TLS #25
Comments
|
A small data point: At work, we've been pushing folks to use and out-of-process proxy (very similar to Envoy) that handles TLS termination. That system handles a lot of complexity for people. It might be worth telling folks using Tide to heavily consider not handling TLS themselves and instead outsource it to a system like Linkerd, Envoy, or their cloud provider's hosted load balencer. |
|
The Other options for TLS would include:
|
|
Interestingly, while I agree that deployment usually works well through terminating/offloading proxies, TLS support during development is an incredibly nice thing to have, catching many errors on https deployments early. |
I don't really see why this direction has to be taken. While it is a common practise in edge services, I don't see why Tide has to be deployed with another proxy just for TLS in simplified infrastructures, where a side car pattern is not desired. While I don't see Tide being deployed on the edge any time soon, I do think Tide without a sidecar pattern in infrastructures that desire secure internal communication is a highly valid use case and should be supported from the beginning. |
|
@Darkspirit we should probably provide support for TLS out of the box though; but async-tls definitely seems like the right starting point! |
|
Note from triage: we now have https://github.com/http-rs/tide-rustls! -- we want to build a native version of this as well, so that we can compare both and then move them into Tide proper. edit: this would become a lot simpler if we can merge |
|
After more conversation: the integration with tide will likely be a re-export of the |
Add support for TLS.
The text was updated successfully, but these errors were encountered: