Hi Andrew, Honestly, the first question I asked my self was how to specify it ... I do not think I have some great solution :-(.
My best idea was to kind of reuse the URLs from the clients .... i.e. --interface=ssl:eth0:5671 for ssl only, --interface=tcp:eth0:5672 for regular only and --interface=eth0:1234 for both. Yes, I agree this might be more complicated to parse and configure. Also, it will be more complicated to "verify" a consistent configuration and test the whole change, because you have to expect that at least few people would enter --interface=ssl:eth0:5671 and --interface=eth0:5671 at the same time. Regards Jakub On Wed, Nov 14, 2012 at 4:51 AM, Andrew Stitcher <[email protected]>wrote: > On Wed, 2012-11-14 at 00:00 +0100, Jakub Scholz wrote: > > Hi Andrew, > > > > It is not clear to me from your proposal whether I can specify multiple > > interfaces to listen on. Can I pass multiple "interface=..." options in > the > > config file in the same way I can use multiple "log-level=..." options? > > Yes you can use multiple "interface" options. > > > > > Also I think it would be great if I can distinguish between SSL and PLAIN > > on different interfaces. For example on some of our brokers we have one > > network interface which connects the broker to our internal network and > > where we would like to use regular (non SSL) port only. The second > > interface connects our external customers which always use only SSL. > Right > > now we use firewall to allow only regular port from internal network and > > only SSL port from external. But it would be nice to have the interface > > feature support this scenario. > > This capability is not part of this proposal, although I agree it is a > useful one. The major reason I've not included it here is that I can't > think of any good (and fairly simple) way of specifying this on a per > --interface option level. > > I also think that this capability can be added later as another backward > compatible option once we decide the best way to specify it. > > At the moment my thoughts on this are either extending the --interface > syntax, but I don't want it to be too fiddly to understand or parse; > inventing a new option to specify tcp only or ssl only on given > interfaces (perhaps something like --tcp-only <interface> or --ssl-only > <interface> repeated as necessary); something else? > > Thanks for the comments. > > Andrew > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
