Hello, On mer, mag 14 2025, Ludovic Courtès wrote: > Ricardo Wurmus writes: > >> Noé Lopez writes: >> >>> I guess its for style points, which I’m all for. I do think it would >>> be >>> better to set the URL to git.guix.gnu.org/guix/guix.git and just a >>> DNS >>> redirect to codeberg to avoid the extra connection. >> >> I second this. >> >> I think a DNS level redirect would be sufficient. I'd prefer not to >> loop in bayfront for every git connection. > > As I suggested in , I don’t think > that’s possible: the X.509 certificate that codeberg.org serves is for > codeberg.org, not for git.guix.gnu.org, so TLS libraries would report a > host name mismatch. I can confirm it's not possible to use a host name that is not part of the list of hosts in the X.509 certificate, that in this case is the one provided by the codeberg.org web server [1]. The only way to use git.guix.gnu.org is to set up a proxy server with proper TLS termination... and yes: it means that the proxy server is /always/ in the loop. Currently I use haproxy (on Nix, not on Guix) to achieve this kind of configuration but I know it's also possible with nginx (but never done it myself). IMHO setting up a proxy is worth the effort (correct english?), since I see a strategic advantage in having git.guix.gnu.org as an official remote name and the traffic seen by a server under Guix Team control, also for eventual and future load balancing, if needed. I can help if needed, but please keep me in Cc since in this (long) period I seldom follow the mailing lists, sorry. Just my 2 cents :-) Thank you for your work! Gio' [1] unless codeberg.org provides a way to add an alias to a remote _and_ adds that alias to the list of hosts for the certificate... but I doubt since it could quickly become technically hard to manage (is there a limit to the number of extra host names for a certificate?). -- Giovanni Biscuolo Xelera IT Infrastructures