hugusmaximus
commented
10 months ago I would add the option of hard coding config at compile time...?
Open hannesm opened 10 months ago
hugusmaximus
commented
10 months ago I would add the option of hard coding config at compile time...?
hannesm
commented
10 months ago I would add the option of hard coding config at compile time...?
That's an interesting suggestion, but as said in https://github.com/robur-coop/tlstunnel/issues/13#issuecomment-1896619162 it would be a different unikernel (that is way simpler (since it wouldn't need any management interface and block device for storing the configuration), but would be a custom build for every user (and thus be against the reproducible builds - delaying configuration to runtime)).
There's a
clientcommand-line utility to configure and view the configuration of the tlstunnel -- but this is pretty hard to use (it requires an OCaml program to be executed on the internal network). The connection is authenticated (this is good).Can we get towards an alternative? Options include:
For being future-proof and with few dependencies on deployment, I currently prefer the ssh endpoint. This would also allow scripted updates (
ssh <remote> add <domain> <ip> <port>-- which could as well be originated from a potential DHCP server that has these credentials). WDYT?