From 11e2a97b66af4e7b1cc11722e7e4d81018f95697 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com>
Date: Thu, 12 Jan 2023 17:10:23 +0100
Subject: [PATCH] rapid-cdn: Explain issues with low port methods

---
 software/rapid-cdn/README.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/software/rapid-cdn/README.rst b/software/rapid-cdn/README.rst
index 14ba0f69b..db776423c 100644
--- a/software/rapid-cdn/README.rst
+++ b/software/rapid-cdn/README.rst
@@ -347,6 +347,12 @@ Additionally in order to access the server by itself such entries are needed in
   ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to ${listening_ipv6}:4443
   ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to ${listening_ipv6}:8080
 
+**Note regarding ports**:
+
+ * the port seen by application in case of IPv4 will be "correct" - the ``443`` or ``80``
+ * the port seen by application in case of IPv6 will be "incorrect" - the ``4443`` or ``8080``
+
+
 Solution 2 (network capability)
 -------------------------------
 
@@ -359,6 +365,10 @@ Then specify in the master instance parameters:
  * set ``port`` to ``443``
  * set ``plain_http_port`` to ``80``
 
+**Note regarding securitry**:
+
+ * such configuration results with all partitions being able to bind to low ports using this binary
+
 Authentication to the backend
 =============================
 
-- 
2.30.9