Articles tagged #rust
ktls now under the rustls org
What’s a ktls
I started work on ktls and ktls-sys, a pair of crates exposing Kernel TLS offload to Rust, about two years ago.
kTLS lets the kernel (and, in turn, any network interface that supports it) take care of encryption, framing, etc., for the entire duration of a TLS connection… as soon as you have a TLS connection.
For the handshake itself (hellos, change cipher, encrypted extensions, certificate verification, etc.), you still have to use a userland TLS implementation.
Cracking Electron apps open
I use the draw.io desktop app to
make diagrams for my website. I run it on an actual desktop, like Windows or
macOS, but the asset pipeline that converts .drawio files, to .pdf, to
.svg, and then to .svg again (but smaller) runs on Linux.
So I have a Rust program somewhere that opens headless chromium, and loads just the HTML/JS/CSS part of draw.io I need to render my diagrams, and then use Chromium’s “print to PDF” functionality to save a PDF.
Extra credit
We’ve achieved our goals already with this series: we have a web service written in Rust, built into a Docker image with nix, with a nice dev shell, that we can deploy to fly.io.
But there’s always room for improvement, and so I wanted to talk about a few things we didn’t bother doing in the previous chapters.
Making clash-geoip available in the dev shell
Generating a docker image with nix
There it is. The final installment.
Over the course of this series, we’ve built a very useful Rust web service that shows us colored ASCII art cats, and we’ve packaged it with docker, and deployed it to https://fly.io.
We did all that without using nix at all, and then in the last few chapters,
we’ve learned to use nix, and now it’s time to tell docker build goodbye,
along with this whole-ass Dockerfile:
Doing geo-location and keeping analytics
I sold you on some additional functionality for catscii last chapter, and we
got caught up in private registry / docker shenanigans, so, now, let’s resume
web development as promised.
Adding geolocation
We kinda left the locat crate stubby, it doesn’t actually do any IP to
location lookups. It doesn’t even have a dependency on a crate that can do
that.
Using the Shipyard private crate registry with Docker
Wait wait wait, so we’re not talking about nix yet?
Well, no! The service we have is pretty simple, and I want to complicate things a bit, to show how things would work in both the Dockerfile and the nix scenario.
And because I don’t like contrived examples, we’re going to do something somewhat real-world: we’re going to geo-locate visitors, and track how many visits we get from each country.
Deploying catscii to fly.io
Disclaimer:
Because I used to work for fly.io, I still benefit from an employee discount at the time of this writing: I don’t have to pay for anything deployed there for now.
fly.io is still sponsoring me for developing hring, but this isn’t a sponsored post. It’s just a good fit for what we’re doing here, with a generous free tier.
In the previous chapter, we’ve written a Dockerfile to build the
catscii service inside Docker. The result is a container image that can be
pushed to production!
Writing a Dockerfile for catscii
Now that our service is production-ready, it’s time to deploy it somewhere.
There’s a lot of ways to approach this: what we are going to do, though, is build a docker image. Or, I should say, an OCI image.
This is still a series about Nix, but again: because the best way to see the benefits of Nix is to do it without Nix first, we’ll use only Docker’s tooling to build the image.
Go back to the homepage.