Hello, My curiosity about Gemini lead me to think about how to host easily many different domain on the same server. I have a simple idea which consists in publishing static content from a git repository. And allow users to update their content by updating a git repository and maybe through an interface later. For this I imagine using containerization with an existing gemini server. Here I've tested Agate : https://gitlab.com/valvin/gemini-agate-image Deploying a single hostname is ok. But I'm wondering how to deploy many hostnames using the same public IP(v4) address. With HTTP we are used to deploy a reverse proxy (nginx, haproxy, traefik...). It allowes then to split traffic based on the DNS name requested in the "Host" header. TCP load-balacing doesn't allow this I think but maybe I'm wrong. It requires to get the information of hostname in the request. So I'm wondering if there is not yet something that has been done about this. Or maybe I miss somethin g in TCP load-balancing and it is possible to do this already. Thank you Valvin. -------------- next part -------------- A non-text attachment was scrubbed... Name: publickey - vincent at valvin.fr - 1931e3cd.asc Type: application/pgp-keys Size: 1687 bytes Desc: not available URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210221/9595 2410/attachment-0001.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 489 bytes Desc: OpenPGP digital signature URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210221/9595 2410/attachment-0001.sig>
I'm sure others here will have better advice for you, but would a vhosts-capable server such as gemsrv or gmnisrv suit your needs? ~mieum
I had almost the same use-case for my small gemini server and wrote a proxy that only does vhost routing: gemini://repos.wetterberg.nu/~hugo_wetterberg/gemini-proxy But if you're serving static files/some CGI you're probably better off following mieums advice and use a server that uses different docroots for different hostnames. Then you don't have to layer different proxies and servers, and it's easy to combine that workflow with git post- recieve hooks that generates the static files. /Hugo
On Sun, 21 Feb 2021, at 09:40, Vincent A. wrote: > Hello, > > My curiosity about Gemini lead me to think about how to host easily many > different domain on the same server. > > Deploying a single hostname is ok. But I'm wondering how to deploy many > hostnames using the same public IP(v4) address. With HTTP we are used to > deploy a reverse proxy (nginx, haproxy, traefik...). It allowes then to > split traffic based on the DNS name requested in the "Host" header. With modern TLS, we use "Server Name Indication" to accommodate this. The client stuffs the requested domain name into the TLS negotiation's ClientHello. >From the gemini spec: 4 TLS Use of TLS for Gemini transactions is mandatory. Use of the Server Name Indication (SNI) extension to TLS is also mandatory, to facilitate name-based virtual hosting. See https://en.wikipedia.org/wiki/Server_Name_Indication & https://tools.ietf.org/html/rfc6066 for more details. A+ Dave
Vincent A. <vincent at valvin.fr> writes: > Hello, > > My curiosity about Gemini lead me to think about how to host easily many > different domain on the same server. > > I have a simple idea which consists in publishing static content from a > git repository. And allow users to update their content by updating a > git repository and maybe through an interface later. > > For this I imagine using containerization with an existing gemini > server. Here I've tested Agate : > https://gitlab.com/valvin/gemini-agate-image > > Deploying a single hostname is ok. But I'm wondering how to deploy many > hostnames using the same public IP(v4) address. With HTTP we are used to > deploy a reverse proxy (nginx, haproxy, traefik...). It allowes then to > split traffic based on the DNS name requested in the "Host" header. > > TCP load-balacing doesn't allow this I think but maybe I'm wrong. It > requires to get the information of hostname in the request. > > So I'm wondering if there is not yet something that has been done about > this. Or maybe I miss somethin > g in TCP load-balancing and it is possible > to do this already. > > > Thank you > > Valvin. As Dave was saying, SNI is madatory on Gemini; clients during the TLS handshake tells the server which domain they want to talk to, and so the server can use the correct certificate and serve the right stuff. Support for this varies between servers. Agate supports multiple hosts it, search for "Virtual Hosts" (that's how they're called) in the readme, but with the limitation of only one certificate. Other servers (I'll shameless advertise my own) like gmid[0] or solene' vger[1] supports multiple virtual hosts, with different certificates too. Cheers, Omar Polo [0]: https://github.com/omar-polo/gmid/ [1]: https://tildegit.org/solene/vger
Hello and thank you all for you replies. It looks SNI is what I was looking for. In my use case I'd like each virtual host runs individually whith their own certificates but hosted on the same IP. I think Hugo solution already implements something near of what I need. I'll test it quickly. It looks I have many things to discover like all the server implementations ;) Valvin Le 21/02/2021 ? 16:52, Omar Polo a ?crit?: > > Vincent A. <vincent at valvin.fr> writes: > >> Hello, >> >> My curiosity about Gemini lead me to think about how to host easily many >> different domain on the same server. >> >> I have a simple idea which consists in publishing static content from a >> git repository. And allow users to update their content by updating a >> git repository and maybe through an interface later. >> >> For this I imagine using containerization with an existing gemini >> server. Here I've tested Agate : >> https://gitlab.com/valvin/gemini-agate-image >> >> Deploying a single hostname is ok. But I'm wondering how to deploy many >> hostnames using the same public IP(v4) address. With HTTP we are used to >> deploy a reverse proxy (nginx, haproxy, traefik...). It allowes then to >> split traffic based on the DNS name requested in the "Host" header. >> >> TCP load-balacing doesn't allow this I think but maybe I'm wrong. It >> requires to get the information of hostname in the request. >> >> So I'm wondering if there is not yet something that has been done about >> this. Or maybe I miss somethin >> g in TCP load-balancing and it is possible >> to do this already. >> >> >> Thank you >> >> Valvin. > As Dave was saying, SNI is madatory on Gemini; clients during the TLS > handshake tells the server which domain they want to talk to, and so the > server can use the correct certificate and serve the right stuff. > Support for this varies between servers. > > Agate supports multiple hosts it, search for "Virtual Hosts" (that's how > they're called) in the readme, but with the limitation of only one > certificate. Other servers (I'll shameless advertise my own) like > gmid[0] or solene' vger[1] supports multiple virtual hosts, with > different certificates too. > > Cheers, > > Omar Polo > > [0]: https://github.com/omar-polo/gmid/ > [1]: https://tildegit.org/solene/vger -------------- next part -------------- A non-text attachment was scrubbed... Name: publickey - vincent at valvin.fr - 1931e3cd.asc Type: application/pgp-keys Size: 1687 bytes Desc: not available URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210221/5eef 1a7f/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 489 bytes Desc: OpenPGP digital signature URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210221/5eef 1a7f/attachment.sig>
??????? Original Message ??????? Le dimanche 21 f?vrier 2021 ? 10:40, Vincent A. <vincent at valvin.fr> a ?crit : > My curiosity about Gemini lead me to think about how to host easily many different domain on the same server. Le dimanche 21 f?vrier 2021 ? 11:25, mieum <mieum at namu.blue> a ?crit : > I'm sure others here will have better advice for you, but would a vhosts-capable server such as gemsrv or gmnisrv suit your needs? I second gmnisrv, it's what I currently use and I have a couple of legacy domains running in separate doc roots with their own certs. It handles its own cert generation too. I've found it incredibly simple to set up, modify the ini file with the hostname, root directory for the content, and start-up gmnisrv. Also don't take the stability of the oh.mg gemini server as any indication of gmnisrv. I run it on a terrible VM with practically no memory and a lot of hope. But it works for the most part. -K?vin -------------- next part -------------- A non-text attachment was scrubbed... Name: publickey - lists at oh.mg - 0xABA556E0.asc Type: application/pgp-keys Size: 703 bytes Desc: not available URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210223/3875 e8fc/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210223/3875 e8fc/attachment.sig>
---
Previous Thread: [ANN] Hello from filter.id.au
Next Thread: [SPEC] Encouraging HTTP Proxies to support Gemini hosts self-blacklisting