assess service bridge routing architecture

net -> nginx -> yggdrasil -> nginx -> $service
net <- tinyproxy <- yggdrasil <- $service

null.media is running a variant with tinyproxy setup as a reverse proxy instead of nginx. in order to improve security and optimize routing over yggrasil from the edge servers to member-operated application servers i propose replacing nginx with a solution based on hitch and squid.

squid offers much more robust proxying features than nginx and hitch can handle ssl termination with a much smaller amount of code than nginx. squid many also be able to take over for tinyproxy for outbound proxy workloads.

net -> hitch -> squid -> yggdrasil -> squid -> $service
net <- squid <- yggdrasil <- $service

in the first case, $service could also use squid for outbound http requests so our service configs can just assume that the outbound proxy lives on localhost.