Post · bonfire.cafe

Post

@kopper@not-brain.d.on-t.work · last week

this is shaping up well enough that i think i can can Post about it now:

working on an activitypub-aware reverse proxy to handle http signatures/authorized fetch (and, in the future, caching, though that's not there yet) on your behalf. primarily intended to absorb the load of large federation bursts for the underlying software, but also frees you from having to reimplement http signature validation yourself

supports both rsa-sha256 and ed25519 over the cavage draft. handles multiple keys per actor. will handle blind key rotations whenever i get around to it. may add support for the the new http signature rfc if there's a Reasonable library available

i have a few more things in mind but i need to finish the basics first

#activityPub #fediDevs

kopper :colon_three:

@kopper@not-brain.d.on-t.work replied · last week

i expect this to be ran under another reverse proxy to handle TLS (and websocket connections, I have no idea how to proxy those). i hope the overhead will be relatively minimal (i'm trying my best, but having to de/reserialize HTTP at another layer will add some unavoidable overhead). the goal here is to make easier-to-write languages viable for the actual "business logic" of a software without needing to worry about choking under large boosts

julian

@julian@activitypub.space replied · last week

Re: this is shaping up well enough that i think i can can Post about it now:working on an activitypub-aware reverse proxy to handle http signatures/authorized fetch (and, in the future, caching, though that's not there yet) on your behalf.

@kopper@not-brain.d.on-t.work ohhh very interesting!

julian

@julian@activitypub.space replied · last week

@kopper@not-brain.d.on-t.work I'm sure you know this but this is how Anubis works too. It expects a reverse proxy in front, does its own magic, and proxies through to your app backend.

It was fairly trivial (well, as trivial as nginx config wrangling can get) to only send GETs to Anubis while passing the rest around.

Likely you would recommend something similar, by filtering via Accept header..... or something.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.22 no JS en

Automatic federation enabled