Skip to content

HalosGhost/halosgho.st

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

hgweb

This is my homepage, rewritten from the ground up in lwan so it is entirely in C. Right now, it is nothing flashy (very similar to the Haskell version); project pages (and perhaps a few other treats) are planned for the near future.

The Stack

  • lwan - used as a library to build the webserver and page logic
  • hitch - TLS-terminating proxy server
  • uacme - an ACME-protocol client for TLS Cert renewal

All running on Arch Linux using nftables for traffic redirection and forwarding

Traffic Redirection and Forwarding

lwan does not officially support running on an externally-visible port, and it remains the author's express suggestion to not do so. To bypass this limitation, we leverage hitch to redirect traffic from 443 to 8443 (where the contentful instance of lwan is running) and back.

Furthermore, to forcibly redirect HTTP to HTTPS, we use nftables to redirect traffic from 80 to 8080. Then, a very small instance of lwan is running on port 8080 that does nothing but respond to ACME challenge requests and redirect all other traffic to https://halosgho.st.

Design Characteristics