Announcing FOKS, the Federated Open Key Service | The FOKS Blog




i love the craft of software;
i loathe the software industry.
agpl3+ forever but not an rms fan.
pronouns | xe/xem/xyr |
:tilde: web | https://tilde.town/~pho4cexa |
pronouns | xe/xem/xyr |
:tilde: web | https://tilde.town/~pho4cexa |
Announcing FOKS, the Federated Open Key Service | The FOKS Blog
possible workarounds:
đ¤ turn and stun are mechanisms to help ipv4 clients behind nats talk to each other directly, or failing that, proxy their traffic to each other
nats are pretty much only for ipv4 clients. if they have an ipv6 address is probably isn't nat'd
so it probably doesn't make sense to imagine how to run a stun/turn server on an ipv6-only vm
the appropriate place for it to live is probably alongside the sniproxy doing ip4->ip6 reverse proxying
but with this figured out, i now have an ipv6 vm that can still serve up its websites to people stuck on ipv4-only networks! without paying for an ipv4 address allocation! đĨŗ
next, to see if a prosody xmpp server and a coturn turn/stun server will work just as happily as the webserver does within this setup
today i learned that if you are reverse-proxying :80 and :443 with PROXY protocol to a caddy set up like this...
{
servers {
listener_wrappers {
proxy_protocol {
allow ...
}
tls
}
}
}
then, in addition to your https site definitions, you also have to toss this line in there to make proxy_protocol apply to the automatic http->https redirect that caddy sets up
:80 { }
https://caddyserver.com/docs/caddyfile/options#:~:text=unless%20you%20explicitly%20declare
i don't know how wrong that analysis is, that's just my takeaway from attempting to research the subject with one hand clutching my temples to keep my brains in
i went with utm for now, 2gb download will finish in another 2 hours or so
so if you're stuck on a m2 mac and you want to just pop open a linux vm to do your work comfortably, there are a few avenues