Hacker News new | ask | show | jobs
by agg23 84 days ago
iroh seems like a very well positioned product in the era of people rapidly building applications for personal use. I'm really interested in seeing how they continue to grow.

I personally have been looking off and on at providing an "app relay" using it, where people can get an OSS, self-hostable (if desired), zero config way to remotely access their app/data on their network. This would be separate than a "network relay" (a la Tailscale), as this is done selectively as part of the application server and client, requires no knowledge or configuration as the user, and exposes a much smaller surface area.
2 comments
nulltrace 84 days ago
The zero-config part is where it gets tricky in practice. I spent a while getting mDNS-based discovery working across different home networks and it's a mess. Half the consumer routers silently drop multicast between subnets, some just rate-limit it into uselessness. You end up layering fallback after fallback (broadcast, then direct probe, then relay) and writing heuristics to pick which path actually works. Having multipath baked into QUIC so the transport just tries all paths and converges on the best one would've saved me a lot of that.
link
apitman 84 days ago
Is your project public?
link
apitman 84 days ago
You may be interested in my list here: https://github.com/anderspitman/awesome-tunneling

In particular I believe OpenZiti has a similar focus on embedding the tunnel in the apps.

link
PLG88 84 days ago
Good pointer. OpenZiti does fit that model well — app-embedded rather than network-wide relay/VPN first (though OpenZiti also supports non-embedded options). The main difference is it’s not just connectivity in the app, but identity- and policy-driven service access, so you get authN/Z-before-connect, with explicit Zero Trust principles, rather than just a tunnel embedded in the client/server.
link
agg23 84 days ago
This is exactly the type of thing I was thinking of. Thanks
link
PLG88 84 days ago
Glad it helped (I work on the project). Reading up on Iroh, OpenZiti approaches this less as ‘how do I reach that host across any path’ and more as ‘which identity is allowed to access which service across paths’,’ which feels like a better fit for app-specific access based on zero trust principles than a general network relay.
link