๐Ÿ’พ Archived View for bbs.geminispace.org โ€บ u โ€บ norayr โ€บ 4043 captured on 2024-12-17 at 13:36:07. Gemini links have been rewritten to link to archived content

View Raw

More Information

โฌ…๏ธ Previous capture (2024-08-18)

-=-=-=-=-=-=-

Comment by ๐Ÿ™ norayr

Re: "Reverse proxy for gemini vhosts"

In: s/Gemini

so what happened in issue #6 of tokio-rustls? how did it end? did they accept your changes?

what is the solution if i want to do the same, i. e. host several of my gemini domains on one machine?

๐Ÿ™ norayr

2023-08-10 ยท 1 year ago

5 Later Comments โ†“

๐Ÿ™ norayr ยท 2024-01-04 at 23:12:

@mediocregopher, i tried the traefik configuration inspired by what you linked:

โ€” this link.

i struggled to understand your configuration actually. my understanding is that traefik should listen on 1965 and redirect based on SNI to let's say 1966 or 1967 - to other ports where gemini servers that serve different domains are listening.

so i tried this:

entryPoints:
  gemini:
    address: ":1965"

tcp:
  routers:
    capsule1:
      entrypoints:
        - "gemini"
      rule: "HostSNI(`norayr.am`)"
      service: "norayr"
      tls:
        passthrough: true

    capsule2:
      entrypoints:
        - "gemini"
      rule: "HostSNI(`xn--y9a5bft.xn--y9a3aq`)"
      service: "sona"
      tls:
        passthrough: true

  services:
  norayr:
      loadBalancer:
        servers:
          - address: "127.0.0.1:1966"

    sona:
      loadBalancer:
        servers:
          - address: "127.0.0.1:1967"

i have properly configured norayr.am on 1966, and it works if i go to it separately.

however when i enter just gemini://norayr.am, Lagrange sees that Traefik is providing its own default certificate ("CN = TRAEFIK DEFAULT CERT") instead of allowing TLS passthrough.

how would you recommend to change my configuration?

๐Ÿ‘ป mediocregopher [OP...] ยท 2024-01-05 at 07:58:

@norayr The post I linked to wasn't written by me, I've never used traefik personally, so I don't think I can be much help here. Maybe you're using a newer/older version of traefik that expects a different configuration?

๐Ÿ™ norayr ยท 2024-01-05 at 14:14:

@mediocregopher would you suggest using tokio-rustls you patched? would you feel comfortable to mention a configuration example for my usecase?

๐Ÿ‘ป mediocregopher [OP...] ยท 2024-01-05 at 17:04:

@norayr the tokio-rustls patch is for a rust library, it's not an actual application which can be used as-is. You would need to code your own which incorporates it.

I used that library as part of this project:

โ€” Domani

_Technically_ you could use Domani in the way you're wanting to, given a specific configuration. I've been using Domani myself to serve my HTTP(s) and gemini sites for a few months now and haven't noticed any issues, but I wouldn't say it's stable yet. There's still quite a few changes I want to make to it, and I haven't gotten around to generating release binaries for it yet so you'd need to compile it yourself.

๐Ÿ™ norayr ยท 2024-01-09 at 13:53:

ok i used gmid for reverse proxy and was able to redirect to 2 different molly browns for a test.

โ€” relevant issue page

Original Post

๐ŸŒ’ s/Gemini

Reverse proxy for gemini vhosts โ€” Reverse proxy for gemini I'm looking into writing a reverse proxy server which supports Gemini. ideally I'd like it to work like an HTTP reverse proxy like nginx or caddy, where it directs requests to different backend servers depending on the hostname. The problem is... is this even really possible, given that client certs are a thing? How can the proxy serve the connection long enough to figure out a hostname, and still proxy it to the backend server with...

๐Ÿ’ฌ mediocregopher [...] ยท 27 comments ยท 2023-07-18 ยท 1 year ago