because all that is is no more than 50 lines of code. it's so easy that nothing else makes much more sense. Go's standard library has all you need to run networking services from the get go. you really do not need these things. Go with nginx, haproxy and similar things if you need every last bit of performance, but otherwise, you can just write your on in no time. Not only that, you can tailor-made it to suit whatever use case you have and that knowledge will only make you more productive in the future.

I hate the OSI model too, but a 240-page book with 137 references? To complain that a model from the 80s isn't the right fit 40 years later? This isn't a paper, it's a rant.

^ This.

Before seeing this here, I went down a rabbit hole on why-anyone-cares about the OSI model, especially as a descriptor for their golang project. It seems to be just a classification that one person found useful, and people treat like an interesting thing.

Separately, we need more deprogrammers in the world.

THANK YOU! I have never understood everybody’s fascination with the OSI’s approximative model, but I could never rationalize why. Great read!

In my opinion "application layer" and "transport layer" would be better terms than L7 and L4.

Yes, IMHO calling it a Layer 7 proxy it quite misleading. I was expecting something closer to an ALG.

QUIC has TLS built into it, and also (http) streams, and a few other such goodies (say, masque - tunneling). It definitely "fills the hole" between L4..L7. Or smashes the layers, if you prefer.

And then there is wireguard which does IP over UDP over IP.

Which layer is layer 3 here?

Now add a language translation layer with X.75 :)

LLMs are quite capable at generating such overviews. mutable.ai generated one for a project I co-develop, and it was pretty neat for a v1 (they are on a much improved v2 now): https://mutable.ai/celzero/firestack

In my experience those specific sets of constraints come sooner or later. Someone is going to ask for some complex auth or routing rules and it’s easier to just write it in go than it is to learn a whole new DSL or lua to implement it.

We had a specific use case that was needed urgently which we couldn't get working with any of the standard systems, so we used Go. Works very well. It is sometimes simply a matter of time; we needed it before the morning (for a launch) and in discord/reddit people were providing solutions with haproxy, nginx, traefik etc that should work according to the docs but just didn't.

I can absolutely assure you that building a fast and secure gateway is not as hard as you seem to be implying. This is, again, based on my real world experience.

Until you want your gateway to handle some complex auth or routing rules and don’t want to learn a whole new programming language to implement that.

Two sides of the same coin!

Use something that solves 1000 use cases of which yours is one. Some would say that's simplicity while others would say that's complexity. When it breaks do you know why? Can you fix it properly or are just layering band-aid on a bigger problem inside the component.

Or... build something that solves exactly your use-case but probably doesn't handle the other 1000 use-cases and needs to be put through trial-by-fire to fix all the little edge-cases you forgot about?

Early in my career I opted for #1 but nowadays I generally reach for #2 and really try to nail the core problem I'm tackling and work around the gotchas I encounter.

HA Proxy already exists and will do both. You can even redirect Layer 4 HTTP/HTTPS Ports to another reverse proxy server if you want to get inception levels of crazy.

FWIW, it doesn't handle your use case of Layer 4, but for the people at Layer 7, another option is good ol' Apache: it is so flexible and extensible it is almost a problem, people tend to not know it long ago went event-oriented with mpm_event, and it supports ACME internally (as a module, but a first-party module that is seamlessly integrated). (I do appreciate, though, that it is critically NOT written in a memory safe language, lol, but neither is nginx.)

> Competition is good for everyone!

Definitely!

But see how in your project the very first paragraph explains why it exists, and what it does differently. This is what I think is missing from Dito. It doesn't have to be super in depth.

I do disagree with your argument against Caddy, though. How often do you realistically rebuild your services? If it's anytime you would upgrade, then it seems manageable. xcaddy makes this trivial, anyway. Though you don't really need to use it. There's a convenient pro-tip[1] about doing this with a static main.go file instead.

Good luck with your project!

[1]: https://github.com/caddyserver/xcaddy#warning-pro-tip

Boulevard has to be compiled at some point. Wouldn’t it extremely simple to setup a GitHub Action to build Caddy in the way you desire?

> - Caddy plugins mean I have to download xcaddy and rebuild the server. I really do not want to rebuild services on my servers just because I need a simple layer 4 reverse proxy (e.g. so that I can terminate TLS connections in front of my IRC server).

I mean, you don't havse to "rebuild services" -- if you need the plugin, just deploy the binary with the plugin. It's not like it changes (other than upgrades, which you'd do regardless of the plugin).

> Caddy plugins mean I have to download xcaddy and rebuild the server. I really do not want to rebuild services on my servers just because I need a simple layer 4 reverse proxy

That's why containers exist.

You can use kamal-proxy, recently released. It handles SSL and zero downtime deployments. It’s small and from what I checked the code is easy to read and understand.

Which Caddy plugins are you using?

So is caddy fwiw

we're using the kong gateway controller on aws eks, it's pretty neat. I prefer to manage it via argocd/gitops over terraform.

Assuming it is built on top of OpenResty https://github.com/openresty/openresty

Because I have custom needs

That's true, and I even considered doing so, but I, for one, already do commission a lot of art. I'm currently sitting in two artist's queues, actually.

I also don't want to commission something for another project. They should get creative control in the process, else it just feels weird.

Allow me to introduce you to the furry fandom:

Here, here's someone I'm commissioning now, a basic sketch is $10 https://www.shiroganestudios.com/work/commissions

Given the project is FOSS, they'd probably be fine with that price still.

I could go through a list of literally hundreds of artists where $20 is within budget. The quality of simple logo like is needed here is about on part with what many would do for a telegram sticker, which are often about $5/piece.

Hundreds of dollars is totally reasonable if commercial. This isn't.