On Jan 24, 2012, at 5:20 PM, Alan M. Carroll wrote: > I am just tweaking TS-1077 now, it's functionally complete. I have pasted in > a write up I have for this patch, as it's a big one.
This looks like a really nice improvement! > Any additional commenting or testing would be appreciated. Igor, if you could > let me let me know if the "External" section suffices for the admin docs... > > TS-1077 Changes > > External: > > The primary purpose is to improve the configuration of HTTP proxy > ports. The previous configuration required the use of multiple interelated > values in the configuration file with different semantics and syntax. The new > style uses a single value > > proxy.config.http.server_ports > > to configure all HTTP ports, including SSL ports. The previous style is still > supported to ease the transition but it is now deprecated and is likely to be > removed at the next major release. Is use of the deprecated options logged noisily? > > Ports are configured using _port descriptors_. The value for server_ports is > a space or comma separated list of these descriptors. Each descriptor is a > sequence of colon seperated keywords some of which may also have a value. The > value can directly follow the keyword or be separated by '=' for reading > convenience. The format was selected to be backwards compatible so that old > style specifications should continue to work. > > The port is a special case. Any numeric value in a descriptor is > presumed to be the port value (host order). A port value *must* be provided > in every descriptor. > > Keywords and values are case insensitive. Keywords are applied in left to > right order. Therefore the order is irrelevant in the absences of conflicts. > > - ipv4 > Bind the port to IPv4. > - ipv6 > Bind the port to IPv6 > - tr-in > Make the port inbound transparent. > - tr-out > Make the port outbound transparent. > - tr-full > Make the port inbound and outbound transparent. This is identical to > "tr-in:tr-out" and is provided for convenience. > - ssl > Make the port a terminated SSL connection. > - blind > Make the port a blind tunnel. > - compressed > Make the tunnel compressed. > - ip-in= > Bind the inbound (listening) port to the specified address. The address must > be enclosed in brackets '[]' if it is an IPv6 address. Brackets are optional > for IPv4 addresses. If this address is supplied the ipv4 and ipv6 options are > redundant but if present must agree with this value. Did you consider allowing an optional address on the ipvX options? > - ip-out= > Bind this local address for outbound connections to origin servers. The > address is specified as with ip-in. To specify both an IPv4 and IPv6 address > for outbound connections use this keyword twice, once for each family. The > address used for a specific connection is determined by the address family of > the origin server. It is an error to specify more than one outbound address > per family. This keyword has no relationship with the ipv4 and ipv6 keywords. > This option will override (disable) outbound transparency (tr-out, tr-full) > regardless of the keyword ordering. I'm not sure I understand the use case for this. Could you clarify how you expect this to be used? J
