On Sat, Sep 24, 2022 at 06:03:51PM +0200, Songbo Wang wrote:
> Hi Colin, thanks for your reply.
>
> On 9/23/22 17:41, Colin Booth wrote:
> > a super light
> > weight http proxy
>
> Yes, that seems the ideal solution, which may not even exist.
>
> The multiple IP solution is less ideal for me, because n interfaces = n
> tcpserver4ds. I would no longer be able to bind to 0.0.0.0 and call it a
> day. I guess one can get around this by a firewall redirecting the traffic,
> but that adds another layer of complexity... It would be nice if
> s6-tcpserver supports binding to multiples addresses.
>
Thinking about this more, a proxy or multiple addresses are the rigth
approach. The reason for this is that you have to think of the
superserver (s6-tcpserver in this case) as part of the service. If you
are going to stick to your design goal of different backends for each
site then even if you split on SNI those backends are welded together at
the server (and by extension the supervised service). My suggestion then
is that at least for testing you stand up a proxy in front of them, put
the different sites on their own ports, and then route back using Host
header matches.
>
> (BTW, it seems that apart from the special 0.0.0.0/::, we cannot bind to
> multiple addresses by a single syscall?)
That's a limitation of bind() which only accepts one address. There are
a few other special addresses but none of them include a discrete set of
addresses.
--
Colin Booth
Received on Mon Sep 26 2022 - 19:00:21 CEST