In an ideal world anyone would be able to host their software. Unfortunately, with IPv4 address exhaustion and limited adoption of IPv6 infrastructure this is not a reality we live in.
One way to address the issue would be to host software in public cloud. This, however, means paying for the infrastructure, and, exposing encryption keys (assuming there is TLS involved) to the public cloud.
If you would like to keep your keys to yourself and minimize the infrastructure bills, another way to address the issue would be to deploy TCP load balancer in public cloud and use SNI to chose downstream service.
Mermaid code under spoiler
sequenceDiagram
participant C as Client
participant P as SNI Proxy
participant D as DNS Server
participant S as downstream.service.com
note over D, S: Downstream service is <br/> reachable via IPv6 (native or mesh)
C->>P: TLS(GET downstream.service.com)
P->>P: Read SNI
P->>D: AAAA record for downstream.service.com
D->>P: [2001:dead::beef]
P->>S: This is for you
S->>P: Encrypted response
P->>C: Forward bytes to Client
Package comes with nix flake and support for cross-platform docker images:
- Get nix
nix run .
to compile and runnix build .
to build an artifact for the current systemnix build .#image
to build docker image for current system. Import image into docker withdocker load < result
nix build .#aarch64-image
to build docker image foraarch64
architecturenix build .#x86_64-image
to build docker image forx86_64
architecture
- Get rust
- Build with
cargo build --release -p ormos
. - Take a look at
sample_config.yml
, punch in values relevant for your use-case
- Run
cargo doc --open