[tech] reverse proxy gemini

Dave Cottlehuber dch at skunkwerks.at
Sun Feb 21 11:27:52 GMT 2021


On Sun, 21 Feb 2021, at 09:40, Vincent A. wrote:
> Hello,
> 
> My curiosity about Gemini lead me to think about how to host easily many
> different domain on the same server.
>
> Deploying a single hostname is ok. But I'm wondering how to deploy many
> hostnames using the same public IP(v4) address. With HTTP we are used to
> deploy a reverse proxy (nginx, haproxy, traefik...). It allowes then to
> split traffic based on the DNS name requested in the "Host" header.

With modern TLS, we use "Server Name Indication" to accommodate this. 
The client stuffs the requested domain name into the TLS negotiation's
ClientHello.

>From the gemini spec:

4 TLS

Use of TLS for Gemini transactions is mandatory. Use of the Server Name
Indication (SNI) extension to TLS is also mandatory, to facilitate name-based
virtual hosting. 

See https://en.wikipedia.org/wiki/Server_Name_Indication & https://tools.ietf.org/html/rfc6066 for more details.

A+
Dave


More information about the Gemini mailing list