DoH advertisement in reverse proxy setup

[RHBH]

Prerequisites

• I have checked the Wiki and Discussions and found no answer

• I have searched other issues and found no duplicates

• I want to request a feature or enhancement and not ask a question

I'd like to propose a change in the behavior of the HTTPS port based on the user setting.

Current behavior

AGH will advertise it's DoH server with the server name, alongside the HTTPS port and "/dns-query" suffix. Setting the HTTPS port to 0 disable DoH advertisement.

Desired behavior

Enabling unecrypted DoH disable AGH from listening on HTTPS port, while keeping it's behavior of advertising it's DoH server in the HTTPS from config file.

Reason

This will allow users to set the HTTPS port as any port already in use and properly advertise DoH service in reverse proxy environments, which usually have port 443 already in use.

I've seen Windows (and probably most software) trying to connect to DoH servers at port 443 automatically (when they are advertised) while ignoring servers at unconventional ports.

This is an improvement over the "allow_unencrypted_doh" setting, which is useful in reverse proxy setups.

Alternatives considered and additional information

Creating multiple IPs to the host machine, setting different services to listen on different IPs but on the same port.

This technically works, but it is not an ideal solution due the increased complexity of the network stacking.

[timkgh]

We also really need separate settings for the admin interface over https vs DoH settings #7598

[RHBH]

In this scenario your dashboard would be the uncrecrypted port, which is okay as you can limit listening to localhost and force all access through the reverse proxy.