Hi Alan, In my opinion, this sounds also acceptable ...
Regards Jakub On Fri, Nov 30, 2012 at 5:54 PM, Alan Conway <[email protected]> wrote: > On Wed, 2012-11-14 at 09:37 +0100, Jakub Scholz wrote: > > Hi Andrew, > > > > Honestly, the first question I asked my self was how to specify it ... I > do > > not think I have some great solution :-(. > > > > My best idea was to kind of reuse the URLs from the clients .... i.e. > > --interface=ssl:eth0:5671 for ssl only, --interface=tcp:eth0:5672 for > > regular only and --interface=eth0:1234 for both. Yes, I agree this might > be > > more complicated to parse and configure. Also, it will be more > complicated > > to "verify" a consistent configuration and test the whole change, because > > you have to expect that at least few people would > > enter --interface=ssl:eth0:5671 and --interface=eth0:5671 at the same > time. > > > > Another possibility: > --interface-ssl=foo # only SSL > --interface-no-ssl=foo # only non-SSL > --interface=foo # both > It's a bit clunky but it doesn't complicate the URL syntax and it can be > added in a backward compatible way after --interface has been > implemented. > > > Regards > > Jakub > > > > > > On Wed, Nov 14, 2012 at 4:51 AM, Andrew Stitcher <[email protected] > >wrote: > > > > > On Wed, 2012-11-14 at 00:00 +0100, Jakub Scholz wrote: > > > > Hi Andrew, > > > > > > > > It is not clear to me from your proposal whether I can specify > multiple > > > > interfaces to listen on. Can I pass multiple "interface=..." options > in > > > the > > > > config file in the same way I can use multiple "log-level=..." > options? > > > > > > Yes you can use multiple "interface" options. > > > > > > > > > > > Also I think it would be great if I can distinguish between SSL and > PLAIN > > > > on different interfaces. For example on some of our brokers we have > one > > > > network interface which connects the broker to our internal network > and > > > > where we would like to use regular (non SSL) port only. The second > > > > interface connects our external customers which always use only SSL. > > > Right > > > > now we use firewall to allow only regular port from internal network > and > > > > only SSL port from external. But it would be nice to have the > interface > > > > feature support this scenario. > > > > > > This capability is not part of this proposal, although I agree it is a > > > useful one. The major reason I've not included it here is that I can't > > > think of any good (and fairly simple) way of specifying this on a per > > > --interface option level. > > > > > > I also think that this capability can be added later as another > backward > > > compatible option once we decide the best way to specify it. > > > > > > At the moment my thoughts on this are either extending the --interface > > > syntax, but I don't want it to be too fiddly to understand or parse; > > > inventing a new option to specify tcp only or ssl only on given > > > interfaces (perhaps something like --tcp-only <interface> or --ssl-only > > > <interface> repeated as necessary); something else? > > > > > > Thanks for the comments. > > > > > > Andrew > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
