Closed ties closed 1 year ago
The usual setup is that Krill listens on IPv4 localhost only, and a proxy server is used in front of it. The proxy server can do IPv4 and IPv6, proper HTTPS (eg with a Letsencrypt certificate, good ciphers and all that) - it can also limit access based on other needs - e.g. source IP addresses.
Point is.. while this can be added to Krill I would like to understand the urgency given the proxy option.
As far as I can tell, but I might be mistaken.. the hyper
server used by Krill can only bind to one address.
I have made an issue asking for a feature or clarification: https://github.com/hyperium/hyper/issues/3009
This said, I still think that letting Krill listen on IPv4 localhost only and using a proxy for any public IP addresses is best practice.
I do agree that a reserve proxy is the preferred setup. However in some situations it may be good to listen on either multiple addresses or dual stack.
As a krill user, I want to be able to configure krill to listen on multiple addresses (IPv4+IPv6) to prevent issues with dual-stack hostnames and some clients (happy eyeballs) working and others not (embedded http clients) when running on a dual-stack host