3d6fc7b211
* Restructure imports/exports * Add a default export * Jump to 2.0 per semver * Add a ReverseProxy handler * Change the behavior of registerPath around root hostnames |
||
---|---|---|
handlers | ||
.gitignore | ||
GeminiServer.js | ||
README.md | ||
example.js | ||
main.js | ||
package.json |
README.md
We require SNI!
The Gemini spec requires clients to implement SNI. This server requires SNI to connect.
echo "gemini://localhost/\r" | openssl s_client -connect "localhost:1965" # WILL FAIL
If you want to use openssl s_client
to debug, you must pass the -servername
option so that openSSL will send a hostname to the server.
echo "gemini://localhost/\r" | openssl s_client -connect "localhost:1965" -servername "localhost" # All good!
There are a lot of paths.
A urlPath
is the absolute path given in the Gemini request (new URL().pathname)
A basePath
is the first argument to register path. We match the urlPath
against a basePath when determining how to handle a request.
A relativePath
is the difference between a basePath
and a urlPath
. It's normally ""
.
Sometimes these paths will include their hostnames
A path in the pathRegistry is a p
, which is an object with a hostname, a basePath, and a handler
Creating certificates for dev
# Generate private key
openssl genrsa -out private-key.pem 2048
# Generate cert. signing request
# All fields can be left blank except for Common Name, where I enter "localhost"
openssl req -new -sha256 -key private-key.pem -out csr.pem
# Self-sign, generating cert
openssl x509 -req -in csr.pem -signkey private-key.pem -out public-cert.pem
TODO
It's possible to imagine a situation where astronomical theater is behind a proxy and the proxy doesn't do address translation, passing the raw gemini request to us. In this case, our behavior is undefined.
Similarly, SNI is not supported with IP addresses.