[tech] Gemini reverse proxy

Omar Polo op at omarpolo.com
Thu May 27 10:29:57 BST 2021


Michael Lazar <lazar.michael22 at gmail.com> writes:

> Greetings,
>
> Has anyone gotten a reverse proxy server working with gemini?
> Specifically, I'm looking for something that can listen on port 1965
> and route encrypted traffic to other ports based on the TLS SNI. I
> don't want to do TLS termination at the proxy-layer because I need to
> support client certificates on the destination servers.
>
> From my research, it looks like Nginx and HAProxy both claim to
> support TLS routing like this, but I can't for the life of me figure
> out how to configure either of them :/
>
> Best,
> Michael

Not exactly what you're asking for, but have you considered using
FastCGI?  It would allow your gemini server to do TLS and forward
requests to various backends.  Info about the client certificates can be
sent as parameters.

I think it could be a viable option for Gemini, and I started to
experiment with it in gmid[0], but further work in needed in this
regard.

HTH,

Omar Polo


[0]: https://github.com/omar-polo/gmid/commit/8ff40039e885f6ba64c887f390daf7e7f3bc2ff8


More information about the Gemini mailing list