Allow binding to UNIX domain socket

UNIX domain sockets are the recommended configuration for proxying with Nginx:
https://uvicorn.dev/deployment/#running-behind-nginx

backend/app.py

@@ -8,7 +8,7 @@ from fastapi import FastAPI, HTTPException, Depends, APIRouter
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from jose import jwt
 from utils.sqlite import SQLite
-from utils import API_VERSION, FIREGEX_PORT, FIREGEX_HOST, JWT_ALGORITHM, get_interfaces, socketio_emit, DEBUG, SysctlManager, NORELOAD
+from utils import API_VERSION, FIREGEX_PORT, FIREGEX_HOST, FIREGEX_SOCKET, JWT_ALGORITHM, get_interfaces, socketio_emit, DEBUG, SysctlManager, NORELOAD
 from utils.loader import frontend_deploy, load_routers
 from utils.models import ChangePasswordModel, IpInterface, PasswordChangeForm, PasswordForm, ResetRequest, StatusModel, StatusMessageModel
 from contextlib import asynccontextmanager
@@ -229,6 +229,7 @@ if __name__ == '__main__':
         # None allows to bind also on ipv6, and is selected if FIREGEX_HOST is any
         host=None if FIREGEX_HOST == "any" else FIREGEX_HOST,
         port=FIREGEX_PORT,
+        uds=FIREGEX_SOCKET,
         reload=DEBUG and not NORELOAD,
         access_log=True,
         workers=1, # Firewall module can't be replicated in multiple workers

backend/utils/__init__.py

@@ -26,6 +26,8 @@ DEBUG = "DEBUG" in sys.argv
 NORELOAD = "NORELOAD" in sys.argv
 FIREGEX_PORT = int(os.getenv("PORT","4444"))
 FIREGEX_HOST = os.getenv("HOST","0.0.0.0")
+FIREGEX_SOCKET_DIR = os.getenv("SOCKET_DIR", None)
+FIREGEX_SOCKET = os.path.join(FIREGEX_SOCKET_DIR, "firegex.sock") if FIREGEX_SOCKET_DIR else None
 JWT_ALGORITHM: str = "HS256"
 API_VERSION = "{{VERSION_PLACEHOLDER}}" if "{" not in "{{VERSION_PLACEHOLDER}}" else "0.0.0"