Make it Work | I LOVE TLS

I LOVE TLS

May 29, 2025 / 01:03:08/E14 Download MP3

In the world of web infrastructure, what starts as a simple goal can often lead you down a fascinating rabbit hole of history, philosophy, and clever engineering. This is the story of our journey to build a simple, single-purpose, open-source CDN for changelog.com and the one major hurdle that stood in our way: Varnish, our HTTP caching layer of choice, doesn't support TLS backends.

Enter Nabeel Sulieman, a shipit.show guest, who had previously introduced us to KCert, a simpler alternative to cert-manager. We knew if anyone could help us solve this TLS conundrum, it was him. After a couple of false starts, we finally recorded the final solution. As Nabeel aptly put it: Third time is the charm.

🍿 This entire conversation is available to Make it Work members as full videos served from the CDN, and also a Jellyfin media server: makeitwork.tv/i-love-tls 👈 Scroll to the bottom of the page for CDN & media server info

LINKS

🐙 github.com/thechangelog/pipely pull-request #8
🐙 github.com/nabsul/tls-exterminator
👀 Varnish - Why no SSL?
🚲 PHKs Bikeshed
🏡 bikeshed.org

EPISODE CHAPTERS

(00:00) - How this started
(02:05) - What makes TLS & SSL interesting for you?
(05:58) - Disabling issues & pull requests
(08:19) - What is Pipely?
(14:03) - Why no SSL? (in Varnish)
(15:36) - Who is Poul-Henning Kamp?
(17:30) - The Bikeshed
(19:46) - Pipely pull request #8
(23:56) - Dagger instead of Docker
(29:41) - pipely Dagger module
(36:52) - What is saswqatch?
(40:44) - ghcr.io/gerhard/sysadmin
(43:45) - Let's benchmark!
(51:52) - What happens next?
(01:00:17) - Wrap-up

Creators and Guests

Host

Gerhard Lazu

Make it Work. Keep Improving.

Guest

Nabeel Sulieman

Staff Software Engineer at GitHub

Broadcast by

Creators and Guests

headphones Listen Anywhere

Listen Anywhere