From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass smtp.mailfrom=orleans.occnc.com; dkim=fail header.d=orleans.occnc.com; arc=none (Message is not ARC signed); dmarc=none Received: from mta6-tap0.andover.occnc.com (mta6-tap0.andover.occnc.com [IPv6:2600:2c00:b000:2500::153]) by mail.toke.dk (Postfix) with ESMTPS id 01ED3EC104F for ; Thu, 26 Mar 2026 04:21:00 +0100 (CET) Received: from harbor6.andover.occnc.com (harbor6.andover.occnc.com [IPv6:2600:2c00:b000:2500::610b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519MLKEM768 server-signature ECDSA (secp384r1) server-digest SHA384) (Client did not present a certificate) (Authenticated sender: curtis@occnc.com) by mta6-tap0.andover.occnc.com (Postfix) with ESMTPSA id 52C90FCC3; Wed, 25 Mar 2026 23:20:57 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orleans.occnc.com; s=curtis-orleans-20250605-224653; t=1774495257; bh=cadh/0STiGZqmUAitKVS8Qk46az5xIR7XV9YPT5kDp8=; h=To:cc:Reply-To:From:Subject:In-reply-to:Date; b=l3tCFVYUaLbJnMydijfldNfVZAiLBoAK1jlT8tM+dXNT4tt+gRDnMwYjhfccmfTNw tF1veFtGK03gl3A35PKmF1LbavFTZWB7OOg3q8+r3RTix2eulwcAXDhBbqXET+PvxJ 1vCPpcUag2uvKv2waoZY4yuvRhdV5lZnMyn6iWU3qfQdhmIZPydn0q3N1LKAss//CW Lrhq6upoplV1bjjalvwZF5KEziG/DFKf3p5VNRIafdkI3fJz3zMb3DC9oG0k+vabJv NFIEVSGETuUmd6tDl5eKC35hpY0d9aw+Bo2dsV+fL2u39S39R4GzeStR+D79pI8FkI AT6hS9HnLut3A== To: Craig Miller cc: galene@lists.galene.org From: Curtis Villamizar In-reply-to: Your message of "Wed, 25 Mar 2026 12:33:44 -0700." <65701701-9484-4415-8b91-16c0aea5072c@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <22950.1774494836.1@harbor6.andover.occnc.com> Content-Transfer-Encoding: quoted-printable Date: Wed, 25 Mar 2026 23:13:56 -0400 Message-ID: <177449526358.1734.17845466575495376373@gauss> Message-ID-Hash: MLYL54J7L4MNNWDY55GE52EAFQULL7EI X-Message-ID-Hash: MLYL54J7L4MNNWDY55GE52EAFQULL7EI X-MailFrom: curtis@orleans.occnc.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Reply-To: Curtis Villamizar Subject: [Galene] Re: Galene and multiple IP listeners (was Re: galene on IPv6 only) List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: In message <65701701-9484-4415-8b91-16c0aea5072c@gmail.com> Craig Miller writes: > = > Hi Curtis, > = > Wow, those are some nice improvements. I am especially interested in the= = > update to the '-http' supporting multiple addresses. I could then add an= = > IPv6 address just for Galene, and have it listen to just that address. > = > I already have nginx doing something similar with multiple webservers = > listening on individual IPv6 addresses. > = > Craig... I can send diffs if you want to try it and also if you want to take a look at the code. I tried to keep to the same style. Off list for now if you like. Waiting to hear from Juliusz on what he wants to do. btw- I added some logging. Startup, one line summary of listen requests after expanding, user connect to ws, and shutdown. So one line for each successful login on connect to ws with the address. Curtis > On 3/23/26 20:41, Curtis Villamizar wrote: > > replying to myself ... again > > > > I changed the subject but kept the In-reply-to for the benefit of > > mailing lists software threads tracking. > > > > This is a separate but closely related topic. > > > > I made some changes that affect the command line. I added some bool > > flags: -help, -dryrun, -expandwildcard. I changed -http but kept > > compatibilty with existing use. The argument is now a comma or space > > separated list. I also changed -insecure a bit but kept compatibilty > > with existing use. Using -insecure changes a default. > > > > The main change is to allow multiple listeners to be attached to the > > http instance. Some can use http such as on port 80. Some can use > > https such as on port 443. > > > > Before sending patches I would like to know if there is agreement on > > the objective. One objective, multiple addresses, is indirectly > > described by the -help that was added. > > > > -cpuprofile file > > store CPU profile in file > > -data directory > > data directory (default "./data/") > > + -disable-relay-test > > disable the relay test > > + -disable-turn > > disable TURN (if true overrides -turn) > > + -dryrun > > log messages and exit > > + -expandwildcard > > expand a wildcard entry to the list of interface addresses > > -groups directory > > group description directory (default "./groups/") > > + -help > > print help message and exit > > -http address > > * space or comma separately list of web server address (defaul= t ":8443") > > -insecure > > act as an HTTP server rather than HTTPS > > -mdns > > gather mDNS addresses > > -memprofile file > > store memory profile in file > > -mutexprofile file > > store mutex profile in file > > -recordings directory > > recordings directory (default "./recordings/") > > -relay-only > > require use of TURN relays for all media traffic > > -static directory > > web server root directory (default "./static/") > > -turn address > > built-in TURN server address ("" to disable) (default "auto= ") > > -udp-range port > > UDP port (multiplexing) or port1-port2 (range) > > > > Addreses are of the following formats: > > [
]:[=3D(secure|insecure) > > > > If address is omited either a wildcard or all of the interface > > addresses will be used. Port must be a port number or well known > > port name. Addresses can be a host name and all DNS addresses > > (all DNS A records and AAAA records) will be used. An Address can > > be IPv4 dotted quad format. An Address can also be IPv6 format > > inside '[' amd ']'. An equal sign ('=3D') followed by either 'i', > > 'insecure', 's', or 'secure' determines whether TLS is used. > > The -insecure flags changes the default from secure to insecure. > > > > Examples: > > 0.0.0.0:80=3Di,[::]:443=3Ds no TLS on port 80, TLS on 443 > > :http=3Dinsecure,:https=3Dsecure same thing said differently > > myhost.example.com:443 lookup DNS addresses and use > > [2001:db8::1]:443 use an example IPv6 on port 443 > > 127.0.0.1:443,[::1]:443 run on IPv4 and IPv6 loopback > > :443 default TLS use on 443 aka https > > > > Any amoount of white space or commas can be used to separate > > entries in the list of addresses, but shell escaping or quotes > > will be needed on linux/*ix/*bsd command lines. > > > > An alternate to the -http argument is to list the addresses on > > the command line. Both can be used. Duplicates are removed. > > Multiple http listenners may be created. A good way to see > > how the address list is expanded is to use -dryrun. > > > > The blurb following the flags.Output() dump is also part of the -help > > output. > > > > After flags were parsed additional arguments were ignored. Making the > > Address variable an AddressList the following lines were different. > > > > galene [other args] -http ":80=3Di :443=3Ds" > > galene [other args] -http :80=3Di :443=3Ds > > > > In the second case the :443=3Ds was silently ignored. Making any > > trailing arguments additions to AddressList so the above two produce > > the same result. > > > > The next two have an unexpected addition because the default to -http > > is currently :8443. > > > > galene [other args] :80=3Di :443=3Ds > > galene [other args] ":80=3Di :443=3Ds" > > > > In both cases the result is :8443=3Ds :80=3Di :443=3Ds, where :8443 ta= kes > > the default of https (no -insecure used). > > > > That could be fixed by making the default for -http an empty string > > and then processing trailing args and then if AddressList is empty > > substituting ":8443". I think that is the best solution as it doesn't > > change existing use. The default is just added in a different place. > > > > The -expandwildcard changes the way something like :443 is expanded. > > Normally it is expanded to "tcp4 :443 secure" plus "tcp6 :443 secure" > > for a dual stack host so go net library does two wildcard listen, one > > each for tcp4 and tcp6. If the host only has IPv4 or IPv6 addresses > > but not both it only does one listen. With -expandwildcard the > > wildcard (the missing address) is expanded to the set of interface > > addresses, including loopback. So three addresses and two protocol > > families yields six instances of listener. > > > > Similarly if you give it a host name it does a DNS lookup and produces > > a list of addresses, some IPv4 and some IPv6. It uses tcp4 for the > > IPv4 and tcp6 for the IPv6. It doesn't matter whether there is one IP > > address or a dozen, just not zero. For more than one address, more > > than on listener is needed. > > > > I'm using the -disable-relay-test. Right now the -disable-turn breaks > > things even though setting "auto" with no turn server and > > -disable-relay-test does nothing except complain "TURN: no public > > addresses". Also mDNS keeps getting turned on which I haven't looked > > at. I need to fix -disable-turn or remove it. > > > > I'm not sending the diffs yet. First I would like to know if this is > > something that is wanted/needed by galene. Once that is decided it > > might be best to send diffs as a github pull request. > > > > Curtis