Tekromancer on Nostr: Here's what changed: We've always used TLS connections between the various #FRZ ...
Here's what changed:
We've always used TLS connections between the various #FRZ servers, but they were over the open Internet (with tight firewall rules to allowlist each other).
Now we have VPNs between the servers, and use plaintext connections between their private IP address. (Plaintext because TLS connections add latency at startup and we're already strongly encrypted with the VPN.) Now there are no public-facing open ports at all.
We've always used TLS connections between the various #FRZ servers, but they were over the open Internet (with tight firewall rules to allowlist each other).
Now we have VPNs between the servers, and use plaintext connections between their private IP address. (Plaintext because TLS connections add latency at startup and we're already strongly encrypted with the VPN.) Now there are no public-facing open ports at all.