[tech] Gemini reverse proxy

panda-roux contact at panda-roux.dev
Tue May 25 21:30:53 BST 2021


I am using HAProxy.  Here's my config for some inspiration: 
https://gist.github.com/panda-roux-dev/9142cf01ad3b29aa86120c7cd90d5b95

It was a headache to set up because I'd never used it before and 99% of 
the search results online are concerning its HTTP usage, but eventually 
figured out something that works in TCP-mode.

Note that I'm using TLS passthrough rather than having HAProxy take care 
of encryption.  This is in order to let each back-end server use 
certificates with its corresponding domain name listed in them.

Good luck.

panda-roux

On 5/25/2021 1:05 PM, Michael Lazar wrote:
> Greetings,
>
> Has anyone gotten a reverse proxy server working with gemini?
> Specifically, I'm looking for something that can listen on port 1965
> and route encrypted traffic to other ports based on the TLS SNI. I
> don't want to do TLS termination at the proxy-layer because I need to
> support client certificates on the destination servers.
>
>  From my research, it looks like Nginx and HAProxy both claim to
> support TLS routing like this, but I can't for the life of me figure
> out how to configure either of them :/
>
> Best,
> Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x44DDD4AEE37FA6A8.asc
Type: application/pgp-keys
Size: 5149 bytes
Desc: OpenPGP public key
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210525/93dbbd79/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210525/93dbbd79/attachment.sig>


More information about the Gemini mailing list