[tech] reverse proxy gemini

Omar Polo op at omarpolo.com
Sun Feb 21 15:52:11 GMT 2021

Vincent A. <vincent at valvin.fr> writes:

> Hello,
> My curiosity about Gemini lead me to think about how to host easily many
> different domain on the same server.
> I have a simple idea which consists in publishing static content from a
> git repository. And allow users to update their content by updating a
> git repository and maybe through an interface later.
> For this I imagine using containerization with an existing gemini
> server. Here I've tested Agate :
> https://gitlab.com/valvin/gemini-agate-image
> Deploying a single hostname is ok. But I'm wondering how to deploy many
> hostnames using the same public IP(v4) address. With HTTP we are used to
> deploy a reverse proxy (nginx, haproxy, traefik...). It allowes then to
> split traffic based on the DNS name requested in the "Host" header.
> TCP load-balacing doesn't allow this I think but maybe I'm wrong. It
> requires to get the information of hostname in the request.
> So I'm wondering if there is not yet something that has been done about
> this. Or maybe I miss somethin
> g in TCP load-balancing and it is possible
> to do this already.
> Thank you
> Valvin.

As Dave was saying, SNI is madatory on Gemini; clients during the TLS
handshake tells the server which domain they want to talk to, and so the
server can use the correct certificate and serve the right stuff.
Support for this varies between servers.

Agate supports multiple hosts it, search for "Virtual Hosts" (that's how
they're called) in the readme, but with the limitation of only one
certificate.  Other servers (I'll shameless advertise my own) like
gmid[0] or solene' vger[1] supports multiple virtual hosts, with
different certificates too.


Omar Polo

[0]: https://github.com/omar-polo/gmid/
[1]: https://tildegit.org/solene/vger

More information about the Gemini mailing list