A very long time ago, Google said that for better search engine results, people should have just one URL for their pages. Alternative ways of reaching these pages should redirect to the one true place. All right, I thought. Port 80, in other words, http, got redirected to port 443, that is: https. That in turn requires encryption, which requires certificates, which requires interacting with Let's Encrypt. Everything is more complicated.
At the same time, old machines can't access those encrypted ports. They're not fast enough to decrypt the data, or their libraries are too old and only support unsafe encryption.
Over the years I had heard people say that we shouldn't have moved to 100% encryption. And now I'm starting to think that maybe they're right. In some cases, no encryption is fine. If people prefer encryption, they can always visit this site using https. But if they cannot, I just reenabled http serving. It only redirects visitors to https if they want to edit something because editing requires authentication and I don't want passwords getting sent across the Internet in the clear.
I also reconsidered my position regarding Gemini. Back when I dropped Phoebe, I had installed Satellite to serve some remaining files via Gemini. Satellite handles certificates for me! This is great. And in all those weeks, I never ran into any issues. It just worked.
This is why yesterday I started investigating how I could serve my pages via Satellite, too. I had moved from Oddmuse to Oddmu so instead of having to use that proxy approach where Phoebe queries Oddmuse for the raw wiki text and tries to turn it into gemtext, I could now read Markdown files, convert them to Gemini using a library, perhaps?
And so it was. I already used gomarkdown for Oddmu. I discovered that gmnhg used the same library to parse Markdown. I lifted that renderer and added it to Satellite, added two extensions I had written for Oddmue (wiki links and hashtags), with slightly different implementations (hashtags don't link to searches). So now I have this patched satellite running and it seems to work and I'm happy. Which is why this site is again reachable via port 1965.
The Apache configuration looks like this, by the way. It includes configuration for Oddmu, Radicale and GoToSocial.
MDomain alexschroeder.ch www.alexschroeder.ch social.alexschroeder.ch src.alexschroeder.ch
<VirtualHost *:80>
ServerName www.alexschroeder.ch
Redirect permanent / http://alexschroeder.ch/
</VirtualHost>
<VirtualHost *:80>
ServerName alexschroeder.ch
Include conf-enabled/blocklist.conf
DocumentRoot /home/alex/alexschroeder.ch
# Oddmu wiki
ProxyPassMatch ^/((view|diff|search)/(.*))?$ http://localhost:8081/$1
RedirectMatch ^/((edit|save|add|append|upload|drop)/(.*))?$ https://alexschroeder.ch/$1
</VirtualHost>
<VirtualHost *:443>
ServerName www.alexschroeder.ch
Redirect permanent / https://alexschroeder.ch/
SSLEngine on
</VirtualHost>
<VirtualHost *:443>
ServerAdmin alex@alexschroeder.ch
ServerName alexschroeder.ch
SSLEngine on
Include conf-enabled/blocklist.conf
DocumentRoot /home/alex/alexschroeder.ch
# Special options for the CGI-scripts in here omitted
# Oddmu wiki
ProxyPassMatch ^/((view|diff|edit|save|add|append|upload|drop|search)/(.*))?$ http://localhost:8081/$1
<LocationMatch "^/(edit|save|add|append|upload|drop)/">
AuthType Basic
AuthName "Password Required"
AuthUserFile /home/oddmu/.htpasswd
Require valid-user
</LocationMatch>
# ... lots of ProxyPass statements for various apps omitted
RewriteEngine On
RewriteRule ^/radicale$ /radicale/ [R,L]
<Location "/radicale/">
ProxyPass http://localhost:5232/ retry=0
ProxyPassReverse http://localhost:5232/
RequestHeader set X-Script-Name /radicale/
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin alex@alexschroeder.ch
ServerName social.alexschroeder.ch
SSLEngine on
# allow loading of images
Header unset Content-Security-Policy
# This is for GoToSocial
# https://docs.gotosocial.org/en/latest/installation_guide/apache-httpd/
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
# set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
RewriteRule ^/?(.*) "ws://127.0.0.1:4025/$1" [P,L]
ProxyPreserveHost On
# set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
ProxyPass / http://127.0.0.1:4025/
ProxyPassReverse / http://127.0.0.1:4025/
RequestHeader set "X-Forwarded-Proto" expr=https
# This was for snac
# RewriteEngine On
# RewriteRule ^/@([a-z]+)$ /$1 [redirect,last]
# RewriteRule ^/users/([a-z]+)$ /$1 [redirect,last]
# RewriteRule ^/favicon.ico https://alexschroeder.ch/favicon.ico [redirect]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin alex@alexschroeder.ch
ServerName src.alexschroeder.ch
ProxyPass / http://localhost:4027/
SSLEngine on
</VirtualHost>
#Administration #Gemini #Web