SinTan1729

Ah that makes sense. To be fair tho, there's a lot of unwarranted hate towards Rust so it can be hard to tell.

I hope you're joking. If anything, Rust makes error handling easier by returning them as values using the Result monad. As someone else pointed out, they literally used unwrap in their code, which basically means "panic if this ever returns error". You don't do this unless it's impossible to handle the error inside the program, or if panicking is the behavior you want due to e.g. security reasons.

Even as an absolute amateur, whenever I post any Rust to the public, the first thing I do is get rid of unwrap as much as possible, unless I intentionally want the application to crash. Even then, I use expect instead of unwrap to have some logging. This is definitely the work of some underpaid intern.

Also, Python is sloooowwww.

I'm confused. What do you even mean?

It seems that I'd still need to modify net.ipv4.ip_unprivileged_port_start=80 in sysctl, which I don't want to do. If I do it, the socket isn't even strictly necessary.

Just a couple of friends use it. But I'd like to use this as a learning opportunity and do it the proper way. It seems that if I turn of masquerade in general, and use firewalld fine-grained rules to enable it when I actually need it, I might be able to achieve what I want. I'll post an update to the original post if I can get it to work.

This is interesting. I need to figure out how it works for podman and it'll be the perfect setup.

I think it's the masquerade that's causing problems for me. I have to keep it enabled since I'm running a tailscale exit node. But maybe I can selectively disable it here.

But that just makes most ports unprivileged. That is a solution, but less preferred than my current one.

I mentioned in the post that it seems to make the client IP opaque to caddy.