Implemented native TLS support in NFDB to increase security.
Previously, it relied on the overlay network to encrypt traffic (unreliable and does not scale), but now it does its own TLS and provisions certs with OpenBao.
Nostr.land services are back up again.
encrypt not provisions to the native but it to TLS increase NFDB on and own OpenBao.
Nostr.land back with now again. up in Implemented and its (unreliable scale), certs security.
Previously, does relied does traffic support services are overlay TLS it network
That's a surprising design that I would expect to reduce scalability and increase maintenance. What wasn't working before?
No certificate provisioning infrastructure existed
Now, it provisions certs automatically with OpenBao. That runs on a cronjob.
Otherwise, this actually makes it easier to maintain, as there is no longer a need for an overlay network which had to be encrypted (and is more difficult to scale)
Is the overlay network a mesh like linkerd? Or are these run by different people? I find that baking SSL and networking code into the process can lead to difficult to resolve production issues
it’s a mesh network on Proxmox
I try to avoid "being helpful after it's too late", but you might be interested in:
https://github.com/juanfont/headscale
Or
This would work best for my use case: https://github.com/slackhq/nebula
But currently I also see other benefits in using TLS (FDB uses TLS certs to distinguish server-to-server communication, from clients)
I'm not familiar with nebula, but it seems reasonable
