Damien Miller

I really do like Golang being "batteries included".

It took only a few hours to write a moderately featureful TLS-terminating reverse HTTP proxy that used nothing outside the built-in libraries.

The only compromise was using JSON for the configuration file. I would have preferred textproto…

Oct 21 at 8:42amWeb
Show threadDamien MillerOct 21
The proxy does PQ key agreement by default (MLKEM768X25519) and I'm not concerned about supply-chain risk as I would be if I had to navigate a bunch of third-party packages
Show threadAmandaOct 21
@damienmiller that’s really cool. What are you using to do TLS?
Show threadDamien MillerOct 21
@amanda yeah, it's in front of some http servers
Show threadDamien MillerOct 21
@amanda err misread your question - just the standard Go crypto/tls library
Show threadAmandaOct 21
@damienmiller Nice, that's very batteries included. Do you know if it's all native Go or if it links to platform backend libraries?
Show threadDamien MillerOct 21
@amanda AFAIK it's all pure go. I think the crypto stuff used to link to system libcrypto but no longer does. @filippo would probably know for sure
Show threadFilippo ValsordaOct 22
@damienmiller @amanda always been pure Go! The original libraries were written by Adam Langley before Go 1.
Show threadAmandaOct 22

@filippo @damienmiller cool! This stands out to me as someone used to the Rust ecosystem, which is much less batteries included and, crucially, often has terrible dynamic linking issues with platform-dependent SSL libraries in particular.

In general I’m very impressed with Go’s ability to produce binaries that run wherever.

Show threadDamien MillerOct 21
A few people asked for it, so I posted it at https://github.com/djmdjm/reverse-proxy
GitHub - djmdjm/reverse-proxy: Simple, low-dependency Golang reverse proxy

Simple, low-dependency Golang reverse proxy. Contribute to djmdjm/reverse-proxy development by creating an account on GitHub.

GitHub
Show threadSindarina, Edge Case DetectiveOct 21
@damienmiller If you don't mind, could you share what your specific needs are? I am curious why you chose to write your own, instead of using something like Caddy? Is it the lack of third-party dependencies? PQ support?
Show threadDamien MillerOct 22
@sindarina Yeah, I didn't want a project of dependencies, I just wanted something minimal
Show threadPxl PhileOct 21
@damienmiller nice, the first thing I thought about was really Golang's reverse proxy functionality because of cursed knowledge and experience 😁
Show threadAlpine TocsinsOct 21
@damienmiller could have been worse, you could have used XML ... or even ASN.1
Show threadMorten LinderudOct 21

@nonspecialist @damienmiller

The asn1 support in Go is surprisingly decent. You would preferably reach for the new cryptobytes API though.

Show threadknowmercyOct 21
@damienmiller I built something similar a long time ago. I measured it against nginx and it broke in a slightly better fashion when things got congested. I seem to remember it performing better too, but it's been so long this could all be made up.
Show threadPaul SomeoneElseOct 21
Yeah golang is great for making servers with all the decent built in stuff.
I used TOML when I did a lot of go.
My first server-ish thing in go was a udp packet proxying thing so
I could play my first person shooter and the server would not know
where I was by IP address. It was too easy with the built in stuff.

For web stuff go is great too. I do fastcgi and put it behind httpd/relayd.
(If you get to choose your OS :P)