
 }
+
+func TestLandingPage_UnixSocket(t *testing.T) {
+	// generate the expected result
+	tmpl := template.Must(template.ParseFS(staticContent, "static/*.gotmpl"))
+	expectedRes := &bytes.Buffer{}
+	err := tmpl.ExecuteTemplate(expectedRes, "index.gotmpl", map[string]string{
+		"Version": internal.VersionString(),
+	})
+	assert.NoError(t, err)
+
+	b, _, _ := testrig.Base(nil)
+	defer b.Close()
+
+	tempDir := t.TempDir()
+	socket := path.Join(tempDir, "socket")
+	// start base with the listener and wait for it to be started
+	address := config.UnixSocketAddress(socket, 0755)
+	assert.NoError(t, err)
+	go b.SetupAndServeHTTP(address, nil, nil)
+	time.Sleep(time.Millisecond * 100)
+
+	client := &http.Client{
+		Transport: &http.Transport{
+			DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
+				return net.Dial("unix", socket)
+			},
+		},
+	}
+	resp, err := client.Get("http://unix/")
+	assert.NoError(t, err)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
+
+	// read the response
+	buf := &bytes.Buffer{}
+	_, err = buf.ReadFrom(resp.Body)
+	assert.NoError(t, err)
+
+	// Using .String() for user friendly output
+	assert.Equal(t, expectedRes.String(), buf.String(), "response mismatch")
+}