💾 Archived View for rawtext.club › ~sloum › geminilist › 006581.gmi captured on 2023-12-28 at 16:18:12. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Peter Vernigorov pitr.vern at gmail.com
Tue May 25 21:42:51 BST 2021
- - - - - - - - - - - - - - - - - - -
With nginx it's quite simple, just ensure that your nginx is compiledwith stream_ssl_preread_module:
stream { map $ssl_preread_server_name $upstream { "app1.example.com" 127.0.0.1:5000; "app2.example.com" 127.0.0.1:5001; } server { listen 1965; proxy_pass $upstream; ssl_preread on; }}
On Tue, May 25, 2021 at 10:34 PM panda-roux <contact at panda-roux.dev> wrote:
I just re-read your message and saw you're wanting SNI-based routing.
Bear in mind that the configuration file I sent deals only with
domain-name based filtering based on sub-string comparisons. I haven't
tried anything else yet.
Please let us know if you do get that working though!
panda-roux
On 5/25/2021 1:30 PM, panda-roux wrote:
I am using HAProxy. Here's my config for some inspiration:
https://gist.github.com/panda-roux-dev/9142cf01ad3b29aa86120c7cd90d5b95
It was a headache to set up because I'd never used it before and 99%
of the search results online are concerning its HTTP usage, but
eventually figured out something that works in TCP-mode.
Note that I'm using TLS passthrough rather than having HAProxy take
care of encryption. This is in order to let each back-end server use
certificates with its corresponding domain name listed in them.
Good luck.
panda-roux
On 5/25/2021 1:05 PM, Michael Lazar wrote:
Greetings,
Has anyone gotten a reverse proxy server working with gemini?
Specifically, I'm looking for something that can listen on port 1965
and route encrypted traffic to other ports based on the TLS SNI. I
don't want to do TLS termination at the proxy-layer because I need to
support client certificates on the destination servers.
From my research, it looks like Nginx and HAProxy both claim to
support TLS routing like this, but I can't for the life of me figure
out how to configure either of them :/
Best,
Michael