~emersion/tlstunnel#26: 
Ability to specify specific IPs to listen on

~emersion and I spoke about this on IRC.

I have a use case where I have a system with various IPs. I want to use 3 of them specific for 3 different services. Each service should support TLS for custom/ dynamic domains by users.

I'd like to have something like:

frontend <ip1>:443 {
    bind <ip1>:443
    ....
}

And repeat this for each IP and it's unique backend service. I think from our chat that some config and slight functionality changes would be required for this. I'm still very new to tlstunnel so I'm not quite sure what those changes would be but it would be a nice feature to be able to specify rules based on IP binding.

Status
REPORTED
Submitter
~petersanchez
Assigned to
No-one
Submitted
11 months ago
Updated
11 months ago
Labels
enhancement

~emersion 11 months ago

Random notes:

  • The host in frontend/listen is used for filtering the SNI only. It has no consequence on the bind address. Right now, all addresses/interfaces are always bound.
  • There might be multiple ports bound per frontend. For instance frontend foo:443 bar:993 binds both ports 443 and 993.
  • A bind directive wouldn't allow multiple hostnames to be bound to a different address/interface in a single frontend. But maybe that's niche enough.
  • If we allow specifying a port in bind, it might make frontend/listen less repetitive: no need to repeat the port each and very time. However, it would also be possible to have conflicting ports in bind and frontend/listen.
  • It might be desirable to bind to a Unix domain socket. In that case, port numbers are meaningless.
Register here or Log in to comment, or comment via email.