PostgreSQL configuration with Unix domain sockets assumes PGPORT=5432 #8509
Description
Version
v4.38.17, v4.38.8
Deployment Method
Bare-metal
Reverse Proxy
NGINX
Reverse Proxy Version
1.26.2
Description
When using PostgreSQL with UNIX domain sockets with PGPORT other than the default 5432, Authelia doesn't start since it always tries to append /.s.PGSQL.5432 to the path. Setting it to either /tmp or /tmp/.s.PGSQL.ACTUAL_PORT doesn't fix anything since the code still assumes port 5432 and appends the incorrect socket name. (Unfortunately, that port's already taken by another service, also lots of services use the correct port so just setting it back to the default is not really feasible.)
I guess this is related to lines 167-169 in sql_provider_backend_postgres.go but I don't actually speak Go so I unfortunately can't troubleshoot any more:
if dsnConfig.Port == 0 && config.Address.IsUnixDomainSocket() {
dsnConfig.Port = 5432
}Setting a port with the : notation doesn't work since it just assumes it's part of the path. PGPORT is set up correctly in the environment.
Reproduction
- Start a PostgreSQL server on port 25432 (actually, this doesn't matter, just not on 5432).
- Set up Authelia to use a UNIX socket to connect to it.
- Start Authelia.
- Wait for the errors from trying to treat a domain socket as a directory.
Expectations
Authelia starts up fine on the nonstandard domain socket.
Configuration (Authelia)
# this is the relevant part, I'm pretty sure endpoint config has no effect on the DB connection strings
storage:
postgres:
address: 'unix:///tmp/.s.PGSQL.25432' # if this is set to unix:///tmp, it tries to connect to unix:///tmp/.s.PGSQL
database: 'authelia'
username: 'authelia'
password: REDACTEDBuild Information
Last Tag: v4.38.17
State: tagged clean
Branch: v4.38.17
Commit: unknown
Build Number: xbps-src
Build OS: linux
Build Arch: amd64
Build Compiler: gc
Build Date: Wed, 25 Dec 2024 22:05:15 +0000
Extra:
Go:
Version: go1.23.4
Module Path:
Executable Path: command-line-argumentsLogs (Authelia)
2024-12-25T23:13:47.497804+01:00 fr-l7-sigma authelia: time="2024-12-25T23:13:47+01:00" level=info msg="Authelia v4.38.17 is starting"
2024-12-25T23:13:47.497868+01:00 fr-l7-sigma authelia: time="2024-12-25T23:13:47+01:00" level=info msg="Log severity set to debug"
2024-12-25T23:13:57.033768+01:00 fr-l7-sigma authelia: time="2024-12-25T23:13:57+01:00" level=error msg="Error occurred running a startup check" error="error pinging database: failed to connect to `user=authelia database=authelia`: /tmp/.s.PGSQL.25432/.s.PGSQL.5432 (/tmp/.s.PGSQL.25432): dial error: dial unix /tmp/.s.PGSQL.17535/.s.PGSQL.5432: connect: not a directory" provider=storage stack="github.com/authelia/authelia/v4/internal/commands/root.go:108 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:88 (*CmdCtx).RootRunE\ngithub.com/spf13/cobra@v1.8.1/command.go:985 (*Command).execute\ngithub.com/spf13/cobra@v1.8.1/command.go:1117 (*Command).ExecuteC\ngithub.com/spf13/cobra@v1.8.1/command.go:1041 (*Command).Execute\n./main.go:10 main\ninternal/runtime/atomic/types.go:194 (*Uint32).Load\nruntime/asm_amd64.s:1700 goexit"
2024-12-25T23:13:59.092983+01:00 fr-l7-sigma authelia: time="2024-12-25T23:13:59+01:00" level=fatal msg="One or more providers had fatal failures performing startup checks, for more detail check the error level logs" providers="[storage notification]" stack="github.com/authelia/authelia/v4/internal/commands/root.go:150 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:88 (*CmdCtx).RootRunE\ngithub.com/spf13/cobra@v1.8.1/command.go:985 (*Command).execute\ngithub.com/spf13/cobra@v1.8.1/command.go:1117 (*Command).ExecuteC\ngithub.com/spf13/cobra@v1.8.1/command.go:1041 (*Command).Execute\n./main.go:10 main\ninternal/runtime/atomic/types.go:194 (*Uint32).Load\nruntime/asm_amd64.s:1700 goexit"Logs (Proxy / Application)
never reached the point where a proxy would have been relevantDocumentation
This might originate from the implementation of stdlib.registerConnConfig() (https://pkg.go.dev/github.com/jackc/pgx/v4/stdlib#RegisterConnConfig) that instead of checking if a path is a directory or a domain socket, checks whether it ends with .s.PGSQL.PORT_NUMBER or something so completely random sockets would still not work if this part got fixed but that's really something I can't figure out from just the code and 0 Go knowledge, sorry.
Generative AI
No
Pre-Submission Checklist
-
I agree to follow the Code of Conduct
-
This is a bug report and not a support request
-
I have read the security policy and this bug report is not a security issue or security related issue
-
I have either included the complete configuration file or I am sure it's unrelated to the configuration
-
I have either included the complete debug / trace logs or the output of the build-info command if the logs are not relevant
-
I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide
-
I have checked for related proxy or application logs and included them if available
-
I have checked for related issues and checked the documentation