💾 Archived View for bbs.geminispace.org › u › Addison › 3367 captured on 2024-06-16 at 15:55:34. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-10)
-=-=-=-=-=-=-
https://gist.github.com/aschuhardt/e22459a8acf5db2809c27dd253bfa6b8
Since we're on the subject of reverse-proxies today, here's something I wrote in C# which parses a binary (v2) PROXY-protocol header from the beginning of a Stream.
Note that NGINX doesn't support the v2 protocol, only the plaintext version (v1). I can confirm that this implementation works well behind HAProxy (which it should, since it's their protocol anyway).
A word of warning about using PROXY in a Gemini context: if your reverse proxy is *not* terminating TLS for you, then it will wrap the incoming TLS packets in PROXY headers.
You don't want this. This will blow up .NET's SslStream implementation (and probably anyone else's too) and there's nothing you can do about it short of reimplementing a PROXY-aware version yourself.
This means that, if you want to send PROXY headers upstream, you need to let the reverse-proxy terminate TLS for you *and* you need a Gemini server which runs on plaintext TCP streams (which I leave as an exercise for the reader).
2023-07-21 · 11 months ago · 👍 mozz, Ruby_Witch