Cedric Staub
Cedric Staub
Merged the GitHub actions stuff, so now Ghostunnel can compile natively on macOS. The next problem is that GH actions doesn't have Big Sur VMs yet, and Catalina doesn't support...
I was planning on releasing a new version once I can get the macOS keychain identities to work with TLS 1.3, see #335.
TIL, that's actually super neat. I did not know this was possible. We should document that maybe, it could be useful for others.
I've previously tried to implement this in ghostunnel but decided to can it as a feature because it makes the codebase much more complicated and more prone to bugs. This...
I have a pull request that should fix this. It's not all upstream, fixing it up here (among other things): https://github.com/ghostunnel/ghostunnel/pull/368
Should work now on latest master. Give it a try?
Agree, `SO_REUSEPORT` solves most of this. Unfortunately on Linux it's possible for a connection to be dropped even with `SO_REUSEPORT` because the accept queues are distinct for each process. See...
Some useful links I found on this topic: https://github.com/torvalds/linux/blob/master/tools/testing/selftests/net/reuseport_bpf.c https://www.haproxy.com/blog/truly-seamless-reloads-with-haproxy-no-more-hacks/
Yeah, in-process reloading would avoid this and probably what we'll end up doing I guess. Though I really like the (theoretical) simplicity of reloading the entire process, that way there...
This is possible on the main branch now with OPA policies: https://github.com/ghostunnel/ghostunnel/blob/master/docs/ACCESS-FLAGS.md