Gemini on bare IPs

So, in case there are more people who know this stuff here, is it *in practice* possible to have a Gemini server on a bare IP? So far I haven't seen a single server that can do it, but then again I haven't checked in a while. Currently I've chosen to use Gemini-like simple HTML pages (over Yggdrasil), but still curious if things changed.

#dns_is_dead

Posted in: s/Gemini

☕️ tenno-seremel

Feb 14 · 3 months ago

9 Comments ↓

🕹️ skyjake [mod...] · Feb 14 at 17:32:

Not sure what issues you've run into with other servers, but generally you'd just configure the server normally and use the IP address as the domain/host name. For example, here's GmCapsule running on my (somewhat static) IP:

— 85.156.143.233:1968/

The configuration is simple:

The static file being server is "./85.156.143.233/index.gmi".

You should note that the server certificate must use the IP address as the common name or subject alternative name.

I'm using 1968 in this example because skyjake.fi/geminispace.org runs on 1965.

☕️ tenno-seremel [OP] · Feb 14 at 18:21:

@skyjake Hm, when I try to visit gemini://85.156.143.233:1968/ elpher says: Gemini server reports PERMANENT FAILURE for this request: 59 Missing TLS server name indication 🤔 Unless that was meant as just an example.

🕹️ skyjake [mod...] · Feb 14 at 18:31:

IIRC Gemini clients should always use SNI when making requests. Perhaps elpher does not set it when using an IP address? Should try a few different clients and see how they work.

As far as GmCapsule is concerned, I suppose I could change it to allow requests to go through when using a bare IP address even if SNI is not included in the TLS session.

🚀 mbays · Feb 14 at 18:39:

@skyjake RFC 6066 says: Literal IPv4 and IPv6 addresses are not permitted in "HostName". So I think elpher is correct here?

🕹️ skyjake [mod...] · Feb 14 at 18:53:

@mbays You are correct.

It seems there is a bug in Lagrange here because it sets SNI even with literal addresses. And in fact the Gemini specification only requires SNI when a hostname is being used.

So, I have two bugs to fix here. 😅

😎 flipperzero · Feb 16 at 02:11:

IDK if this is universal, but i've been able to connect to direct IP's over gemini w.o issue. I guess it's a bug as detailed here. Cheers! (Has thought about doing this too, but dont wanna risk fams IP, gonna get a hotspot soon tho so <_<_<_<_<_<_<_<_<_<)

🚀 zorg · Feb 17 at 07:21:

@skyjake So after the bug is fixed, does that mean that it won't be possible to host on a bare IP?

🚀 zorg · Feb 17 at 07:22:

@flipperzero What does fams IP mean?

🕹️ skyjake [mod...] · Feb 17 at 08:41:

@zorg No, it means hosting on a bare IP is better supported since it won't require SNI from the client any more.