sysnull/guides - HTTPS to Gemini proxy with kineto

Last Updated: 2021-10-03

Even if you intend to only hosts your contents on Gemini, a HTTPS to Gemini proxy would at least be helpful for non-Gemini users to browse your capsule also. This guide will not only setup the proxy, but also use nginx with HTTPS that uses the let's encrypt certificates.

kineto: an HTTP to Gemini proxy

Let's Encrypt

nginx setup

Install nginx, backup the default.conf, then enter it:

$ cd /etc/nginx/http.d/
# cp default.conf default.bkupconf
# vi /etc/nginx/http.d/default.conf

In /etc/nginx/http.d/default.conf, we want to simply use nginx as a proxy which will pass it to the kineto proxy which is usually opened at port 8080 locally. So just simply do the following but replace the server name to your own domain name:

server {
	listen 80;
	listen [::]:80;
	server_name sysnull.my.to;
	index index.html index.htm;
	location / {
		proxy_pass http://127.0.0.1:8080;
	}
}

Using OpenRC, just add to boot and start nginx (or whatever the equivalent in your own system):

# rc-update add nginx
# rc-service nginx start

HTTPS with certbot

These days, the typical user would expect HTTPS and with major browsers now having automatic HTTPS, it's a good idea to have the site running HTTPS through port 443. For Alpine, you can install certbot and certbot-nginx then just run certbot with the nginx flag once to install the certificate. You can use the additional flag --register-unsafely-without-email to not have to put in the email which is used for email notifications whenever it's getting close to the certificate expiration date, however in the crontab next section, we can just auto-renew it anyway every 1st day of the month:

# apk add certbot certbot-nginx
# certbot --nginx --register-unsafely-without-email

Enter in crontab on root with 'crontab -e' and just add in the following line to auto-renew certificate every 1st day of the month:

0 0 1 * * certbot --nginx renew

Kineto

Make sure you have go and git installed first, after that you can git clone, go build and install the project. Just take note of the installation path of kineto:

$ git clone https://git.sr.ht/~sircmpwn/kineto
$ go build
$ go install

OpenRC Script

Here is the following OpenRC script you can save to /etc/init.d/kineto so it can startup on boot and run as a service. Make sure to change 'command' and 'command_args' to your needs:

#!/sbin/openrc-run
name="kineto"
command="/home/gemini/go/bin/kineto"
command_args="gemini://sysnull.my.to"
command_background="yes"
pidfile="/var/run/$SVCNAME.pid"

After adding the file, you can just use kineto as an OpenRC service:

# rc-update add kineto
# rc-service kineto start

Back to guides

Homepage