Dropserver Progress - April 2024
This is the progress report for Dropserver for April 2024.
Last month I said I would change how I do these. I want them shorter and more to the point. If any aspect of the work deserves a deeper technical dive it will be in a separate blog post.
Here we go:
Outbound Fetches Get Stuffed
Last month I tried to implement outgoing net requests in a safe way for the user and instance. I was unable to put something together that was flexible and powerful and safe. I ran into difficulties in a lot of places, but mostly the Deno net permissions are just not cut for this.
For all the details, see my post “Allowing Outbound Net Requests from a Dropserver App”.
My enthusiasm and optimism for Dropserver took a hit as I endured this setback. I committed the work I was doing on the outbound request proxy, and I may ship it later. But for now, my motivation to work on outgoing net requests is done.
I needed to move to greener pastures, and threw myself in Tailscale’s open arms.
Tailscale
I want to make Dropserver adoptable by as many people as possible. To this end I realized recently that Dropserver should be easy to install (think GUI Wizard on a popular operating system), and it should be easy to get it connected such that it can be reached and be safe. That last bit, it turns out, is a real pain.
I have a blog post in the works on the challenges of serving a small personal app on the web like what Dropserver will do. In fact, I got so frustrated with this problem that I wrote a prequel so I could vent some frustration before I finish the main post: “I Want to Surf The Non-World Non-Wide Web”.
Between domain names, DNS, TLS certs, and exposing anything to the public Internet there is no shortage of sharp edges to deal with. That is unless you summon the services of Tailscale.
Tailscale lets you create a private network that you can access from any of your devices. You can also invite other Tailscale users to one or more of your services. Powerful ACLs give you fine grained control over all access. They do all the tedious work for you: domains, TLS, etc… it’s all taken care of.
A prominent use case for Dropserver is hosting apps that are only used by yourself and a few other known people (like a life partner) or even just yourself. For example I use it to host my personal note-taking app, which is used by me only, but I like to access it from any device I have handy. But right now it’s exposed to the public internet, with the only thing stopping other people from reading my notes an auth system that sits at layer 7 😟.
So the question is: what if I integrated Tailscale into Dropserver? The service is really nice, and they offer a library and encouragement. Could that cut down on the set-up time and increase the usefulness of a Dropserver install while also improving its security?
After two weeks of playing around the answer appears to be a resounding “yes”. I’ll write a separate post specifically about this.
My optimism is way up thinking about how easy it would be for someone to get a functioning yet completely private and safe way to host their private apps thanks to Tailscale 🤩.
Headscale: Tailscale’s Open Source Cousin
If there is one downside to Tailscale, it’s that it’s a proprietary service run by a for-profit company which we should assume will get sold and enshittified at some point in the future. While we are lucky that they open-source most of their code, their control-plane is proprietary.
Headscale is the open source self-hostable alternative, which is supported and encouraged by Tailscale.
Ideally all Tailscale functionality that Dropserver uses would also work with a Headscale server, but that’s not going to be the case right away.
Unfortunately there are some features missing in Headscale, specifically Serve
with TLS enabled and Funnel. Since HS is written in Go I’m looking at contributing by adding the missing pieces of TLS cert generation to Headscale. See this issue, and drop a reaction to let others know you’d like to see this happen as well, or comment if you want to help me get it built.
That’s a Wrap for April
I am not able to work as many hours on Dropserver these days because of “real” work constraints. But the good news is Tailscale has given me a new boost of enthusiasm. I think it’s a brilliant service and its a shoe-in for Dropserver and I’m excited to get to work on the integration.