58 lines
2.0 KiB
Plaintext
58 lines
2.0 KiB
Plaintext
# Astronomical Theater
|
|
A Node.js Gemini server and proxy.
|
|
|
|
Do not use.
|
|
|
|
### We require SNI!
|
|
The Gemini spec requires clients to implement SNI. This server requires SNI to connect.
|
|
|
|
```sh
|
|
echo "gemini://localhost/\r" | openssl s_client -connect "localhost:1965" # WILL FAIL
|
|
```
|
|
If you want to use `openssl s_client` to debug, you must pass the `-servername` option so that openSSL will send a hostname to the server.
|
|
|
|
```sh
|
|
echo "gemini://localhost/\r" | openssl s_client -connect "localhost:1965" -servername "localhost" # All good!
|
|
```
|
|
|
|
|
|
|
|
There are a lot of paths.
|
|
|
|
A `urlPath` is the absolute path given in the Gemini request (new URL().pathname)
|
|
|
|
A `basePath` is the first argument to register path. We match the `urlPath` against a basePath when determining how to handle a request.
|
|
|
|
A `relativePath` is the difference between a `basePath` and a `urlPath`. It's normally `""`.
|
|
|
|
Sometimes these paths will include their hostnames
|
|
|
|
A path in the pathRegistry is a `p`, which is an object with a hostname, a basePath, and a handler
|
|
|
|
|
|
|
|
### Creating certificates for dev
|
|
|
|
```sh
|
|
# Generate private key
|
|
openssl genrsa -out private-key.pem 2048
|
|
# Generate cert. signing request
|
|
# All fields can be left blank except for Common Name, where I enter "localhost"
|
|
openssl req -new -sha256 -key private-key.pem -out csr.pem
|
|
# Self-sign, generating cert
|
|
openssl x509 -req -in csr.pem -signkey private-key.pem -out public-cert.pem
|
|
|
|
# For debugging clients, it can be useful to start a openssl server with these certs:
|
|
openssl s_server -key private-key.pem -cert public-cert.pem -accept 1965
|
|
|
|
# And of course creating a client with openssl. The -servername is needed for SNI
|
|
openssl s_client -connect example.com:1965 -servername example.com
|
|
```
|
|
|
|
|
|
# TODO
|
|
It's possible to imagine a situation where astronomical theater is behind a proxy and the proxy doesn't do address translation, passing the raw gemini request to us.
|
|
In this case, our behavior is undefined.
|
|
|
|
Similarly, SNI is not supported with IP addresses.
|