~emersion and I spoke about this on IRC.
I have a use case where I have a system with various IPs. I want to use 3 of them specific for 3 different services. Each service should support TLS for custom/ dynamic domains by users.
I'd like to have something like:
frontend <ip1>:443 {
bind <ip1>:443
....
}
And repeat this for each IP and it's unique backend service. I think from our chat that some config and slight functionality changes would be required for this. I'm still very new to tlstunnel so I'm not quite sure what those changes would be but it would be a nice feature to be able to specify rules based on IP binding.
Random notes:
- The host in
frontend
/listen
is used for filtering the SNI only. It has no consequence on the bind address. Right now, all addresses/interfaces are always bound.- There might be multiple ports bound per frontend. For instance
frontend foo:443 bar:993
binds both ports 443 and 993.- A
bind
directive wouldn't allow multiple hostnames to be bound to a different address/interface in a single frontend. But maybe that's niche enough.- If we allow specifying a port in
bind
, it might makefrontend
/listen
less repetitive: no need to repeat the port each and very time. However, it would also be possible to have conflicting ports inbind
andfrontend
/listen
.- It might be desirable to bind to a Unix domain socket. In that case, port numbers are meaningless.