💾 Archived View for bbs.geminispace.org › u › jsreed5 › 20290 captured on 2024-12-17 at 15:03:12. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
There has been some discussion in the past about using reverse proxies with Gemini. Do any reverse proxies work? I'm getting ready to run a few other services on my capsule EC2 instance and I'd like them to use their own subdomains.
Oct 03 · 2 months ago
🖥️ mrrobinhood5 · Oct 03 at 12:33:
I just use nginx, it was easy to set up
🚀 clseibold · Oct 03 at 12:55:
Nginx I think is the most common, like @mrrobinhood5 suggested. There are some Gemini servers that support virtual hosting, so that is another option.
@mrrobinhood5 I thought nginx only supported http(s)?
🖥️ mrrobinhood5 · Oct 03 at 18:38:
@DdlyH I use it for gopher to pass traffic on port 70 to 7070, by adding the following OUTSIDE of the http{} in the config:
stream {
upstream gopher {
server 0.0.0.0:7070;
}
server {
listen 70;
proxy_pass gopher;
}
}
🚀 clseibold · Oct 03 at 18:52:
I believe for protocols with SSL that aren't https, you have to have an SSL cert at the reverse proxy side to decrypt, and then it will re-encrypt when it reverse proxies to your local server, afaik. I've never used this myself yet.
It's much easier to just use a gemini server with virtual hosting (and if required, the ability to specify different certs for different virtual hosts could be done with SNI). Gemini works well with virtual hosting.
I would expect it would also be possible for a server to read the TLS client hello message and find the SNI, and use that to determine what to forward it to, without needing to decrypt or encrypt anything. (This would work with any protocol that uses TLS.)
👻 mediocregopher [...] · Oct 04 at 07:56:
Traefik apparently supports exactly what @zzo38 described https://jean.ribes.ovh/gemini-reverse-proxy-using-traefik/
🚀 jsreed5 [OP] · Oct 05 at 13:06:
Thank you for your comments, everyone! For context, ideally I want to have my Gemini links resolve from both the root domain jsreed5.org and the subdomain gemini.jsreed5.org, while any other services require a subdomain (gopher.jsreed5.org, www.jsreed5.org. etc.). It sounds like Traefik might be the best way to do that.