glm-5.1
346754fb2b
Introduce [[listeners]] configuration to support both dedicated-IP (1 IP = 1 cert = 1 domain) and shared-IP (SAN certificate) deployment models. Each listener is an independent TLS endpoint with its own bind address, TLS config, and site routing. OQ-07 is now resolved. Changes: - Add ADR-019 for multi-config listener support - Update config format from [server] to [[listeners]] entries - Update tls.md for per-listener TLS and certificate provisioning - Update overview.md architecture diagram and scope - Update proxy.md for per-listener HTTP redirect - Fix stale references in ADR-010, ADR-011, ADR-016 - Update OQ-05 resolution (per-listener bind_addr supersedes) - Add unique-host rationale to config validation rules - Architecture review: fix all 3 critical and 6 warning issues
3.3 KiB
3.3 KiB
status, last_updated
| status | last_updated |
|---|---|
| draft | 2026-06-11 |
Open Questions
TLS
OQ-01: Should cipher suites be restricted beyond rustls defaults?
- Origin: tls.md
- Status: resolved
- Priority: medium
- Resolution: Restrict cipher suites to match the nginx scope: four ECDHE-AES-GCM suites for TLS 1.2 plus all TLS 1.3 suites. This provides behavioral parity during migration. See ADR-012.
- Cross-references: ADR-005, ADR-012
OQ-02: What log format should fail2ban consume?
- Origin: operations.md, proxy.md
- Status: resolved
- Priority: high
- Resolution: Custom structured log format with
key=valuepairs andRATE_LIMITprefix. A corresponding custom fail2ban filter will be provided. See ADR-007. - Cross-references: ADR-007
OQ-07: Should per-site TLS overrides be supported for mixed ACME/manual domains?
- Origin: tls.md, config.md
- Status: resolved
- Priority: low
- Resolution: Resolved by introducing
[[listeners]]configuration. Each listener is an independent TLS endpoint with its own bind address, TLS config, and site routing. This supports both deployment models: (1) shared-IP multi-domain (one listener, SAN certificate, SNI routing) and (2) dedicated-IP single-domain (multiple listeners, each with its own IP/cert/domain). Mixed ACME/manual configurations are naturally supported since each listener has its own TLS mode. See ADR-019. - Cross-references: ADR-011, ADR-019
Logging and Monitoring
OQ-03: Should the health check endpoint be on a separate port?
- Origin: operations.md
- Status: resolved
- Priority: low
- Resolution: Add a configurable local health check port (default: 9900)
bound to
127.0.0.1only. Health checks work even when TLS is misconfigured. The main HTTPS/healthendpoint remains available as a fallback. See ADR-013. - Cross-references: ADR-013
Configuration
OQ-04: Should config reload support a Unix domain socket API in addition to SIGHUP?
- Origin: config.md
- Status: resolved
- Priority: low
- Resolution: Yes. Add a Unix domain socket admin API alongside SIGHUP.
The socket accepts a
reloadcommand and returns structured success/failure responses. SIGHUP is retained as a fallback. See ADR-014. - Cross-references: ADR-014
Deployment
OQ-05: Should the proxy bind to multiple addresses or just one?
- Origin: overview.md
- Status: resolved
- Priority: low
- Resolution: A single
bind_addrper listener entry is sufficient. ADR-019 introduced[[listeners]], where each listener has its ownbind_addr. This supports multiple bind addresses in a single process — one per listener — without needing an array of addresses on a single listener. See ADR-016 and ADR-019. - Cross-references: ADR-016, ADR-019
Proxy
OQ-06: Should upstream timeouts be configurable per-site?
- Origin: proxy.md
- Status: resolved
- Priority: low
- Resolution: Yes. Per-site upstream timeouts with sensible defaults (5s connect, 60s request). Optional fields in SiteConfig that override global defaults when specified. See ADR-015.
- Cross-references: ADR-015, ADR-017