Separating admin and client portals

[NomadCF]

We've tried a few different ways of writing the sftpgo.json in an effort to separate the admin vs. client web front ends. Does anyone have any working examples where they have differentiated the client and admin by either binding each to their own ports or by binding them to the same port with different "allow" IP rules?

Ideally, we'd like to restrict access to the admin port to specific IP addresses, while allowing the client to be accessible from anywhere.

[lohr-abis]

Hey we are using it that way:

SFTPGO_HTTPD__BINDINGS__0__PORT: 8080
SFTPGO_HTTPD__BINDINGS__0__ENABLE_WEB_ADMIN: "false"
SFTPGO_HTTPD__BINDINGS__1__PORT: 8081
SFTPGO_HTTPD__BINDINGS__1__ENABLE_WEB_ADMIN: "true"
SFTPGO_HTTPD__BINDINGS__1__ENABLE_WEB_CLIENT: "false"

We don't restrict IP addresses, but it should be possible to use the security feature on each binding separately.