@push.rocks/smartproxy 15.0.2 → 16.0.3

package/ts/proxies/smart-proxy/smart-proxy.ts

@@ -3,11 +3,10 @@ import * as plugins from '../../plugins.js';
 // Importing required components
 import { ConnectionManager } from './connection-manager.js';
 import { SecurityManager } from './security-manager.js';
-import { DomainConfigManager } from './domain-config-manager.js';
 import { TlsManager } from './tls-manager.js';
 import { NetworkProxyBridge } from './network-proxy-bridge.js';
 import { TimeoutManager } from './timeout-manager.js';
-import { PortRangeManager } from './port-range-manager.js';
+import { PortManager } from './port-manager.js';
 import { RouteManager } from './route-manager.js';
 import { RouteConnectionHandler } from './route-connection-handler.js';
 
@@ -19,31 +18,39 @@ import { buildPort80Handler } from '../../certificate/acme/acme-factory.js';
 import { createPort80HandlerOptions } from '../../common/port80-adapter.js';
 
 // Import types and utilities
-import type { 
-  ISmartProxyOptions, 
-  IRoutedSmartProxyOptions,
-  IDomainConfig
+import type {
+  ISmartProxyOptions,
+  IRoutedSmartProxyOptions
 } from './models/interfaces.js';
 import { isRoutedOptions, isLegacyOptions } from './models/interfaces.js';
 import type { IRouteConfig } from './models/route-types.js';
 
 /**
- * SmartProxy - Unified route-based API
+ * SmartProxy - Pure route-based API
+ *
+ * SmartProxy is a unified proxy system that works with routes to define connection handling behavior.
+ * Each route contains matching criteria (ports, domains, etc.) and an action to take (forward, redirect, block).
+ *
+ * Configuration is provided through a set of routes, with each route defining:
+ * - What to match (ports, domains, paths, client IPs)
+ * - What to do with matching traffic (forward, redirect, block)
+ * - How to handle TLS (passthrough, terminate, terminate-and-reencrypt)
+ * - Security settings (IP restrictions, connection limits)
+ * - Advanced options (timeout, headers, etc.)
  */
 export class SmartProxy extends plugins.EventEmitter {
-  private netServers: plugins.net.Server[] = [];
+  // Port manager handles dynamic listener management
+  private portManager: PortManager;
   private connectionLogger: NodeJS.Timeout | null = null;
   private isShuttingDown: boolean = false;
   
   // Component managers
   private connectionManager: ConnectionManager;
   private securityManager: SecurityManager;
-  private domainConfigManager: DomainConfigManager;
   private tlsManager: TlsManager;
   private networkProxyBridge: NetworkProxyBridge;
   private timeoutManager: TimeoutManager;
-  private portRangeManager: PortRangeManager;
-  private routeManager: RouteManager;
+  public routeManager: RouteManager; // Made public for route management
   private routeConnectionHandler: RouteConnectionHandler;
   
   // Port80Handler for ACME certificate management
@@ -52,7 +59,35 @@ export class SmartProxy extends plugins.EventEmitter {
   private certProvisioner?: CertProvisioner;
   
   /**
-   * Constructor that supports both legacy and route-based configuration
+   * Constructor for SmartProxy
+   *
+   * @param settingsArg Configuration options containing routes and other settings
+   * Routes define how traffic is matched and handled, with each route having:
+   * - match: criteria for matching traffic (ports, domains, paths, IPs)
+   * - action: what to do with matched traffic (forward, redirect, block)
+   *
+   * Example:
+   * ```ts
+   * const proxy = new SmartProxy({
+   *   routes: [
+   *     {
+   *       match: {
+   *         ports: 443,
+   *         domains: ['example.com', '*.example.com']
+   *       },
+   *       action: {
+   *         type: 'forward',
+   *         target: { host: '10.0.0.1', port: 8443 },
+   *         tls: { mode: 'passthrough' }
+   *       }
+   *     }
+   *   ],
+   *   defaults: {
+   *     target: { host: 'localhost', port: 8080 },
+   *     security: { allowedIps: ['*'] }
+   *   }
+   * });
+   * ```
    */
   constructor(settingsArg: ISmartProxyOptions) {
     super();
@@ -98,9 +133,9 @@ export class SmartProxy extends plugins.EventEmitter {
         autoRenew: true,
         certificateStore: './certs',
         skipConfiguredCerts: false,
-        httpsRedirectPort: this.settings.fromPort || 443,
+        httpsRedirectPort: 443,
         renewCheckIntervalHours: 24,
-        domainForwards: []
+        routeForwards: []
       };
     }
     
@@ -113,18 +148,9 @@ export class SmartProxy extends plugins.EventEmitter {
       this.timeoutManager
     );
     
-    // Create the new route manager first
+    // Create the route manager
     this.routeManager = new RouteManager(this.settings);
 
-    // Create domain config manager and port range manager
-    this.domainConfigManager = new DomainConfigManager(this.settings);
-
-    // Share the route manager with the domain config manager
-    if (typeof this.domainConfigManager.setRouteManager === 'function') {
-      this.domainConfigManager.setRouteManager(this.routeManager);
-    }
-
-    this.portRangeManager = new PortRangeManager(this.settings);
     
     // Create other required components
     this.tlsManager = new TlsManager(this.settings);
@@ -135,12 +161,14 @@ export class SmartProxy extends plugins.EventEmitter {
       this.settings,
       this.connectionManager,
       this.securityManager,
-      this.domainConfigManager,
       this.tlsManager,
       this.networkProxyBridge,
       this.timeoutManager,
       this.routeManager
     );
+
+    // Initialize port manager
+    this.portManager = new PortManager(this.settings, this.routeConnectionHandler);
   }
   
   /**
@@ -162,7 +190,7 @@ export class SmartProxy extends plugins.EventEmitter {
       // Build and start the Port80Handler
       this.port80Handler = buildPort80Handler({
         ...config,
-        httpsRedirectPort: config.httpsRedirectPort || (isLegacyOptions(this.settings) ? this.settings.fromPort : 443)
+        httpsRedirectPort: config.httpsRedirectPort || 443
       });
       
       // Share Port80Handler with NetworkProxyBridge before start
@@ -184,17 +212,7 @@ export class SmartProxy extends plugins.EventEmitter {
       return;
     }
 
-    // Initialize domain config based on configuration type
-    if (isLegacyOptions(this.settings)) {
-      // Initialize domain config manager with the legacy domain configs
-      this.domainConfigManager.updateDomainConfigs(this.settings.domainConfigs || []);
-    } else if (isRoutedOptions(this.settings)) {
-      // For pure route-based configuration, the domain config is already initialized
-      // in the constructor, but we might need to regenerate it
-      if (typeof this.domainConfigManager.generateDomainConfigsFromRoutes === 'function') {
-        this.domainConfigManager.generateDomainConfigsFromRoutes();
-      }
-    }
+    // Pure route-based configuration - no domain configs needed
 
     // Initialize Port80Handler if enabled
     await this.initializePort80Handler();
@@ -203,80 +221,22 @@ export class SmartProxy extends plugins.EventEmitter {
     if (this.port80Handler) {
       const acme = this.settings.acme!;
 
-      // Setup domain forwards based on configuration type
-      const domainForwards = acme.domainForwards?.map(f => {
-        if (isLegacyOptions(this.settings)) {
-          // If using legacy mode, check if domain config exists
-          const domainConfig = this.settings.domainConfigs.find(
-            dc => dc.domains.some(d => d === f.domain)
-          );
-
-          if (domainConfig?.forwarding) {
-            return {
-              domain: f.domain,
-              forwardConfig: f.forwardConfig,
-              acmeForwardConfig: f.acmeForwardConfig,
-              sslRedirect: f.sslRedirect || domainConfig.forwarding.http?.redirectToHttps || false
-            };
-          }
-        } else {
-          // In route mode, look for matching route
-          const route = this.routeManager.findMatchingRoute({
-            port: 443,
-            domain: f.domain,
-            clientIp: '127.0.0.1' // Dummy IP for finding routes
-          })?.route;
-
-          if (route && route.action.type === 'forward' && route.action.tls) {
-            // If we found a matching route with TLS settings
-            return {
-              domain: f.domain,
-              forwardConfig: f.forwardConfig,
-              acmeForwardConfig: f.acmeForwardConfig,
-              sslRedirect: f.sslRedirect || false
-            };
-          }
-        }
-
-        // Otherwise use the existing configuration
-        return {
-          domain: f.domain,
-          forwardConfig: f.forwardConfig,
-          acmeForwardConfig: f.acmeForwardConfig,
-          sslRedirect: f.sslRedirect || false
-        };
-      }) || [];
+      // Setup route forwards
+      const routeForwards = acme.routeForwards?.map(f => f) || [];
 
       // Create CertProvisioner with appropriate parameters
-      if (isLegacyOptions(this.settings)) {
-        this.certProvisioner = new CertProvisioner(
-          this.settings.domainConfigs,
-          this.port80Handler,
-          this.networkProxyBridge,
-          this.settings.certProvisionFunction,
-          acme.renewThresholdDays!,
-          acme.renewCheckIntervalHours!,
-          acme.autoRenew!,
-          domainForwards
-        );
-      } else {
-        // For route-based configuration, we need to adapt the interface
-        // Convert routes to domain configs for CertProvisioner
-        const domainConfigs: IDomainConfig[] = this.extractDomainConfigsFromRoutes(
-          (this.settings as IRoutedSmartProxyOptions).routes
-        );
-
-        this.certProvisioner = new CertProvisioner(
-          domainConfigs,
-          this.port80Handler,
-          this.networkProxyBridge,
-          this.settings.certProvisionFunction,
-          acme.renewThresholdDays!,
-          acme.renewCheckIntervalHours!,
-          acme.autoRenew!,
-          domainForwards
-        );
-      }
+      // No longer need to support multiple configuration types
+      // Just pass the routes directly
+      this.certProvisioner = new CertProvisioner(
+        this.settings.routes,
+        this.port80Handler,
+        this.networkProxyBridge,
+        this.settings.certProvisionFunction,
+        acme.renewThresholdDays!,
+        acme.renewCheckIntervalHours!,
+        acme.autoRenew!,
+        routeForwards
+      );
 
       // Register certificate event handler
       this.certProvisioner.on('certificate', (certData) => {
@@ -312,35 +272,8 @@ export class SmartProxy extends plugins.EventEmitter {
     // Get listening ports from RouteManager
     const listeningPorts = this.routeManager.getListeningPorts();
 
-    // Create servers for each port
-    for (const port of listeningPorts) {
-      const server = plugins.net.createServer((socket) => {
-        // Check if shutting down
-        if (this.isShuttingDown) {
-          socket.end();
-          socket.destroy();
-          return;
-        }
-        
-        // Delegate to route connection handler
-        this.routeConnectionHandler.handleConnection(socket);
-      }).on('error', (err: Error) => {
-        console.log(`Server Error on port ${port}: ${err.message}`);
-      });
-      
-      server.listen(port, () => {
-        const isNetworkProxyPort = this.settings.useNetworkProxy?.includes(port);
-        console.log(
-          `SmartProxy -> OK: Now listening on port ${port}${
-            isLegacyOptions(this.settings) && this.settings.sniEnabled && !isNetworkProxyPort ? 
-              ' (SNI passthrough enabled)' : 
-              ''
-          }${isNetworkProxyPort ? ' (NetworkProxy forwarding enabled)' : ''}`
-        );
-      });
-      
-      this.netServers.push(server);
-    }
+    // Start port listeners using the PortManager
+    await this.portManager.addPorts(listeningPorts);
 
     // Set up periodic connection logging and inactivity checks
     this.connectionLogger = setInterval(() => {
@@ -416,60 +349,9 @@ export class SmartProxy extends plugins.EventEmitter {
   
   /**
    * Extract domain configurations from routes for certificate provisioning
+   *
+   * Note: This method has been removed as we now work directly with routes
    */
-  private extractDomainConfigsFromRoutes(routes: IRouteConfig[]): IDomainConfig[] {
-    const domainConfigs: IDomainConfig[] = [];
-    
-    for (const route of routes) {
-      // Skip routes without domain specs
-      if (!route.match.domains) continue;
-      
-      // Skip non-forward routes
-      if (route.action.type !== 'forward') continue;
-      
-      // Only process routes that need TLS termination (those with certificates)
-      if (!route.action.tls || 
-          route.action.tls.mode === 'passthrough' || 
-          !route.action.target) continue;
-      
-      const domains = Array.isArray(route.match.domains) 
-        ? route.match.domains 
-        : [route.match.domains];
-      
-      // Determine forwarding type based on TLS mode
-      const forwardingType = route.action.tls.mode === 'terminate' 
-        ? 'https-terminate-to-http' 
-        : 'https-terminate-to-https';
-      
-      // Create a forwarding config
-      const forwarding = {
-        type: forwardingType as any,
-        target: {
-          host: Array.isArray(route.action.target.host) 
-            ? route.action.target.host[0] 
-            : route.action.target.host,
-          port: route.action.target.port
-        },
-        // Add TLS settings
-        https: {
-          customCert: route.action.tls.certificate !== 'auto' 
-            ? route.action.tls.certificate 
-            : undefined
-        },
-        // Add security settings if present
-        security: route.action.security,
-        // Add advanced settings if present
-        advanced: route.action.advanced
-      };
-      
-      domainConfigs.push({
-        domains,
-        forwarding
-      });
-    }
-    
-    return domainConfigs;
-  }
   
   /**
    * Stop the proxy server
@@ -477,6 +359,7 @@ export class SmartProxy extends plugins.EventEmitter {
   public async stop() {
     console.log('SmartProxy shutting down...');
     this.isShuttingDown = true;
+    this.portManager.setShuttingDown(true);
     
     // Stop CertProvisioner if active
     if (this.certProvisioner) {
@@ -495,31 +378,14 @@ export class SmartProxy extends plugins.EventEmitter {
       }
     }
 
-    // Stop accepting new connections
-    const closeServerPromises: Promise<void>[] = this.netServers.map(
-      (server) =>
-        new Promise<void>((resolve) => {
-          if (!server.listening) {
-            resolve();
-            return;
-          }
-          server.close((err) => {
-            if (err) {
-              console.log(`Error closing server: ${err.message}`);
-            }
-            resolve();
-          });
-        })
-    );
-
     // Stop the connection logger
     if (this.connectionLogger) {
       clearInterval(this.connectionLogger);
       this.connectionLogger = null;
     }
 
-    // Wait for servers to close
-    await Promise.all(closeServerPromises);
+    // Stop all port listeners
+    await this.portManager.closeAll();
     console.log('All servers closed. Cleaning up active connections...');
 
     // Clean up all active connections
@@ -528,195 +394,130 @@ export class SmartProxy extends plugins.EventEmitter {
     // Stop NetworkProxy
     await this.networkProxyBridge.stop();
 
-    // Clear all servers
-    this.netServers = [];
 
     console.log('SmartProxy shutdown complete.');
   }
   
   /**
-   * Updates the domain configurations for the proxy (legacy support)
+   * Updates the domain configurations for the proxy
+   *
+   * Note: This legacy method has been removed. Use updateRoutes instead.
    */
-  public async updateDomainConfigs(newDomainConfigs: IDomainConfig[]): Promise<void> {
-    console.log(`Updating domain configurations (${newDomainConfigs.length} configs)`);
+  public async updateDomainConfigs(): Promise<void> {
+    console.warn('Method updateDomainConfigs() is deprecated. Use updateRoutes() instead.');
+    throw new Error('updateDomainConfigs() is deprecated - use updateRoutes() instead');
+  }
+  
+  /**
+   * Update routes with new configuration
+   *
+   * This method replaces the current route configuration with the provided routes.
+   * It also provisions certificates for routes that require TLS termination and have
+   * `certificate: 'auto'` set in their TLS configuration.
+   *
+   * @param newRoutes Array of route configurations to use
+   *
+   * Example:
+   * ```ts
+   * proxy.updateRoutes([
+   *   {
+   *     match: { ports: 443, domains: 'secure.example.com' },
+   *     action: {
+   *       type: 'forward',
+   *       target: { host: '10.0.0.1', port: 8443 },
+   *       tls: { mode: 'terminate', certificate: 'auto' }
+   *     }
+   *   }
+   * ]);
+   * ```
+   */
+  public async updateRoutes(newRoutes: IRouteConfig[]): Promise<void> {
+    console.log(`Updating routes (${newRoutes.length} routes)`);
+
+    // Update routes in RouteManager
+    this.routeManager.updateRoutes(newRoutes);
 
-    // Update domain configs in DomainConfigManager (legacy)
-    this.domainConfigManager.updateDomainConfigs(newDomainConfigs);
+    // Get the new set of required ports
+    const requiredPorts = this.routeManager.getListeningPorts();
 
-    // Also update the RouteManager with these domain configs
-    this.routeManager.updateFromDomainConfigs(newDomainConfigs);
+    // Update port listeners to match the new configuration
+    await this.portManager.updatePorts(requiredPorts);
 
     // If NetworkProxy is initialized, resync the configurations
     if (this.networkProxyBridge.getNetworkProxy()) {
-      await this.networkProxyBridge.syncDomainConfigsToNetworkProxy();
+      await this.networkProxyBridge.syncRoutesToNetworkProxy(newRoutes);
     }
 
-    // If Port80Handler is running, provision certificates based on forwarding type
+    // If Port80Handler is running, provision certificates based on routes
     if (this.port80Handler && this.settings.acme?.enabled) {
-      for (const domainConfig of newDomainConfigs) {
-        // Skip certificate provisioning for http-only or passthrough configs that don't need certs
-        const forwardingType = this.domainConfigManager.getForwardingType(domainConfig);
-        const needsCertificate =
-          forwardingType === 'https-terminate-to-http' ||
-          forwardingType === 'https-terminate-to-https';
-
-        // Skip certificate provisioning if ACME is explicitly disabled for this domain
-        const acmeDisabled = domainConfig.forwarding.acme?.enabled === false;
-
-        if (!needsCertificate || acmeDisabled) {
-          if (this.settings.enableDetailedLogging) {
-            console.log(`Skipping certificate provisioning for ${domainConfig.domains.join(', ')} (${forwardingType})`);
-          }
-          continue;
-        }
+      // Register all eligible domains from routes
+      this.port80Handler.addDomainsFromRoutes(newRoutes);
 
-        for (const domain of domainConfig.domains) {
-          const isWildcard = domain.includes('*');
-          let provision: string | plugins.tsclass.network.ICert = 'http01';
+      // Handle static certificates from certProvisionFunction if available
+      if (this.settings.certProvisionFunction) {
+        for (const route of newRoutes) {
+          // Skip routes without domains
+          if (!route.match.domains) continue;
 
-          // Check for ACME forwarding configuration in the domain
-          const forwardAcmeChallenges = domainConfig.forwarding.acme?.forwardChallenges;
+          // Skip non-forward routes
+          if (route.action.type !== 'forward') continue;
 
-          if (this.settings.certProvisionFunction) {
-            try {
-              provision = await this.settings.certProvisionFunction(domain);
-            } catch (err) {
-              console.log(`certProvider error for ${domain}: ${err}`);
-            }
-          } else if (isWildcard) {
-            console.warn(`Skipping wildcard domain without certProvisionFunction: ${domain}`);
-            continue;
-          }
+          // Skip routes without TLS termination
+          if (!route.action.tls ||
+              route.action.tls.mode === 'passthrough' ||
+              !route.action.target) continue;
 
-          if (provision === 'http01') {
-            if (isWildcard) {
-              console.warn(`Skipping HTTP-01 for wildcard domain: ${domain}`);
-              continue;
-            }
+          // Skip certificate provisioning if certificate is not auto
+          if (route.action.tls.certificate !== 'auto') continue;
 
-            // Create Port80Handler options from the forwarding configuration
-            const port80Config = createPort80HandlerOptions(domain, domainConfig.forwarding);
+          const domains = Array.isArray(route.match.domains)
+            ? route.match.domains
+            : [route.match.domains];
 
-            this.port80Handler.addDomain(port80Config);
-            console.log(`Registered domain ${domain} with Port80Handler for HTTP-01`);
-          } else {
-            // Static certificate (e.g., DNS-01 provisioned) supports wildcards
-            const certObj = provision as plugins.tsclass.network.ICert;
-            const certData: ICertificateData = {
-              domain: certObj.domainName,
-              certificate: certObj.publicKey,
-              privateKey: certObj.privateKey,
-              expiryDate: new Date(certObj.validUntil)
-            };
-            this.networkProxyBridge.applyExternalCertificate(certData);
-            console.log(`Applied static certificate for ${domain} from certProvider`);
-          }
-        }
-      }
-      console.log('Provisioned certificates for new domains');
-    }
-  }
-  
-  /**
-   * Update routes with new configuration (new API)
-   */
-  public async updateRoutes(newRoutes: IRouteConfig[]): Promise<void> {
-    console.log(`Updating routes (${newRoutes.length} routes)`);
-    
-    // Update routes in RouteManager
-    this.routeManager.updateRoutes(newRoutes);
-    
-    // If NetworkProxy is initialized, resync the configurations
-    if (this.networkProxyBridge.getNetworkProxy()) {
-      // Create equivalent domain configs for NetworkProxy
-      const domainConfigs = this.extractDomainConfigsFromRoutes(newRoutes);
-      
-      // Update domain configs in DomainConfigManager for sync
-      this.domainConfigManager.updateDomainConfigs(domainConfigs);
-      
-      // Sync with NetworkProxy
-      await this.networkProxyBridge.syncDomainConfigsToNetworkProxy();
-    }
-    
-    // If Port80Handler is running, provision certificates based on routes
-    if (this.port80Handler && this.settings.acme?.enabled) {
-      for (const route of newRoutes) {
-        // Skip routes without domains
-        if (!route.match.domains) continue;
-        
-        // Skip non-forward routes
-        if (route.action.type !== 'forward') continue;
-        
-        // Skip routes without TLS termination
-        if (!route.action.tls || 
-            route.action.tls.mode === 'passthrough' || 
-            !route.action.target) continue;
-        
-        // Skip certificate provisioning if certificate is not auto
-        if (route.action.tls.certificate !== 'auto') continue;
-        
-        const domains = Array.isArray(route.match.domains) 
-          ? route.match.domains 
-          : [route.match.domains];
-        
-        for (const domain of domains) {
-          const isWildcard = domain.includes('*');
-          let provision: string | plugins.tsclass.network.ICert = 'http01';
-          
-          if (this.settings.certProvisionFunction) {
+          for (const domain of domains) {
             try {
-              provision = await this.settings.certProvisionFunction(domain);
+              const provision = await this.settings.certProvisionFunction(domain);
+
+              // Skip http01 as those are handled by Port80Handler
+              if (provision !== 'http01') {
+                // Handle static certificate (e.g., DNS-01 provisioned)
+                const certObj = provision as plugins.tsclass.network.ICert;
+                const certData: ICertificateData = {
+                  domain: certObj.domainName,
+                  certificate: certObj.publicKey,
+                  privateKey: certObj.privateKey,
+                  expiryDate: new Date(certObj.validUntil),
+                  routeReference: {
+                    routeName: route.name
+                  }
+                };
+                this.networkProxyBridge.applyExternalCertificate(certData);
+                console.log(`Applied static certificate for ${domain} from certProvider`);
+              }
             } catch (err) {
               console.log(`certProvider error for ${domain}: ${err}`);
             }
-          } else if (isWildcard) {
-            console.warn(`Skipping wildcard domain without certProvisionFunction: ${domain}`);
-            continue;
-          }
-          
-          if (provision === 'http01') {
-            if (isWildcard) {
-              console.warn(`Skipping HTTP-01 for wildcard domain: ${domain}`);
-              continue;
-            }
-            
-            // Register domain with Port80Handler
-            this.port80Handler.addDomain({
-              domainName: domain,
-              sslRedirect: true,
-              acmeMaintenance: true
-            });
-            
-            console.log(`Registered domain ${domain} with Port80Handler for HTTP-01`);
-          } else {
-            // Handle static certificate (e.g., DNS-01 provisioned)
-            const certObj = provision as plugins.tsclass.network.ICert;
-            const certData: ICertificateData = {
-              domain: certObj.domainName,
-              certificate: certObj.publicKey,
-              privateKey: certObj.privateKey,
-              expiryDate: new Date(certObj.validUntil)
-            };
-            this.networkProxyBridge.applyExternalCertificate(certData);
-            console.log(`Applied static certificate for ${domain} from certProvider`);
           }
         }
       }
-      
+
       console.log('Provisioned certificates for new routes');
     }
   }
   
   /**
    * Request a certificate for a specific domain
+   *
+   * @param domain The domain to request a certificate for
+   * @param routeName Optional route name to associate with the certificate
    */
-  public async requestCertificate(domain: string): Promise<boolean> {
+  public async requestCertificate(domain: string, routeName?: string): Promise<boolean> {
     // Validate domain format
     if (!this.isValidDomain(domain)) {
       console.log(`Invalid domain format: ${domain}`);
       return false;
     }
-    
+
     // Use Port80Handler if available
     if (this.port80Handler) {
       try {
@@ -726,15 +527,16 @@ export class SmartProxy extends plugins.EventEmitter {
           console.log(`Certificate already exists for ${domain}, valid until ${cert.expiryDate.toISOString()}`);
           return true;
         }
-        
+
         // Register domain for certificate issuance
         this.port80Handler.addDomain({
-          domainName: domain,
+          domain,
           sslRedirect: true,
-          acmeMaintenance: true
+          acmeMaintenance: true,
+          routeReference: routeName ? { routeName } : undefined
         });
-        
-        console.log(`Domain ${domain} registered for certificate issuance`);
+
+        console.log(`Domain ${domain} registered for certificate issuance` + (routeName ? ` for route '${routeName}'` : ''));
         return true;
       } catch (err) {
         console.log(`Error registering domain with Port80Handler: ${err}`);
@@ -771,6 +573,41 @@ export class SmartProxy extends plugins.EventEmitter {
     return true;
   }
   
+  /**
+   * Add a new listening port without changing the route configuration
+   *
+   * This allows you to add a port listener without updating routes.
+   * Useful for preparing to listen on a port before adding routes for it.
+   *
+   * @param port The port to start listening on
+   * @returns Promise that resolves when the port is listening
+   */
+  public async addListeningPort(port: number): Promise<void> {
+    return this.portManager.addPort(port);
+  }
+
+  /**
+   * Stop listening on a specific port without changing the route configuration
+   *
+   * This allows you to stop a port listener without updating routes.
+   * Useful for temporary maintenance or port changes.
+   *
+   * @param port The port to stop listening on
+   * @returns Promise that resolves when the port is closed
+   */
+  public async removeListeningPort(port: number): Promise<void> {
+    return this.portManager.removePort(port);
+  }
+
+  /**
+   * Get a list of all ports currently being listened on
+   *
+   * @returns Array of port numbers
+   */
+  public getListeningPorts(): number[] {
+    return this.portManager.getListeningPorts();
+  }
+
   /**
    * Get statistics about current connections
    */
@@ -800,7 +637,9 @@ export class SmartProxy extends plugins.EventEmitter {
       terminationStats,
       acmeEnabled: !!this.port80Handler,
       port80HandlerPort: this.port80Handler ? this.settings.acme?.port : null,
-      routes: this.routeManager.getListeningPorts().length
+      routes: this.routeManager.getListeningPorts().length,
+      listeningPorts: this.portManager.getListeningPorts(),
+      activePorts: this.portManager.getListeningPorts().length
     };
   }
   
@@ -834,17 +673,7 @@ export class SmartProxy extends plugins.EventEmitter {
       domains.push(...eligibleDomains);
     }
     
-    // For legacy mode, also get domains from domain configs
-    if (isLegacyOptions(this.settings)) {
-      for (const config of this.settings.domainConfigs) {
-        // Skip domains that can't be used with ACME
-        const eligibleDomains = config.domains.filter(domain => 
-          !domain.includes('*') && this.isValidDomain(domain)
-        );
-        
-        domains.push(...eligibleDomains);
-      }
-    }
+    // Legacy mode is no longer supported
     
     return domains;
   }