💾 Archived View for bbs.geminispace.org › u › istvan › 19201 captured on 2024-08-31 at 15:50:29. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "[gemini link] A mere year and three months later... [gemini..."
If you are adding features, could we get support for proxying a subdomain to a Gemini server on a local port?
I run tootik for Fediverse Gemini and it has to be accessed on a weird port since gmcapsule is already occupying gemini port.
It would be really cool if gmcapsule could proxy “fedi.mydomain.xyz” to another gemini server running on port 2345 or whatever.
Aug 24 · 7 days ago
🕹️ skyjake [OP/mod...] · Aug 25 at 05:21:
Proxying is on my todo list if I can figure out how to make it work properly. The problem is with TLS client certificates. The way I've understood it, you'd have to set up the proxy connection before the TLS handshake occurs, and I'm not sure if that's possible using the pyOpenSSL APIs.
I think it might be worth looking at how Nginx handles proxy an internal https server to outside.
Looks like what it’s actually doing is reencrypting, so the internal server has to resolve the first certificate, decrypt it, and then reencypt the data with the new cert on its way out the proxy.
https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html
[gemini link] A mere year and three months later... [gemini link] I've gone and implemented a Misfin extension for GmCapsule. It's available in v0.9. I made it as simple as possible: it does basic certificate checking/TOFU but then just forwards the message to an email address. The assumption here is that the destination is reachable without transmitting the message as clear text. This could be for example a local account or, in my case, Proton email that is sent encrypted to the server. The...
💬 skyjake [mod...] · 3 comments · 4 likes · Aug 24 · 7 days ago