๐พ Archived View for bbs.geminispace.org โบ u โบ DdlyH โบ 20304 captured on 2024-12-17 at 15:29:23. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "There has been some discussion in the past about using..."
@mrrobinhood5 I thought nginx only supported http(s)?
Oct 03 ยท 2 months ago
๐ฅ๏ธ mrrobinhood5 ยท Oct 03 at 18:38:
@DdlyH I use it for gopher to pass traffic on port 70 to 7070, by adding the following OUTSIDE of the http{} in the config:
stream {
upstream gopher {
server 0.0.0.0:7070;
}
server {
listen 70;
proxy_pass gopher;
}
}
๐ clseibold ยท Oct 03 at 18:52:
I believe for protocols with SSL that aren't https, you have to have an SSL cert at the reverse proxy side to decrypt, and then it will re-encrypt when it reverse proxies to your local server, afaik. I've never used this myself yet.
It's much easier to just use a gemini server with virtual hosting (and if required, the ability to specify different certs for different virtual hosts could be done with SNI). Gemini works well with virtual hosting.
๐ฆ zzo38 ยท Oct 03 at 22:35:
I would expect it would also be possible for a server to read the TLS client hello message and find the SNI, and use that to determine what to forward it to, without needing to decrypt or encrypt anything. (This would work with any protocol that uses TLS.)
๐ป mediocregopher [...] ยท Oct 04 at 07:56:
Traefik apparently supports exactly what @zzo38 described https://jean.ribes.ovh/gemini-reverse-proxy-using-traefik/
๐ jsreed5 [OP] ยท Oct 05 at 13:06:
Thank you for your comments, everyone! For context, ideally I want to have my Gemini links resolve from both the root domain jsreed5.org and the subdomain gemini.jsreed5.org, while any other services require a subdomain (gopher.jsreed5.org, www.jsreed5.org. etc.). It sounds like Traefik might be the best way to do that.
There has been some discussion in the past about using reverse proxies with Gemini. Do any reverse proxies work? I'm getting ready to run a few other services on my capsule EC2 instance and I'd like them to use their own subdomains.