16 posts in categories infrastructure

• rust
• dns
• dnssec
• hickory-dns
• networking
• privacy
• tls
• prometheus

How to run Hickory DNS as a full recursive resolver starting from the root zone, with DNSSEC validation, TLS-encrypted upstream connections, Happy Eyeballs, and Prometheus metrics — including all configuration options added in the recurser-from-root-zone branch.

• rust
• kubernetes
• logging
• containers
• devops
• filebeat
• openshift

vigil-log-relay streams logs from Kubernetes pods, HTTP endpoints, or Unix sockets and forwards them as ndjson to any TCP-capable log collector. No DaemonSet, no node-level access, no filesystem mounts — just a single binary with a namespace-scoped ServiceAccount.

• rust
• containers
• devops
• init
• supervisor

vigil-rs is a PID 1 / container init daemon written in Rust. It supervises multiple processes, runs health checks, fires HTTP(S) alerts on state transitions, and exposes a REST API over a Unix socket with native zombie-reaping and per-service stop signals.

• tls
• SNI
• proxy
• rust
• networking
• http-connect
• layer4

How tls-proxy-tunnel (tpt) uses SNI peeking to tunnel TLS connections through corporate HTTP CONNECT proxies without ever terminating TLS — layer 4, zero config on the client side.

• go
• caddy
• webserver
• kubernetes
• openshift

How I built caddyv2-upload, a native file upload handler for Caddy v2 written in Go — the problem it solves, and how it works.

• haproxy
• tls
• ssl
• sni
• openshift
• podman
• kubernetes

Learn how HAProxy container uses TLS Server Name Indication (SNI) to route encrypted TCP connections without decrypting them — enabling multiple services like Nextcloud and XMPP to share port 443.