๐พ Archived View for bbs.geminispace.org โบ u โบ mozz โบ 3257 captured on 2023-07-22 at 17:31:29. Gemini links have been rewritten to link to archived content
โก๏ธ Next capture (2023-09-08)
-=-=-=-=-=-=-
Re: "Reverse proxy for gemini vhosts"
Peaking the TLS SNI is the best way to go. The disadvantage is that if the client doesn't send the SNI, or if the SNI doesn't match the actual URL inside the gemini request, you're kind of screwed.
Also check out the PROXY protocol, which allows you to attach client information like the true IP address in the absence of having access to HTTP headers. I added support for this to jetforce although I'm not using it currently.
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
2023-07-18 ยท 4 days ago
hello, i am trying to understand, if we have such a solution now?
based on what i read (and hopefully understand) i would prefer a server that forwards requests to different ports depending on domain name. but without doing mitm, i guess it can just forward everything back and forth?
2023-07-21 ยท 1 day ago
i as referred to this thread
@norayr the problem is that the proxy has to determine the hostname in the unencrypted part of the TLS protocol, which apparently works, but it unusual (the solution provided by relayd seems to work)
โ => Here's an NGINX config that uses SNI to do what you're asking. Cheers
relayd? hmmm... did anyone already configure some capsules like that? can i find some example configurations somewhere?
24 hours ago
omg let me see!
@norayr I'm not sure why relayd was brought up, but both the link about traefik that I posted earlier and the nginx config that Addison posted should be able to help
15 hours ago
@mediocregopher sorry that was mentioned somewhere else on the same topic, I confused the "channels"
11 hours ago
Reverse proxy for gemini vhosts โ Reverse proxy for gemini I'm looking into writing a reverse proxy server which supports Gemini. ideally I'd like it to work like an HTTP reverse proxy like nginx or caddy, where it directs requests to different backend servers depending on the hostname. The problem is... is this even really possible, given that client certs are a thing? How can the proxy serve the connection long enough to figure out a hostname, and still proxy it to the backend server with...
๐ฌ mediocregopher ยท 15 comments ยท 2023-07-18 ยท 5 days ago