Try using Unix Domain Sockets between Agent GRPC and Forward and Reverse Proxies

[CMCDragonkai]

Specification

The UDS is a fully local socket implementation now available on all POSIX systems and Windows 10.

It may be a more secure alternative to using TCP sockets between the Agent GRPC and the Forward and Reverse proxies. It certainly reduces the number of TCP ports we are occupying.

GRPC seems to be able to connect or listen on UDS. And Node http/net can also listen/connect on UDS.

This is not a critical feature, and should only be done if it works perfectly on Linux, Mac and Windows.

Advantages:

• More secure than using TCP sockets
• No need to mess with the proxy auth code to authenticate
• No need for global allocation and usage of a TCP port
• Can be faster than TCP port
• Can use filesystem permissions to secure the UDS socket (not sure about this on Windows 10)

Additional context

• https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
• Unable to connect to Unix socket using node-grpc client grpc/grpc-node#258 (comment)
• https://stackoverflow.com/questions/14655661/node-js-http-listen-on-local-unix-pipe-socket

Tasks

1. ...
2. ...
3. ...

[CMCDragonkai]

If in #234 we change to our own custom channel implementation, we may not need a completely external proxy. If external proxy is not used, this is not relevant. If it is still used, a UDS can be useful but we would need to ensure that also works on Android and iOS.

[CMCDragonkai]

This is not relevant anymore, we're going to stick with the TCP system, or use a custom channel or this issue is moot when we move out of GRPC #249.