In the world of web infrastructure, what starts as a simple goal can often lead you down a fascinating rabbit hole of history, philosophy, and clever engineering. This is the story of our journey to build a simple, single-purpose, open-source CDN for changelog.com and the one major hurdle that stood in our way: Varnish, our HTTP caching layer of choice, doesn't support TLS backends.

Enter Nabeel Sulieman, a shipit.show guest, who had previously introduced us to KCert, a simpler alternative to cert-manager. We knew if anyone could help us solve this TLS conundrum, it was him. After a couple of false starts, we finally recorded the final solution. As Nabeel aptly put it: Third time is the charm.

🍿 This entire conversation is available to Make it Work members as full videos served from the CDN, and also a Jellyfin media server: makeitwork.tv/i-love-tls 👈 Scroll to the bottom of the page for CDN & media server info

LINKS

• 🐙 github.com/thechangelog/pipely pull-request #8
• 🐙 github.com/nabsul/tls-exterminator 
• 👀 Varnish - Why no SSL?
• 🚲 PHKs Bikeshed
• 🏡 bikeshed.org

EPISODE CHAPTERS

• (00:00 ) - How this started
  


• (02:05 ) - What makes TLS & SSL interesting for you?
  


• (05:58 ) - Disabling issues & pull requests
  


• (08:19 ) - What is Pipely?
  


• (14:03 ) - Why no SSL? (in Varnish)
  


• (15:36 ) - Who is Poul-Henning Kamp?
  


• (17:30 ) - The Bikeshed
  


• (19:46 ) - Pipely pull request #8
  


• (23:56 ) - Dagger instead of Docker
  


• (29:41 ) - pipely Dagger module
  


• (36:52 ) - What is saswqatch?
  


• (40:44 ) - ghcr.io/gerhard/sysadmin
  


• (43:45 ) - Let's benchmark!
  


• (51:52 ) - What happens next?
  


• (01:00:17 ) - Wrap-up