How can I separate the gemini/mercury and TLS/cert functions (serverside)?

• 📧 Messages: 2
• 🗣️ Authors: 2
• 📅 First Message: 2021-08-15 16:26
• 📅 Last Message: 2021-08-15 17:47

1. ew.gemini (ew.gemini (a) nassur.net)

• 📅 Sent: 2021-08-15 16:26
• 📧 Message 1 of 2

Hello geminauts,

I am toying with the idea to separate the handling of the gemini
request from the handling of TLS. I believe I have read about
such a setup on a *bsd system somewhere, but I'm unable to find
it again. I /think/ the tls-handling relay was called something
with "jet" in the name, but I could be wrong.

So why would I do this? The gemini/mercury server part could
well run on a small microcontroller. Within my home network TLS
is not really neccessary. But I would be nice to connect such a
controller to the outside world using a proxy or similar, which
does handle the tls and certificate side of things, and relays
the raw request and its reply between the controller and the
client via ethernet.


Any pointers are highly appreciated.

Thanks,
~ew

PS: while I'm good at number crunchers and shell scripts, I am
highly illiterate with respect to anything network and sockets.

-- 
Keep it simple!

Link to individual message.

2. Omar Polo (op (a) omarpolo.com)

• Subject Changed! New Subject: Re: How can I separate the gemini/mercury and TLS/cert functions (serverside)?
• 📅 Sent: 2021-08-15 17:47
• 📧 Message 2 of 2

On 15 August 2021 18:26:08 CEST, "ew.gemini" <ew.gemini@nassur.net> wrote:
>
>Hello geminauts,
>
>I am toying with the idea to separate the handling of the gemini
>request from the handling of TLS. I believe I have read about
>such a setup on a *bsd system somewhere, but I'm unable to find
>it again. I /think/ the tls-handling relay was called something
>with "jet" in the name, but I could be wrong.
>
>So why would I do this? The gemini/mercury server part could
>well run on a small microcontroller. Within my home network TLS
>is not really neccessary. But I would be nice to connect such a
>controller to the outside world using a proxy or similar, which
>does handle the tls and certificate side of things, and relays
>the raw request and its reply between the controller and the
>client via ethernet.
>
>
>Any pointers are highly appreciated.
>
>Thanks,
>~ew
>
>PS: while I'm good at number crunchers and shell scripts, I am
>highly illiterate with respect to anything network and sockets.

you can try vger: it's meant to be run from inetd under relayd/nginx/... 
because it obviously doesn't handle TLS. But if you make inetd listen on 1965... :)
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Link to individual message.

---

Previous Thread: Re: Gemini Digest, Vol 25, Issue 9

Next Thread: Re: Gemini Digest, Vol 25, Issue 12 - What we use