use prod certs in container

Dockerfile

@@ -25,4 +25,4 @@ COPY keys ./keys
 
 EXPOSE 8080
 
-CMD ["./main",  "-cert=./keys/cert.crt.pem", "-key=./keys/localhost_key.pem", "-host=0.0.0.0:8080"]
+CMD ["./main",  "-cert=./keys/prod.crt.pem", "-key=./keys/prod_key.pem", "-host=0.0.0.0:8080"]

README.md

@@ -2,8 +2,11 @@
 
 My own little corner of Geminispace. A partner Gemini capsule to my personal website https://travisshears.com
 
-## General Gemini resources
+gemini://travisshears.com/
 
+## General Gemini resources and inspiration
+
+- https://jonathanmh.com/p/mirroring-next-blog-to-gemini/
 - https://bombadillo.colorfield.space/docs/
 - https://github.com/kulak/gemini
 - https://geminiprotocol.net/software/
@@ -11,11 +14,39 @@ My own little corner of Geminispace. A partner Gemini capsule to my personal web
 
 ## Deployment
 
-Goal is selfhost my capsule site on my nomad homelab.
+This capsule is selfhosted on my [Nomad](https://developer.hashicorp.com/nomad)
+backed homelab.
 
+To deploy simply run the `./build.sh` script. That will build the docker image and
+push it to ECR. After that just re-deploy the nomad job and it will run it in the cluster.
 
+### VPC Setup
 
-https://jonathanmh.com/p/mirroring-next-blog-to-gemini/
+The travisshears.com domain points to one of my VPCs. There http traffic after some
+cool ai blocking steps routes to my Astro.js web server running in the homelab.
+The gemini capsule works similarly. To route gemini traffic to the capsule docker container I also use nginx. Here is what the nginx config looks like:
+
+```
+stream {
+    upstream gemini_backend {
+        server homelab:XXXX;
+    }
+
+    server {
+        listen 1965;
+        proxy_pass gemini_backend;
+    }
+}
+```
+
+This uses the [stream module](https://nginx.org/en/docs/stream/ngx_stream_core_module.html)
+which allows for TCP connections to be proxied.
+
+Don't forget to open the firewall port:
+
+```shell
+$ sudo ufw allow 1965/tcp
+```
 
 ## Dev