Add support for systemd socket activation (#704)

* feat: add support for systemd socket activation If webhook has been launched via systemd socket activation, simply use the systemd-provided socket rather than opening our own. * docs: documentation for the systemd socket activation mode * refactor: moved setuid and setgid flags into platform-specific section The setuid and setgid flags do not work on Windows, so moved them to platform_unix so they are only added to the flag set on compatible platforms. Also disallow the use of setuid and setgid in combination with -socket, since a setuid webhook process would not be able to clean up a socket that was created while running as root. If you _need_ to have the socket owned by root but the webhook process running as a normal user, you can achieve the same effect with systemd socket activation.
2025-07-03 01:38:31 +00:00 · 2024-10-25 22:18:04 +01:00 · 2024-10-25 22:18:04 +01:00 · 98cf5d0163
commit 98cf5d0163
parent 9cd78fca1a
13 changed files with 529 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -117,6 +117,9 @@ Note that when running in this mode the [`ip-whitelist`](docs/Hook-Rules.md#matc
 ## CORS Headers
 If you want to set CORS headers, you can use the `-header name=value` flag while starting [webhook][w] to set the appropriate CORS headers that will be returned with each response.

+## Running under `systemd`
+On platforms that use [systemd](https://systemd.io), [webhook][w] supports the _socket activation_ mechanism.  If [webhook][w] detects that it has been launched from a systemd-managed socket it will automatically use that instead of opening its own listening port.  See [the systemd page](docs/Systemd-Activation.md) for full details.
+
 ## Interested in running webhook inside of a Docker container?
 You can use one of the following Docker images, or create your own (please read [this discussion](https://github.com/adnanh/webhook/issues/63)):
 - [almir/webhook](https://github.com/almir/docker-webhook)