Oddbean new post about | logout
 I guess the main downside of the cert thing is that browsers do not allow ws:// connections in a https context :/

Did i mention i hate the web 
 i highly recommend the use of wireguard, reverse proxies and letsencrypt (i have a nice one https://mleku.dev/git/lerproxy - the R is in the name as i intend to eventually add URL rewriting to it, but haven't wrapped my head around it yet)

if you have never used wireguard yet, today's a good day to play with it

i used to wish it was easier to do SSH tunnels for years and then somehow i finally was persuaded to look at wireguard and i've never looked back

they use better encryption than SSL/TLS too, using chacha20 Curve25519 ECDH, Blake2S hash/MAC, Siphash24 for hash tables and HKDF

https://www.wireguard.com/protocol/ 
 https://en.wikipedia.org/wiki/WebSocket

yes... you have to expose always http/s and then "upgrade" to tcp based websockets

this is only a limitation to bend everyone into the cage that web devs are stuck inside

i pray to God one day that there will be no more web browsers, only native apps