[Galene] Galene and multiple IP listeners (was Re: galene on IPv6 only)

Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed

* [Galene] Galene and multiple IP listeners (was Re: galene on IPv6 only)
       [not found] <cmu-lmtpd-61847-1774139454-0@mda62.andover.occnc.com>
@ 2026-03-24  3:41 ` Curtis Villamizar
  2026-03-25 19:33   ` [Galene] " Craig Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Curtis Villamizar @ 2026-03-24  3:41 UTC (permalink / raw)
  To: Curtis Villamizar; +Cc: Juliusz Chroboczek, galene

replying to myself ... again

I changed the subject but kept the In-reply-to for the benefit of
mailing lists software threads tracking.

This is a separate but closely related topic.

I made some changes that affect the command line.  I added some bool
flags: -help, -dryrun, -expandwildcard.  I changed -http but kept
compatibilty with existing use.  The argument is now a comma or space
separated list.  I also changed -insecure a bit but kept compatibilty
with existing use.  Using -insecure changes a default.

The main change is to allow multiple listeners to be attached to the
http instance.  Some can use http such as on port 80.  Some can use
https such as on port 443.

Before sending patches I would like to know if there is agreement on
the objective.  One objective, multiple addresses, is indirectly
described by the -help that was added.

    -cpuprofile file
          store CPU profile in file
    -data directory
          data directory (default "./data/")
 +  -disable-relay-test
          disable the relay test
 +  -disable-turn
          disable TURN (if true overrides -turn)
 +  -dryrun
          log messages and exit
 +  -expandwildcard
          expand a wildcard entry to the list of interface addresses
    -groups directory
          group description directory (default "./groups/")
 +  -help
          print help message and exit
    -http address
 *       space or comma separately list of web server address (default ":8443")
    -insecure
          act as an HTTP server rather than HTTPS
    -mdns
          gather mDNS addresses
    -memprofile file
          store memory profile in file
    -mutexprofile file
          store mutex profile in file
    -recordings directory
          recordings directory (default "./recordings/")
    -relay-only
          require use of TURN relays for all media traffic
    -static directory
          web server root directory (default "./static/")
    -turn address
          built-in TURN server address ("" to disable) (default "auto")
    -udp-range port
          UDP port (multiplexing) or port1-port2 (range)

  Addreses are of the following formats:
    [<address>]:<port>[=(secure|insecure)

  If address is omited either a wildcard or all of the interface
  addresses will be used.  Port must be a port number or well known
  port name.  Addresses can be a host name and all DNS addresses
  (all DNS A records and AAAA records) will be used.  An Address can
  be IPv4 dotted quad format.  An Address can also be IPv6 format
  inside '[' amd ']'.  An equal sign ('=') followed by either 'i',
  'insecure', 's', or 'secure' determines whether TLS is used.
  The -insecure flags changes the default from secure to insecure.

  Examples:
    0.0.0.0:80=i,[::]:443=s         no TLS on port 80, TLS on 443
    :http=insecure,:https=secure    same thing said differently
    myhost.example.com:443          lookup DNS addresses and use
    [2001:db8::1]:443               use an example IPv6 on port 443
    127.0.0.1:443,[::1]:443         run on IPv4 and IPv6 loopback
    :443                            default TLS use on 443 aka https

  Any amoount of white space or commas can be used to separate
  entries in the list of addresses, but shell escaping or quotes
  will be needed on linux/*ix/*bsd command lines.

  An alternate to the -http argument is to list the addresses on
  the command line.  Both can be used.  Duplicates are removed.
  Multiple http listenners may be created.  A good way to see
  how the address list is expanded is to use -dryrun.

The blurb following the flags.Output() dump is also part of the -help
output.

After flags were parsed additional arguments were ignored.  Making the
Address variable an AddressList the following lines were different.

    galene [other args] -http ":80=i :443=s"
    galene [other args] -http :80=i :443=s

In the second case the :443=s was silently ignored.  Making any
trailing arguments additions to AddressList so the above two produce
the same result.

The next two have an unexpected addition because the default to -http
is currently :8443.

    galene [other args] :80=i :443=s
    galene [other args] ":80=i :443=s"

In both cases the result is :8443=s :80=i :443=s, where :8443 takes
the default of https (no -insecure used).

That could be fixed by making the default for -http an empty string
and then processing trailing args and then if AddressList is empty
substituting ":8443".  I think that is the best solution as it doesn't
change existing use.  The default is just added in a different place.

The -expandwildcard changes the way something like :443 is expanded.
Normally it is expanded to "tcp4 :443 secure" plus "tcp6 :443 secure"
for a dual stack host so go net library does two wildcard listen, one
each for tcp4 and tcp6.  If the host only has IPv4 or IPv6 addresses
but not both it only does one listen.  With -expandwildcard the
wildcard (the missing address) is expanded to the set of interface
addresses, including loopback.  So three addresses and two protocol
families yields six instances of listener.

Similarly if you give it a host name it does a DNS lookup and produces
a list of addresses, some IPv4 and some IPv6.  It uses tcp4 for the
IPv4 and tcp6 for the IPv6.  It doesn't matter whether there is one IP
address or a dozen, just not zero.  For more than one address, more
than on listener is needed.

I'm using the -disable-relay-test.  Right now the -disable-turn breaks
things even though setting "auto" with no turn server and
-disable-relay-test does nothing except complain "TURN: no public
addresses".  Also mDNS keeps getting turned on which I haven't looked
at.  I need to fix -disable-turn or remove it.

I'm not sending the diffs yet.  First I would like to know if this is
something that is wanted/needed by galene.  Once that is decided it
might be best to send diffs as a github pull request.

Curtis

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Galene] Re: Galene and multiple IP listeners (was Re: galene on IPv6 only)
  2026-03-24  3:41 ` [Galene] Galene and multiple IP listeners (was Re: galene on IPv6 only) Curtis Villamizar
@ 2026-03-25 19:33   ` Craig Miller
  0 siblings, 0 replies; 2+ messages in thread
From: Craig Miller @ 2026-03-25 19:33 UTC (permalink / raw)
  To: galene

Hi Curtis,

Wow, those are some nice improvements. I am especially interested in the 
update to the '-http' supporting multiple addresses. I could then add an 
IPv6 address just for Galene, and have it listen to just that address.

I already have nginx doing something similar with multiple webservers 
listening on individual IPv6 addresses.

Craig...

On 3/23/26 20:41, Curtis Villamizar wrote:
> replying to myself ... again
>
> I changed the subject but kept the In-reply-to for the benefit of
> mailing lists software threads tracking.
>
> This is a separate but closely related topic.
>
> I made some changes that affect the command line.  I added some bool
> flags: -help, -dryrun, -expandwildcard.  I changed -http but kept
> compatibilty with existing use.  The argument is now a comma or space
> separated list.  I also changed -insecure a bit but kept compatibilty
> with existing use.  Using -insecure changes a default.
>
> The main change is to allow multiple listeners to be attached to the
> http instance.  Some can use http such as on port 80.  Some can use
> https such as on port 443.
>
> Before sending patches I would like to know if there is agreement on
> the objective.  One objective, multiple addresses, is indirectly
> described by the -help that was added.
>
>      -cpuprofile file
>            store CPU profile in file
>      -data directory
>            data directory (default "./data/")
>   +  -disable-relay-test
>            disable the relay test
>   +  -disable-turn
>            disable TURN (if true overrides -turn)
>   +  -dryrun
>            log messages and exit
>   +  -expandwildcard
>            expand a wildcard entry to the list of interface addresses
>      -groups directory
>            group description directory (default "./groups/")
>   +  -help
>            print help message and exit
>      -http address
>   *       space or comma separately list of web server address (default ":8443")
>      -insecure
>            act as an HTTP server rather than HTTPS
>      -mdns
>            gather mDNS addresses
>      -memprofile file
>            store memory profile in file
>      -mutexprofile file
>            store mutex profile in file
>      -recordings directory
>            recordings directory (default "./recordings/")
>      -relay-only
>            require use of TURN relays for all media traffic
>      -static directory
>            web server root directory (default "./static/")
>      -turn address
>            built-in TURN server address ("" to disable) (default "auto")
>      -udp-range port
>            UDP port (multiplexing) or port1-port2 (range)
>
>    Addreses are of the following formats:
>      [<address>]:<port>[=(secure|insecure)
>
>    If address is omited either a wildcard or all of the interface
>    addresses will be used.  Port must be a port number or well known
>    port name.  Addresses can be a host name and all DNS addresses
>    (all DNS A records and AAAA records) will be used.  An Address can
>    be IPv4 dotted quad format.  An Address can also be IPv6 format
>    inside '[' amd ']'.  An equal sign ('=') followed by either 'i',
>    'insecure', 's', or 'secure' determines whether TLS is used.
>    The -insecure flags changes the default from secure to insecure.
>
>    Examples:
>      0.0.0.0:80=i,[::]:443=s         no TLS on port 80, TLS on 443
>      :http=insecure,:https=secure    same thing said differently
>      myhost.example.com:443          lookup DNS addresses and use
>      [2001:db8::1]:443               use an example IPv6 on port 443
>      127.0.0.1:443,[::1]:443         run on IPv4 and IPv6 loopback
>      :443                            default TLS use on 443 aka https
>
>    Any amoount of white space or commas can be used to separate
>    entries in the list of addresses, but shell escaping or quotes
>    will be needed on linux/*ix/*bsd command lines.
>
>    An alternate to the -http argument is to list the addresses on
>    the command line.  Both can be used.  Duplicates are removed.
>    Multiple http listenners may be created.  A good way to see
>    how the address list is expanded is to use -dryrun.
>
> The blurb following the flags.Output() dump is also part of the -help
> output.
>
> After flags were parsed additional arguments were ignored.  Making the
> Address variable an AddressList the following lines were different.
>
>      galene [other args] -http ":80=i :443=s"
>      galene [other args] -http :80=i :443=s
>
> In the second case the :443=s was silently ignored.  Making any
> trailing arguments additions to AddressList so the above two produce
> the same result.
>
> The next two have an unexpected addition because the default to -http
> is currently :8443.
>
>      galene [other args] :80=i :443=s
>      galene [other args] ":80=i :443=s"
>
> In both cases the result is :8443=s :80=i :443=s, where :8443 takes
> the default of https (no -insecure used).
>
> That could be fixed by making the default for -http an empty string
> and then processing trailing args and then if AddressList is empty
> substituting ":8443".  I think that is the best solution as it doesn't
> change existing use.  The default is just added in a different place.
>
> The -expandwildcard changes the way something like :443 is expanded.
> Normally it is expanded to "tcp4 :443 secure" plus "tcp6 :443 secure"
> for a dual stack host so go net library does two wildcard listen, one
> each for tcp4 and tcp6.  If the host only has IPv4 or IPv6 addresses
> but not both it only does one listen.  With -expandwildcard the
> wildcard (the missing address) is expanded to the set of interface
> addresses, including loopback.  So three addresses and two protocol
> families yields six instances of listener.
>
> Similarly if you give it a host name it does a DNS lookup and produces
> a list of addresses, some IPv4 and some IPv6.  It uses tcp4 for the
> IPv4 and tcp6 for the IPv6.  It doesn't matter whether there is one IP
> address or a dozen, just not zero.  For more than one address, more
> than on listener is needed.
>
> I'm using the -disable-relay-test.  Right now the -disable-turn breaks
> things even though setting "auto" with no turn server and
> -disable-relay-test does nothing except complain "TURN: no public
> addresses".  Also mDNS keeps getting turned on which I haven't looked
> at.  I need to fix -disable-turn or remove it.
>
> I'm not sending the diffs yet.  First I would like to know if this is
> something that is wanted/needed by galene.  Once that is decided it
> might be best to send diffs as a github pull request.
>
> Curtis
> _______________________________________________
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org

-- 
IPv6 is the future, the future is here
http://ipv6hawaii.org/


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-25 19:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <cmu-lmtpd-61847-1774139454-0@mda62.andover.occnc.com>
2026-03-24  3:41 ` [Galene] Galene and multiple IP listeners (was Re: galene on IPv6 only) Curtis Villamizar
2026-03-25 19:33   ` [Galene] " Craig Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox