qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: Proposal: qpidd to listen on multiple network interfaces
Date Sun, 02 Dec 2012 20:04:56 GMT
Hi Alan,

In my opinion, this sounds also acceptable ...

Regards
Jakub


On Fri, Nov 30, 2012 at 5:54 PM, Alan Conway <aconway@redhat.com> wrote:

> On Wed, 2012-11-14 at 09:37 +0100, Jakub Scholz wrote:
> > Hi Andrew,
> >
> > Honestly, the first question I asked my self was how to specify it ... I
> do
> > not think I have some great solution :-(.
> >
> > My best idea was to kind of reuse the URLs from the clients .... i.e.
> > --interface=ssl:eth0:5671 for ssl only, --interface=tcp:eth0:5672 for
> > regular only and --interface=eth0:1234 for both. Yes, I agree this might
> be
> > more complicated to parse and configure. Also, it will be more
> complicated
> > to "verify" a consistent configuration and test the whole change, because
> > you have to expect that at least few people would
> > enter --interface=ssl:eth0:5671 and --interface=eth0:5671 at the same
> time.
> >
>
> Another possibility:
> --interface-ssl=foo    # only SSL
> --interface-no-ssl=foo # only non-SSL
> --interface=foo        # both
> It's a bit clunky but it doesn't complicate the URL syntax and it can be
> added in a backward compatible way after --interface has been
> implemented.
>
> > Regards
> > Jakub
> >
> >
> > On Wed, Nov 14, 2012 at 4:51 AM, Andrew Stitcher <astitcher@redhat.com
> >wrote:
> >
> > > On Wed, 2012-11-14 at 00:00 +0100, Jakub Scholz wrote:
> > > > Hi Andrew,
> > > >
> > > > It is not clear to me from your proposal whether I can specify
> multiple
> > > > interfaces to listen on. Can I pass multiple "interface=..." options
> in
> > > the
> > > > config file in the same way I can use multiple "log-level=..."
> options?
> > >
> > > Yes you can use multiple "interface" options.
> > >
> > > >
> > > > Also I think it would be great if I can distinguish between SSL and
> PLAIN
> > > > on different interfaces. For example on some of our brokers we have
> one
> > > > network interface which connects the broker to our internal network
> and
> > > > where we would like to use regular (non SSL) port only. The second
> > > > interface connects our external customers which always use only SSL.
> > > Right
> > > > now we use firewall to allow only regular port from internal network
> and
> > > > only SSL port from external. But it would be nice to have the
> interface
> > > > feature support this scenario.
> > >
> > > This capability is not part of this proposal, although I agree it is a
> > > useful one. The major reason I've not included it here is that I can't
> > > think of any good (and fairly simple) way of specifying this on a per
> > > --interface option level.
> > >
> > > I also think that this capability can be added later as another
> backward
> > > compatible option once we decide the best way to specify it.
> > >
> > > At the moment my thoughts on this are either extending the --interface
> > > syntax, but I don't want it to be too fiddly to understand or parse;
> > > inventing a new option to specify tcp only or ssl only on given
> > > interfaces (perhaps something like --tcp-only <interface> or --ssl-only
> > > <interface> repeated as necessary); something else?
> > >
> > > Thanks for the comments.
> > >
> > > Andrew
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > > For additional commands, e-mail: users-help@qpid.apache.org
> > >
> > >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message