Gemini update

Posted on: 27th December 2020

A while ago I sought to solve this mystery - https://fosstodon.org/@thumb/105390819690644320.

https://portal.mozz.us/gemini/simbly.me/ -> πŸ‘Ž
https://proxy.vulpes.one/gemini/simbly.me -> πŸ‘οΈ
https://fn.gkbrk.com/proxy/gemini/simbly.me -> πŸ‘Ž
Amfora and Lagrange -> πŸ‘οΈ 
Rocketeer iOS -> πŸ‘Ž 

Namely, why does my gemini capsule load only on certain proxies and browsers and not all? Nobody had a concrete answer. The server could technically time out because of the nature of the hardware in question, the humble raspberry pi, but I found no plausible answers for the immediate termination of request in Rocketeer app on iOS and other proxies without any visible delay in attempts to connect to the server whatsoever.

The only lead I had was that this request:

openssl s_client -quiet -crlf   \
        -servername simbly.me   \
        -connect simbly.me:1965 \
        | awk '{ print "<= " $0 }'

would give this response:

depth=0 CN = simbly.me, O = simbly.me
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = simbly.me, O = simbly.me
verify return:1

and refuse to move to an error state or a successful one.

The thought of a removing and adding openssl on the pi crossed my mind but given the lack of my technical expertise, I was afraid of breaking the working Arch installation on the server in any attempts to mess with openssl. The IRC channel on envs.net didn’t fetch any response either.

To narrow down the issue, I switched out the Satellite server with Stargazer, regenerated the certificates and one of the proxies started showing results. Buoyed by the lucky stroke, I regenerated the certificates one more time and another proxy showed results. And what was the change in response of the openssl command from above? It finally started timing out with error 59. Rocketeer on iOS also showed some improvement and instead of the DataError, it kept on trying to load my capsule. All this weirdness because the self-signed certificates were acting wonky.

The way Stargazer responded immediately with error 59 and how Satellite never tried to terminate the openssl request, in addition to the proxies handling the new certificates happily, made me wonder whether putting Satellite back on would improve my odds. And did it?

https://portal.mozz.us/gemini/simbly.me/ -> πŸ‘οΈ
https://proxy.vulpes.one/gemini/simbly.me -> πŸ‘οΈ
https://fn.gkbrk.com/proxy/gemini/simbly.me -> πŸ‘οΈ
Amfora and Lagrange -> πŸ‘οΈ 
Rocketeer iOS -> πŸ‘οΈ 

Thumbs up all around!

I still don’t know the root cause except that the self-signed certificates issued on ArchLinux Arm is acting up. Either that or Satellite on ARMv7 is. The openssl request is back to staring indefinitely into the void. I prefer that over immediate termination of requests anyway.

Day 63 - Join Me in #100DaysToOffload

tags: 100daystooffload gemini stargazer satellite selfhosting pi