From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mail.toke.dk; spf=pass smtp.mailfrom=; dkim=pass header.d=gmail.com; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=gmail.com policy.dmarc=quarantine
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534])
	by mail.toke.dk (Postfix) with ESMTPS id E4C43EBE6EB
	for <galene@lists.galene.org>; Wed, 25 Mar 2026 20:33:48 +0100 (CET)
Received: by mail-pg1-x534.google.com with SMTP id 41be03b00d2f7-c70ea5e9e9dso139344a12.1
        for <galene@lists.galene.org>; Wed, 25 Mar 2026 12:33:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1774467226; x=1775072026; darn=lists.galene.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id:from
         :to:cc:subject:date:message-id:reply-to;
        bh=nagIR09m2avZZJmn1OjOXlZutaqCHpjDp9XxRrcgMm8=;
        b=VwGxhbIcGJciJrWIPUkpnjo495cfr82TgEbrL0UTtxWm2t2HNhZ+CuZZkaXG4oA/Fd
         8C5Ya9cwm7ulCbiWIKDjKadpasXH15tHuTBy9vEv5cl0TX+76tLBLD0A4FYsJTda44mQ
         RsdNpgXiEboG1J7eHdeD9sk+pP6R634tSR6+D4YGplnonMdNdrF8pkcdavAMNsv90ELN
         dJgx02aYoOcNHycJ8Cgx7I3VtWId4jqUWqk3fwIzQ979ww1j7HSBSmmLsi4TWJxZhU4R
         9jKBxcCuSOmltsiTvDuXkh8zwQyNlwSb1JRE8RsEyhu9iy/frlCXakwxoEdZgmK/etwO
         5PQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774467226; x=1775072026;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=nagIR09m2avZZJmn1OjOXlZutaqCHpjDp9XxRrcgMm8=;
        b=JeM1QJSGvDuoa4zA7w4ZOC9aHztOd5OsHrwalg+rNpTRry/A3ATFItD9qD1Rswhkn5
         YbUd4pVNLjMSkr1WlNCLUmO59sMFsmiHLYmRGaItUu77vfbfx8M5+I+5xf48X92Lphf3
         dFmKtrrQPUbXWEEMOJ0vbgtGAq4J2qHKlj44vAk0n/mEmK/8dRzmxIfvo9/z7d7NhE0u
         z4DUVcCUvVnMJG4EshjX1qOeLdCPZa1J8LIJDOTSexhMenqZuZTb1V446IARc9w00Kd0
         u62IHl38p0ZqlVep8ksV6wsyxsUPoVfQ4GVd1BNOHiU1VDn1Q6zEf5wbZC9DqOtvLUQV
         SOCw==
X-Gm-Message-State: AOJu0YxUvy9ejpsByfzM/lkPsQyp32Wvz+COUaBESloUxFQmXik7rDI0
	Te1x/T0YQ4zIYgFvoeWauJ0BPnf+1dIjyX3wNn2G14+IYOxJdV2XM+KXT8IrtQ==
X-Gm-Gg: ATEYQzxd+pXdFaYNOupoYXeFcbYWedBgYOtpfv5o9NlkcGBKTIrrY4TO1nAVQfZV6kH
	FuSRhz8TsDJ3tjar2E4NaPIf4ZT3jbw4LRqEiKPtpJhuc8oYqXN5G+trm/VqKNXnxIeeIUfIEJ7
	GlTetb8DWU/oOsC0rQo+LKQ8C5ILOueKyyW1/fVd7x8kPBMjiK9PyxZ/FvXw1eRrcS/2LvTjgeB
	sAF8vPD8u/GpDH3g71oI9KWFc7MXLNf3fIyIDIu4Kf/qMCv6LyzyhjP29e22yOaCy+WicWelZEZ
	s5g8GiWi3R4pptSQOT3e5dVN47y62rlQj/NnYTdK3wJOFDKDgUpb0sEwxXQPURqfu8hkEr+hdLG
	E2f0CRYptU9hqvKwOhwUN33GsZ7pYQ19+HG7EBoTyJIK3hmmkZxbeg6n5IKJURawDjeyFq+W8pK
	jKIvW73ZUGIbwFI75uBJ/ouRd/908Rt1SS
X-Received: by 2002:a05:6a20:748b:b0:39c:1871:7c6e with SMTP id adf61e73a8af0-39c4aaf921fmr5118899637.16.1774467225875;
        Wed, 25 Mar 2026 12:33:45 -0700 (PDT)
Received: from ?IPV6:2604:3d08:1381:5f60::9cd? ([2604:3d08:1381:5f60::9cd])
        by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c7673984212sm228623a12.30.2026.03.25.12.33.45
        for <galene@lists.galene.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 25 Mar 2026 12:33:45 -0700 (PDT)
Message-ID: <65701701-9484-4415-8b91-16c0aea5072c@gmail.com>
Date: Wed, 25 Mar 2026 12:33:44 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: galene@lists.galene.org
References: <177432409034.1734.9147625319715687134@gauss>
Content-Language: en-US
From: Craig Miller <cvmiller@gmail.com>
In-Reply-To: <177432409034.1734.9147625319715687134@gauss>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID-Hash: WF4LQKUSY2CJD6HG77GRRFF2XG2PUG3H
X-Message-ID-Hash: WF4LQKUSY2CJD6HG77GRRFF2XG2PUG3H
X-MailFrom: cvmiller@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Galene] Re: Galene and multiple IP listeners (was Re: galene on IPv6 only)
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/65701701-9484-4415-8b91-16c0aea5072c@gmail.com/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Owner: <mailto:galene-owner@lists.galene.org>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

Hi Curtis,

Wow, those are some nice improvements. I am especially interested in the 
update to the '-http' supporting multiple addresses. I could then add an 
IPv6 address just for Galene, and have it listen to just that address.

I already have nginx doing something similar with multiple webservers 
listening on individual IPv6 addresses.

Craig...

On 3/23/26 20:41, Curtis Villamizar wrote:
> replying to myself ... again
>
> I changed the subject but kept the In-reply-to for the benefit of
> mailing lists software threads tracking.
>
> This is a separate but closely related topic.
>
> I made some changes that affect the command line.  I added some bool
> flags: -help, -dryrun, -expandwildcard.  I changed -http but kept
> compatibilty with existing use.  The argument is now a comma or space
> separated list.  I also changed -insecure a bit but kept compatibilty
> with existing use.  Using -insecure changes a default.
>
> The main change is to allow multiple listeners to be attached to the
> http instance.  Some can use http such as on port 80.  Some can use
> https such as on port 443.
>
> Before sending patches I would like to know if there is agreement on
> the objective.  One objective, multiple addresses, is indirectly
> described by the -help that was added.
>
>      -cpuprofile file
>            store CPU profile in file
>      -data directory
>            data directory (default "./data/")
>   +  -disable-relay-test
>            disable the relay test
>   +  -disable-turn
>            disable TURN (if true overrides -turn)
>   +  -dryrun
>            log messages and exit
>   +  -expandwildcard
>            expand a wildcard entry to the list of interface addresses
>      -groups directory
>            group description directory (default "./groups/")
>   +  -help
>            print help message and exit
>      -http address
>   *       space or comma separately list of web server address (default ":8443")
>      -insecure
>            act as an HTTP server rather than HTTPS
>      -mdns
>            gather mDNS addresses
>      -memprofile file
>            store memory profile in file
>      -mutexprofile file
>            store mutex profile in file
>      -recordings directory
>            recordings directory (default "./recordings/")
>      -relay-only
>            require use of TURN relays for all media traffic
>      -static directory
>            web server root directory (default "./static/")
>      -turn address
>            built-in TURN server address ("" to disable) (default "auto")
>      -udp-range port
>            UDP port (multiplexing) or port1-port2 (range)
>
>    Addreses are of the following formats:
>      [<address>]:<port>[=(secure|insecure)
>
>    If address is omited either a wildcard or all of the interface
>    addresses will be used.  Port must be a port number or well known
>    port name.  Addresses can be a host name and all DNS addresses
>    (all DNS A records and AAAA records) will be used.  An Address can
>    be IPv4 dotted quad format.  An Address can also be IPv6 format
>    inside '[' amd ']'.  An equal sign ('=') followed by either 'i',
>    'insecure', 's', or 'secure' determines whether TLS is used.
>    The -insecure flags changes the default from secure to insecure.
>
>    Examples:
>      0.0.0.0:80=i,[::]:443=s         no TLS on port 80, TLS on 443
>      :http=insecure,:https=secure    same thing said differently
>      myhost.example.com:443          lookup DNS addresses and use
>      [2001:db8::1]:443               use an example IPv6 on port 443
>      127.0.0.1:443,[::1]:443         run on IPv4 and IPv6 loopback
>      :443                            default TLS use on 443 aka https
>
>    Any amoount of white space or commas can be used to separate
>    entries in the list of addresses, but shell escaping or quotes
>    will be needed on linux/*ix/*bsd command lines.
>
>    An alternate to the -http argument is to list the addresses on
>    the command line.  Both can be used.  Duplicates are removed.
>    Multiple http listenners may be created.  A good way to see
>    how the address list is expanded is to use -dryrun.
>
> The blurb following the flags.Output() dump is also part of the -help
> output.
>
> After flags were parsed additional arguments were ignored.  Making the
> Address variable an AddressList the following lines were different.
>
>      galene [other args] -http ":80=i :443=s"
>      galene [other args] -http :80=i :443=s
>
> In the second case the :443=s was silently ignored.  Making any
> trailing arguments additions to AddressList so the above two produce
> the same result.
>
> The next two have an unexpected addition because the default to -http
> is currently :8443.
>
>      galene [other args] :80=i :443=s
>      galene [other args] ":80=i :443=s"
>
> In both cases the result is :8443=s :80=i :443=s, where :8443 takes
> the default of https (no -insecure used).
>
> That could be fixed by making the default for -http an empty string
> and then processing trailing args and then if AddressList is empty
> substituting ":8443".  I think that is the best solution as it doesn't
> change existing use.  The default is just added in a different place.
>
> The -expandwildcard changes the way something like :443 is expanded.
> Normally it is expanded to "tcp4 :443 secure" plus "tcp6 :443 secure"
> for a dual stack host so go net library does two wildcard listen, one
> each for tcp4 and tcp6.  If the host only has IPv4 or IPv6 addresses
> but not both it only does one listen.  With -expandwildcard the
> wildcard (the missing address) is expanded to the set of interface
> addresses, including loopback.  So three addresses and two protocol
> families yields six instances of listener.
>
> Similarly if you give it a host name it does a DNS lookup and produces
> a list of addresses, some IPv4 and some IPv6.  It uses tcp4 for the
> IPv4 and tcp6 for the IPv6.  It doesn't matter whether there is one IP
> address or a dozen, just not zero.  For more than one address, more
> than on listener is needed.
>
> I'm using the -disable-relay-test.  Right now the -disable-turn breaks
> things even though setting "auto" with no turn server and
> -disable-relay-test does nothing except complain "TURN: no public
> addresses".  Also mDNS keeps getting turned on which I haven't looked
> at.  I need to fix -disable-turn or remove it.
>
> I'm not sending the diffs yet.  First I would like to know if this is
> something that is wanted/needed by galene.  Once that is decided it
> might be best to send diffs as a github pull request.
>
> Curtis
> _______________________________________________
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org

-- 
IPv6 is the future, the future is here
http://ipv6hawaii.org/