Change SecureTelnetLocalPort to support multiple ports

MorquinDevlar · MorquinDevlar · commit b67b066de3a5 · 2025-08-12T13:32:56.000+02:00
- Changed SecureTelnetLocalPort from single ConfigInt to ConfigSliceString
- Now supports multiple secure local ports: [9998, 9997]
- Updated connection detection to check all ports in the slice
- Allows multiple TLS proxies to forward to different local ports
- Consistent with SecureTelnetPort being a slice
diff --git a/_datafiles/config.yaml b/_datafiles/config.yaml
@@ -390,11 +390,12 @@ Network:
   #   Set to [0] to disable display.
   SecureTelnetPort: [0]
   # - SecureTelnetLocalPort -
-  #   Internal port where TLS proxy forwards secure connections (localhost only).
-  #   Game server binds to this port to receive forwarded TLS connections.
-  #   Example: 9998 if stunnel4 forwards to localhost:9998
-  #   Set to 0 to disable.
-  SecureTelnetLocalPort: 0
+  #   Internal ports where TLS proxy forwards secure connections (localhost only).
+  #   Game server binds to these ports to receive forwarded TLS connections.
+  #   Example: [9998] if stunnel4 forwards to localhost:9998
+  #   Multiple ports supported: [9998, 9997] for multiple TLS proxies
+  #   Set to [0] to disable.
+  SecureTelnetLocalPort: [0]
   # - LocalPort -
   #   A port that can only be accessed via localhost, but will not limit based on connection count
   LocalPort: 9999
diff --git a/internal/configs/config.network.go b/internal/configs/config.network.go
@@ -4,7 +4,7 @@ type Network struct {
 	MaxTelnetConnections  ConfigInt         `yaml:"MaxTelnetConnections"`  // Maximum number of telnet connections to accept
 	TelnetPort            ConfigSliceString `yaml:"TelnetPort"`            // One or more Ports used to accept telnet connections
 	SecureTelnetPort      ConfigSliceString `yaml:"SecureTelnetPort"`      // Display-only: external ports where users connect via TLS
-	SecureTelnetLocalPort ConfigInt         `yaml:"SecureTelnetLocalPort"` // Internal port where TLS proxy forwards to (localhost only)
+	SecureTelnetLocalPort ConfigSliceString `yaml:"SecureTelnetLocalPort"` // Internal ports where TLS proxy forwards to (localhost only)
 	LocalPort             ConfigInt         `yaml:"LocalPort"`             // Port used for admin connections, localhost only
 	HttpPort              ConfigInt         `yaml:"HttpPort"`              // Port used for web requests
 	HttpsPort             ConfigInt         `yaml:"HttpsPort"`             // Port used for web https requests
diff --git a/internal/users/userrecord.go b/internal/users/userrecord.go
@@ -625,15 +625,19 @@ func (u *UserRecord) GetOnlineInfo() OnlineInfo {
 	if connections.IsWebsocket(u.connectionId) {
 		connectionType = "Web"
 	} else {
-		// Check if connected through the secure telnet local port (where TLS proxy forwards)
+		// Check if connected through a secure telnet local port (where TLS proxy forwards)
 		port := connections.GetConnectionPort(u.connectionId)
 		networkConfig := configs.GetNetworkConfig()
 		
 		// Debug logging
-		mudlog.Debug("Connection type check", "connectionId", u.connectionId, "port", port, "secureLocalPort", networkConfig.SecureTelnetLocalPort)
+		mudlog.Debug("Connection type check", "connectionId", u.connectionId, "port", port, "secureLocalPorts", networkConfig.SecureTelnetLocalPort)
 		
-		if networkConfig.SecureTelnetLocalPort > 0 && port == int(networkConfig.SecureTelnetLocalPort) {
-			connectionType = "TLS"
+		for _, securePortStr := range networkConfig.SecureTelnetLocalPort {
+			securePort, _ := strconv.Atoi(securePortStr)
+			if securePort > 0 && port == securePort {
+				connectionType = "TLS"
+				break
+			}
 		}
 	}
 
diff --git a/main.go b/main.go
@@ -271,11 +271,13 @@ func main() {
 		TelnetListenOnPort(`127.0.0.1`, int(c.Network.LocalPort), &wg, 0)
 	}
 
-	// Secure telnet local port - where TLS proxy forwards to
-	if c.Network.SecureTelnetLocalPort > 0 {
-		mudlog.Info("Telnet", "stage", "Listening on secure local port (localhost only)", "port", c.Network.SecureTelnetLocalPort)
-		// Same as LocalPort - localhost only, no connection limit
-		TelnetListenOnPort(`127.0.0.1`, int(c.Network.SecureTelnetLocalPort), &wg, 0)
+	// Secure telnet local ports - where TLS proxy forwards to
+	for _, port := range c.Network.SecureTelnetLocalPort {
+		if p, err := strconv.Atoi(port); err == nil && p > 0 {
+			mudlog.Info("Telnet", "stage", "Listening on secure local port (localhost only)", "port", p)
+			// Same as LocalPort - localhost only, no connection limit
+			TelnetListenOnPort(`127.0.0.1`, p, &wg, 0)
+		}
 	}
 
 	go worldManager.InputWorker(workerShutdownChan, &wg)
