On Wed, 2012-11-14 at 09:37 +0100, Jakub Scholz wrote: > Hi Andrew, > > Honestly, the first question I asked my self was how to specify it ... I do > not think I have some great solution :-(. > > My best idea was to kind of reuse the URLs from the clients .... i.e. > --interface=ssl:eth0:5671 for ssl only, --interface=tcp:eth0:5672 for > regular only and --interface=eth0:1234 for both. Yes, I agree this might be > more complicated to parse and configure. Also, it will be more complicated > to "verify" a consistent configuration and test the whole change, because > you have to expect that at least few people would > enter --interface=ssl:eth0:5671 and --interface=eth0:5671 at the same time. >
Another possibility: --interface-ssl=foo # only SSL --interface-no-ssl=foo # only non-SSL --interface=foo # both It's a bit clunky but it doesn't complicate the URL syntax and it can be added in a backward compatible way after --interface has been implemented. > Regards > Jakub > > > On Wed, Nov 14, 2012 at 4:51 AM, Andrew Stitcher <[email protected]>wrote: > > > On Wed, 2012-11-14 at 00:00 +0100, Jakub Scholz wrote: > > > Hi Andrew, > > > > > > It is not clear to me from your proposal whether I can specify multiple > > > interfaces to listen on. Can I pass multiple "interface=..." options in > > the > > > config file in the same way I can use multiple "log-level=..." options? > > > > Yes you can use multiple "interface" options. > > > > > > > > Also I think it would be great if I can distinguish between SSL and PLAIN > > > on different interfaces. For example on some of our brokers we have one > > > network interface which connects the broker to our internal network and > > > where we would like to use regular (non SSL) port only. The second > > > interface connects our external customers which always use only SSL. > > Right > > > now we use firewall to allow only regular port from internal network and > > > only SSL port from external. But it would be nice to have the interface > > > feature support this scenario. > > > > This capability is not part of this proposal, although I agree it is a > > useful one. The major reason I've not included it here is that I can't > > think of any good (and fairly simple) way of specifying this on a per > > --interface option level. > > > > I also think that this capability can be added later as another backward > > compatible option once we decide the best way to specify it. > > > > At the moment my thoughts on this are either extending the --interface > > syntax, but I don't want it to be too fiddly to understand or parse; > > inventing a new option to specify tcp only or ssl only on given > > interfaces (perhaps something like --tcp-only <interface> or --ssl-only > > <interface> repeated as necessary); something else? > > > > Thanks for the comments. > > > > Andrew > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
