💾 Archived View for bbs.geminispace.org › u › mediocregopher › 6082 captured on 2024-05-26 at 16:19:53. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-10)
-=-=-=-=-=-=-
— I started a discussion on this some time ago
^ There's some links in there describing how it can be done without changes to the protocol or messing around with iptables. It just requires reading the SNI and then transparently passing through the whole connection based on that.
2023-10-10 · 8 months ago
🚀 alexlehm_mobile · 2023-10-10 at 09:28:
a proxy protocol which supports path rules would be cool maybe
🍭 jmjl [OP] · 2023-10-10 at 14:19:
@mediocregopher Domani still doesn't support transparent proxying I think, it isn't using the CAP_NET_RAW capability to do transparent proxing, an example can be found with sslh, linked below. (How to configure, not the code that does the transparent proxying)
— SSLH Transparent proxy config guide.
👻 mediocregopher [...] · 2023-10-10 at 16:25:
@jmjl perhaps I'm misusing the term transparent proxying. I don't really care about the original IP of the connection, especially with gemini I don't see what utility it would have. But yeah if you do care about that I suppose iptables will need to get involved.
🍭 jmjl [OP] · 2023-10-10 at 17:35:
At the end some users in IRC pointed me out to sslh, you need to do some prior configurations, but it seems to work fine, (for what I've tested, I've currently got a borked gemini server (tilde.green) but yeah)
Proxy Protocol Idea — As you might have noticed, gemini has TLS, but it also has proxy support. Which means you can't really reverse proxy services like Bubble or Astrobotany, because they require a TLS Client Certificate. So I thought about making some kind of additional protocol that would be usefull for gemini proxy servers. This would be usefull on tildes where they would for example want to run their own bubble or astrobotany and also have their normal website, but all being hosted by the...