Cedric Staub

+1, let's reduce configuration to a minimum and just use sane defaults whenever possible.

I suppose the easiest solution would be to run all the UI endpoints on an entirely different port, and then have a separate dropwizard config for it.

If you're using a CRL file, wouldn't you just be able to concatenate the CRLs together? It's just a series of PEM blocks after all.

That's not currently possible, though we could add this for DNS names since globbing/wildcards is a known concept there. Also, DNS names can't contain `*` today so it'd be non-ambiguous....

Also, as far as CLI argument length limits go, you can also put flags into a config file and load it with `ghostunnel @file`, it's a feature in the argument...

Hm, yeah, that's entirely possible. We're already using * as a glob for URI SANs though so having another character might be unintuitive. Maybe a prefix or separate flag, like...

Thank you for the contribution @mhrabovcin! How does this interact with the existing --connect-proxy flag? Could this same env var be used for an HTTP(S) CONNECT proxy as well? If...

There's some prior art here, [Squarespace/ghostunnel](https://github.com/Squarespace/ghostunnel) is a fork of ghostunnel that adds functionality for exposing a [read-only memcache instance](https://github.com/Squarespace/ghostunnel/commit/f3d7126e4219b3a4478c7abef23db2dcfc38aba8). I could see adding this via a plugin architecture, i.e....

Having a plugin architecture would also allow for doing neat things like logging request and response data for debugging purposes. And thanks to [https://golang.org/pkg/plugin/](pkg/plugin), third-party/custom plugins would be possible too.

Thank you @MarcosDY!