op public repos

Blame

Date:: Thu Apr 4 19:16:33 2024 UTC
Message:: prepare release 2.0.1
Actions:: History | Blob | Raw File
  1 a9092d0e 2024-01-11 op .\" Copyright (c) 2022, 2023, 2024 Omar Polo <op@omarpolo.com>
  2 1595c277 2022-04-07 op .\"
  3 1595c277 2022-04-07 op .\" Permission to use, copy, modify, and distribute this software for any
  4 1595c277 2022-04-07 op .\" purpose with or without fee is hereby granted, provided that the above
  5 1595c277 2022-04-07 op .\" copyright notice and this permission notice appear in all copies.
  6 1595c277 2022-04-07 op .\"
  7 1595c277 2022-04-07 op .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  8 1595c277 2022-04-07 op .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  9 1595c277 2022-04-07 op .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 10 1595c277 2022-04-07 op .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 11 1595c277 2022-04-07 op .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 12 1595c277 2022-04-07 op .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 13 1595c277 2022-04-07 op .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 14 9536c8ca 2024-04-04 op .Dd April 4, 2024
 15 1595c277 2022-04-07 op .Dt GMID.CONF 5
 16 1595c277 2022-04-07 op .Os
 17 1595c277 2022-04-07 op .Sh NAME
 18 1595c277 2022-04-07 op .Nm gmid.conf
 19 1595c277 2022-04-07 op .Nd gmid Gemini server configuration file
 20 1595c277 2022-04-07 op .Sh DESCRIPTION
 21 1595c277 2022-04-07 op .Nm
 22 1595c277 2022-04-07 op is the configuration file format for the
 23 9b15e4c6 2022-09-08 op .Xr gmid 8
 24 1595c277 2022-04-07 op Gemini server.
 25 1595c277 2022-04-07 op .Pp
 26 7edcf2b3 2023-06-24 op The configuration file is divided into the following sections:
 27 7edcf2b3 2023-06-24 op .Bl -tag -width Ds
 28 1595c277 2022-04-07 op .It Sy Macros
 29 1595c277 2022-04-07 op User-defined variables may be defined and used later, simplifying the
 30 1595c277 2022-04-07 op configuration file.
 31 1595c277 2022-04-07 op .It Sy Global Options
 32 1595c277 2022-04-07 op Global settings for
 33 7edcf2b3 2023-06-24 op .Xr gmid 8 .
 34 1595c277 2022-04-07 op .It Sy Types
 35 1595c277 2022-04-07 op Media types and extensions.
 36 36b2905a 2023-10-19 op .It Sy Servers
 37 36b2905a 2023-10-19 op Virtual hosts definition.
 38 1595c277 2022-04-07 op .El
 39 1595c277 2022-04-07 op .Pp
 40 1595c277 2022-04-07 op Within the sections, empty lines are ignored and comments can be put
 41 1595c277 2022-04-07 op anywhere in the file using a hash mark
 42 7edcf2b3 2023-06-24 op .Pq Sq #
 43 1595c277 2022-04-07 op and extend to the end of the current line.
 44 1595c277 2022-04-07 op A boolean is either the symbol
 45 1595c277 2022-04-07 op .Sq on
 46 1595c277 2022-04-07 op or
 47 1595c277 2022-04-07 op .Sq off .
 48 1595c277 2022-04-07 op A string is a sequence of characters wrapped in double quotes,
 49 1595c277 2022-04-07 op .Dq like this .
 50 1595c277 2022-04-07 op Multiple strings one next to the other are joined into a single
 51 1595c277 2022-04-07 op string:
 52 1595c277 2022-04-07 op .Bd -literal -offset indent
 53 1595c277 2022-04-07 op # equivalent to "temporary-failure"
 54 1595c277 2022-04-07 op block return 40 "temporary" "-" "failure"
 55 1595c277 2022-04-07 op .Ed
 56 1595c277 2022-04-07 op .Pp
 57 1595c277 2022-04-07 op Furthermore, quoting is necessary only when a string needs to contain
 58 1595c277 2022-04-07 op special characters
 59 1595c277 2022-04-07 op .Pq like spaces or punctuation ,
 60 1595c277 2022-04-07 op something that looks like a number or a reserved keyword.
 61 1595c277 2022-04-07 op The last example could have been written also as:
 62 1595c277 2022-04-07 op .Bd -literal -offset indent
 63 1595c277 2022-04-07 op block return 40 temporary "-" failure
 64 1595c277 2022-04-07 op .Ed
 65 1595c277 2022-04-07 op .Pp
 66 1595c277 2022-04-07 op Strict ordering of the sections is not enforced, so that is possible
 67 1595c277 2022-04-07 op to mix macros, options and
 68 1595c277 2022-04-07 op .Ic server
 69 1595c277 2022-04-07 op blocks.
 70 1595c277 2022-04-07 op However, defining all the
 71 1595c277 2022-04-07 op .Ic server
 72 1595c277 2022-04-07 op blocks after the macros and the global options is recommended.
 73 1595c277 2022-04-07 op .Pp
 74 1595c277 2022-04-07 op Newlines are often optional, except around top-level instructions, and
 75 1595c277 2022-04-07 op semicolons
 76 1595c277 2022-04-07 op .Dq \&;
 77 1595c277 2022-04-07 op can also be optionally used to separate options.
 78 1595c277 2022-04-07 op .Pp
 79 1595c277 2022-04-07 op Additional configuration files can be included with the
 80 1595c277 2022-04-07 op .Ic include
 81 1595c277 2022-04-07 op keyword, for example:
 82 1595c277 2022-04-07 op .Bd -literal -offset indent
 83 1595c277 2022-04-07 op include "/etc/gmid.conf.local"
 84 1595c277 2022-04-07 op .Ed
 85 1595c277 2022-04-07 op .Ss Macros
 86 1595c277 2022-04-07 op Macros can be defined that will later be expanded in context.
 87 1595c277 2022-04-07 op Macro names must start with a letter, digit or underscore and may
 88 1595c277 2022-04-07 op contain any of those characters.
 89 1595c277 2022-04-07 op Macros names may not be reserved words.
 90 1595c277 2022-04-07 op Macros are not expanded inside quotes.
 91 1595c277 2022-04-07 op .Pp
 92 1595c277 2022-04-07 op Two kinds of macros are supported: variable-like and proper macros.
 93 1595c277 2022-04-07 op When a macro is invoked with a
 94 1595c277 2022-04-07 op .Dq $
 95 1595c277 2022-04-07 op before its name its expanded as a string, whereas when it's invoked
 96 1595c277 2022-04-07 op with a
 97 1595c277 2022-04-07 op .Dq @
 98 1595c277 2022-04-07 op its expanded in-place.
 99 1595c277 2022-04-07 op .Pp
100 1595c277 2022-04-07 op For example:
101 1595c277 2022-04-07 op .Bd -literal -offset indent
102 547437cc 2023-08-01 op ext_ip = "10.0.0.1"
103 1595c277 2022-04-07 op dir = "/var/gemini"
104 1595c277 2022-04-07 op certdir = "/etc/keys"
105 1595c277 2022-04-07 op common = "lang it; auto index on"
106 1595c277 2022-04-07 op 
107 1595c277 2022-04-07 op server "foo" {
108 547437cc 2023-08-01 op 	listen on $ext_ip
109 7edcf2b3 2023-06-24 op 	root $dir "/foo"         # "/var/gemini/foo"
110 7edcf2b3 2023-06-24 op 	cert $certdir "/foo.pem" # "/etc/keys/foo.pem"
111 7edcf2b3 2023-06-24 op 	key  $certdir "/foo.key" # "/etc/keys/foo.key"
112 1595c277 2022-04-07 op 	@common
113 1595c277 2022-04-07 op }
114 1595c277 2022-04-07 op .Ed
115 1595c277 2022-04-07 op .Ss Global Options
116 1595c277 2022-04-07 op .Bl -tag -width 12m
117 1595c277 2022-04-07 op .It Ic chroot Ar path
118 1595c277 2022-04-07 op .Xr chroot 2
119 1595c277 2022-04-07 op the process to the given
120 1595c277 2022-04-07 op .Ar path .
121 1595c277 2022-04-07 op The daemon has to be run with root privileges and thus the option
122 1595c277 2022-04-07 op .Ic user
123 7edcf2b3 2023-06-24 op needs to be provided too, so privileges can be dropped afterwards.
124 0ed763b0 2024-03-03 op All the paths in the configuration file are relative to the chroot
125 0ed763b0 2024-03-03 op directory, except for the
126 7edcf2b3 2023-06-24 op .Ic cert ,
127 0ed763b0 2024-03-03 op .Ic key
128 9f1cce3d 2024-03-03 op and
129 0ed763b0 2024-03-03 op .Ic ocsp
130 7edcf2b3 2023-06-24 op paths.
131 287ab865 2023-06-24 op Defaults to the
132 287ab865 2023-06-24 op .Ic user
133 287ab865 2023-06-24 op home directory, if provided.
134 226f13ec 2023-07-24 op .It Ic log Ar options
135 226f13ec 2023-07-24 op Specify logging options.
136 226f13ec 2023-07-24 op Multiple options may be provided within curly braces.
137 226f13ec 2023-07-24 op The available options are as follows:
138 226f13ec 2023-07-24 op .Bl -tag -width Ds
139 226f13ec 2023-07-24 op .It Ic access Ar file
140 226f13ec 2023-07-24 op Log the requests to
141 226f13ec 2023-07-24 op .Ar file .
142 0ed763b0 2024-03-03 op The path is relative to the
143 4acf495f 2023-07-24 op .Ic chroot .
144 abd261d2 2023-07-25 op .It Ic style Ar style
145 abd261d2 2023-07-25 op Set the logging style, defaults to
146 f23b7087 2023-08-04 op .Ic legacy .
147 abd261d2 2023-07-25 op The
148 abd261d2 2023-07-25 op .Ar style
149 abd261d2 2023-07-25 op can be one of:
150 abd261d2 2023-07-25 op .Bl -tag -width Ds
151 abd261d2 2023-07-25 op .It Ic common
152 abd261d2 2023-07-25 op Attempt to be compatible with the default Apache httpd log format.
153 abd261d2 2023-07-25 op Each line is formatted as follows: the matching host name,
154 abd261d2 2023-07-25 op the remote IP address, one dash
155 abd261d2 2023-07-25 op .Sq - ,
156 abd261d2 2023-07-25 op Common Name of the client certificate
157 abd261d2 2023-07-25 op .Pq if provided, '-' otherwise ,
158 abd261d2 2023-07-25 op the timestamp of the request, the request URI wrapped in double quotes,
159 abd261d2 2023-07-25 op the response code and the size of the response.
160 abd261d2 2023-07-25 op .It Ic combined
161 abd261d2 2023-07-25 op Attempt to be compatible with the default nginx log format.
162 abd261d2 2023-07-25 op Each line is formatted as follows: the remote IP address, one dash
163 abd261d2 2023-07-25 op .Sq - ,
164 abd261d2 2023-07-25 op Common Name of the client certificate
165 abd261d2 2023-07-25 op .Pq if provided, '-' otherwise ,
166 abd261d2 2023-07-25 op the timestamp wrapped in square brackets, the request URI wrapped in
167 abd261d2 2023-07-25 op double quotes, the response code, the size of the response, a dash
168 abd261d2 2023-07-25 op wrapped in double quotes and "".
169 abd261d2 2023-07-25 op The strangness of these two last fields is because Gemini doesn't have
170 abd261d2 2023-07-25 op the notion of the
171 abd261d2 2023-07-25 op .Dq Referer
172 abd261d2 2023-07-25 op header nor the
173 abd261d2 2023-07-25 op .Dq User-agent .
174 a250aff2 2023-08-04 op .\" .It Ic condensed
175 a250aff2 2023-08-04 op .\" The native
176 a250aff2 2023-08-04 op .\" .Xr gmid 8
177 a250aff2 2023-08-04 op .\" format since 2.0.
178 a250aff2 2023-08-04 op .\" Each line is formatted as follows: RFC 3339 date time,
179 a250aff2 2023-08-04 op .\" remote IP address, Common Name of the client certificate
180 a250aff2 2023-08-04 op .\" .Pq if provided, '-' otherwise ,
181 a250aff2 2023-08-04 op .\" the matching host name, the request URI, the size of the request,
182 a250aff2 2023-08-04 op .\" the size of the response, the response code and meta.
183 abd261d2 2023-07-25 op .It Ic legacy
184 abd261d2 2023-07-25 op Each line is formatted as follows: the remote IP address and port, the
185 abd261d2 2023-07-25 op .Sq GET
186 abd261d2 2023-07-25 op keyword, the request URI, the response code and meta.
187 226f13ec 2023-07-24 op .El
188 0c39da51 2023-07-26 op .It Ic syslog Op Ic off
189 0c39da51 2023-07-26 op Log to syslog.
190 0c39da51 2023-07-26 op It is enabled by default, use the
191 0c39da51 2023-07-26 op .Ic off
192 0c39da51 2023-07-26 op argument to disable.
193 9abba172 2023-08-07 op .It Ic syslog facility Ar facility
194 9abba172 2023-08-07 op Log to
195 9abba172 2023-08-07 op .Xr syslog 3
196 9abba172 2023-08-07 op using specified
197 9abba172 2023-08-07 op .Ar facility .
198 9abba172 2023-08-07 op Available facilities are as follows: daemon, ftp, local0 through local7 and
199 9abba172 2023-08-07 op user.
200 9abba172 2023-08-07 op These are case insensitive and can be prefixed with
201 9abba172 2023-08-07 op .Sq LOG_ .
202 9abba172 2023-08-07 op Not all level may be available on all operating systems.
203 9abba172 2023-08-07 op The default facility is
204 9abba172 2023-08-07 op .Ev LOG_DAEMON .
205 abd261d2 2023-07-25 op .El
206 1595c277 2022-04-07 op .It Ic prefork Ar number
207 1595c277 2022-04-07 op Run the specified number of server processes.
208 1595c277 2022-04-07 op This increases the performance and prevents delays when connecting to
209 1595c277 2022-04-07 op a server.
210 7edcf2b3 2023-06-24 op .Xr gmid 8
211 1595c277 2022-04-07 op runs 3 server processes by default.
212 1595c277 2022-04-07 op The maximum number allowed is 16.
213 1595c277 2022-04-07 op .It Ic protocols Ar string
214 1595c277 2022-04-07 op Specify the TLS protocols to enable.
215 1595c277 2022-04-07 op Refer to
216 1595c277 2022-04-07 op .Xr tls_config_parse_protocols 3
217 1595c277 2022-04-07 op for the valid protocol string values.
218 1595c277 2022-04-07 op By default, both TLSv1.3 and TLSv1.2 are enabled.
219 1595c277 2022-04-07 op Use
220 1595c277 2022-04-07 op .Dq tlsv1.3
221 1595c277 2022-04-07 op to enable only TLSv1.3.
222 1595c277 2022-04-07 op .It Ic user Ar string
223 1595c277 2022-04-07 op Run the daemon as the given user.
224 2c079c9e 2023-08-01 op Mandatory if the
225 2c079c9e 2023-08-01 op .Ic chroot
226 2c079c9e 2023-08-01 op option is used.
227 1595c277 2022-04-07 op .El
228 1595c277 2022-04-07 op .Ss Servers
229 1595c277 2022-04-07 op Every virtual host is defined by a
230 1595c277 2022-04-07 op .Ic server
231 1595c277 2022-04-07 op block:
232 1595c277 2022-04-07 op .Bl -tag -width Ds
233 1595c277 2022-04-07 op .It Ic server Ar hostname Brq ...
234 1595c277 2022-04-07 op Match the server name using shell globbing rules.
235 1595c277 2022-04-07 op It can be an explicit name,
236 1595c277 2022-04-07 op .Ar www.example.com ,
237 5bee9bd7 2023-10-20 op or a name including wildcards,
238 1595c277 2022-04-07 op .Ar *.example.com .
239 1595c277 2022-04-07 op .El
240 1595c277 2022-04-07 op .Pp
241 1595c277 2022-04-07 op Followed by a block of options that is enclosed in curly brackets:
242 1595c277 2022-04-07 op .Bl -tag -width Ds
243 1595c277 2022-04-07 op .It Ic alias Ar name
244 1595c277 2022-04-07 op Specify an additional alias
245 1595c277 2022-04-07 op .Ar name
246 1595c277 2022-04-07 op for this server.
247 1595c277 2022-04-07 op .It Ic auto Ic index Ar bool
248 1595c277 2022-04-07 op If no index file is found, automatically generate a directory listing.
249 1595c277 2022-04-07 op Disabled by default.
250 1595c277 2022-04-07 op .It Ic block Op Ic return Ar code Op Ar meta
251 1595c277 2022-04-07 op Send a reply and close the connection;
252 1595c277 2022-04-07 op by default
253 1595c277 2022-04-07 op .Ar code
254 1595c277 2022-04-07 op is 40
255 1595c277 2022-04-07 op and
256 1595c277 2022-04-07 op .Ar meta
257 1595c277 2022-04-07 op is
258 1595c277 2022-04-07 op .Dq temporary failure .
259 1595c277 2022-04-07 op If
260 1595c277 2022-04-07 op .Ar code
261 1595c277 2022-04-07 op is in the 3x range, then
262 1595c277 2022-04-07 op .Ar meta
263 1595c277 2022-04-07 op is mandatory.
264 1595c277 2022-04-07 op Inside
265 1595c277 2022-04-07 op .Ar meta ,
266 1595c277 2022-04-07 op the following special sequences are supported:
267 1595c277 2022-04-07 op .Bl -tag -width Ds -compact
268 1595c277 2022-04-07 op .It \&%\&%
269 1595c277 2022-04-07 op is replaced with a single
270 1595c277 2022-04-07 op .Sq \&% .
271 1595c277 2022-04-07 op .It \&%p
272 1595c277 2022-04-07 op is replaced with the request path.
273 1595c277 2022-04-07 op .It \&%q
274 1595c277 2022-04-07 op is replaced with the query string of the request.
275 1595c277 2022-04-07 op .It \&%P
276 1595c277 2022-04-07 op is replaced with the server port.
277 1595c277 2022-04-07 op .It \&%N
278 1595c277 2022-04-07 op is replaced with the server name.
279 1595c277 2022-04-07 op .El
280 1595c277 2022-04-07 op .It Ic cert Ar file
281 1595c277 2022-04-07 op Path to the certificate to use for this server.
282 1595c277 2022-04-07 op .Ar file
283 1595c277 2022-04-07 op should contain a PEM encoded certificate.
284 1595c277 2022-04-07 op This option is mandatory.
285 9b15e4c6 2022-09-08 op .It Ic default type Ar string
286 9b15e4c6 2022-09-08 op Set the default media type that is used if the media type for a
287 9b15e4c6 2022-09-08 op specified extension is not found.
288 9b15e4c6 2022-09-08 op If not specified, the
289 9b15e4c6 2022-09-08 op .Ic default type
290 9b15e4c6 2022-09-08 op is set to
291 9b15e4c6 2022-09-08 op .Dq application/octet-stream .
292 a1ba9650 2023-07-23 op .It Ic fastcgi Ar option
293 a1ba9650 2023-07-23 op Enable FastCGI instead of serving files.
294 a1ba9650 2023-07-23 op Multiple options may be specified within curly braces.
295 a1ba9650 2023-07-23 op Valid options are:
296 a1ba9650 2023-07-23 op .Bl -tag -width Ds
297 a1ba9650 2023-07-23 op .It Ic param Ar name Cm = Ar value
298 a1ba9650 2023-07-23 op Set the param
299 a1ba9650 2023-07-23 op .Ar name
300 a1ba9650 2023-07-23 op to
301 a1ba9650 2023-07-23 op .Ar value .
302 a1ba9650 2023-07-23 op .It Ic socket Oo Ic tcp Oc Ar socket Oo Cm port Ar port Oc
303 9b15e4c6 2022-09-08 op The
304 9b15e4c6 2022-09-08 op .Ar socket
305 9b15e4c6 2022-09-08 op can either be a UNIX-domain socket or a TCP socket.
306 9b15e4c6 2022-09-08 op If the FastCGI application is listening on a UNIX domain socket,
307 9b15e4c6 2022-09-08 op .Ar socket
308 9b15e4c6 2022-09-08 op is a local path name within the
309 9b15e4c6 2022-09-08 op .Xr chroot 2
310 9b15e4c6 2022-09-08 op root directory of
311 c2bcf6a4 2023-08-03 op .Xr gmid 8 .
312 9b15e4c6 2022-09-08 op Otherwise, the
313 9b15e4c6 2022-09-08 op .Ic tcp
314 9b15e4c6 2022-09-08 op keyword must be provided and
315 9b15e4c6 2022-09-08 op .Ar socket
316 9b15e4c6 2022-09-08 op is interpreted as a hostname or an IP address.
317 9b15e4c6 2022-09-08 op .Ar port
318 9b15e4c6 2022-09-08 op can be either a port number or the name of a service enclosed in
319 9b15e4c6 2022-09-08 op double quotes.
320 9b15e4c6 2022-09-08 op If not specified defaults to 9000.
321 03d671e2 2023-08-08 op .It Ic strip Ar number
322 03d671e2 2023-08-08 op Strip
323 03d671e2 2023-08-08 op .Ar number
324 a9092d0e 2024-01-11 op leading path components from the request URL before splitting it in
325 a9092d0e 2024-01-11 op .Ev SCRIPT_NAME
326 a9092d0e 2024-01-11 op and
327 a9092d0e 2024-01-11 op .Ev PATH_INFO .
328 a1ba9650 2023-07-23 op .El
329 a1ba9650 2023-07-23 op .Pp
330 a1ba9650 2023-07-23 op The FastCGI handler will be given the following variables by default:
331 1595c277 2022-04-07 op .Bl -tag -width 24m
332 e872053b 2023-08-18 op .\" .It Ev GEMINI_DOCUMENT_ROOT
333 e872053b 2023-08-18 op .\" The root directory of the virtual host.
334 1595c277 2022-04-07 op .It Ev GEMINI_URL_PATH
335 e872053b 2023-08-18 op Full path of the request.
336 97b306cb 2022-11-27 op .It Ev GEMINI_SEARCH_STRING
337 97b306cb 2022-11-27 op The decoded
338 97b306cb 2022-11-27 op .Ev QUERY_STRING
339 97b306cb 2022-11-27 op if defined in the request and if it doesn't contain any unencoded
340 97b306cb 2022-11-27 op .Sq =
341 97b306cb 2022-11-27 op characters, otherwise unset.
342 e872053b 2023-08-18 op .It Ev GATEWAY_INTERFACE
343 e872053b 2023-08-18 op .Dq CGI/1.1
344 e872053b 2023-08-18 op .It Ev AUTH_TYPE
345 e872053b 2023-08-18 op The string "Certificate" if the client used a certificate, otherwise
346 e872053b 2023-08-18 op unset.
347 1595c277 2022-04-07 op .It Ev PATH_INFO
348 1595c277 2022-04-07 op The portion of the requested path that is derived from the the IRI
349 e872053b 2023-08-18 op path hierarchy following
350 e872053b 2023-08-18 op .Ev SCRIPT_NAME .
351 1595c277 2022-04-07 op Can be unset.
352 1595c277 2022-04-07 op .It Ev PATH_TRANSLATED
353 1595c277 2022-04-07 op Present if and only if
354 1595c277 2022-04-07 op .Ev PATH_INFO
355 1595c277 2022-04-07 op is set.
356 1595c277 2022-04-07 op It represent the translation of the
357 1595c277 2022-04-07 op .Ev PATH_INFO .
358 1595c277 2022-04-07 op .Nm gmid
359 1595c277 2022-04-07 op builds this by appending the
360 1595c277 2022-04-07 op .Ev PATH_INFO
361 1595c277 2022-04-07 op to the virtual host directory root.
362 1595c277 2022-04-07 op .It Ev QUERY_STRING
363 77718c12 2022-11-27 op The URL-encoded search or parameter string.
364 1595c277 2022-04-07 op .It Ev REMOTE_ADDR , Ev REMOTE_HOST
365 1595c277 2022-04-07 op Textual representation of the client IP.
366 1595c277 2022-04-07 op .It Ev REQUEST_METHOD
367 1595c277 2022-04-07 op This is present only for RFC3875 (CGI) compliance.
368 e872053b 2023-08-18 op It's always set to
369 e872053b 2023-08-18 op .Dq GET .
370 1595c277 2022-04-07 op .It Ev SCRIPT_NAME
371 9b15e4c6 2022-09-08 op The virtual URI path to the script.
372 e872053b 2023-08-18 op Since it's impossible to determine in all cases the correct
373 e872053b 2023-08-18 op .Ev SCRIPT_NAME
374 e872053b 2023-08-18 op programmatically
375 e872053b 2023-08-18 op .Nm gmid
376 e872053b 2023-08-18 op assumes it's the empty string.
377 e872053b 2023-08-18 op It is recommended to manually specify this parameter when serving a
378 e872053b 2023-08-18 op sub-tree of a virtual host via FastCGI.
379 1595c277 2022-04-07 op .It Ev SERVER_NAME
380 1595c277 2022-04-07 op The name of the server
381 1595c277 2022-04-07 op .It Ev SERVER_PORT
382 1595c277 2022-04-07 op The port the server is listening on.
383 1595c277 2022-04-07 op .It Ev SERVER_PROTOCOL
384 1595c277 2022-04-07 op .Dq GEMINI
385 1595c277 2022-04-07 op .It Ev SERVER_SOFTWARE
386 1595c277 2022-04-07 op The name and version of the server, i.e.
387 9536c8ca 2024-04-04 op .Dq gmid/2.0.2
388 1595c277 2022-04-07 op .It Ev REMOTE_USER
389 1595c277 2022-04-07 op The subject of the client certificate if provided, otherwise unset.
390 1595c277 2022-04-07 op .It Ev TLS_CLIENT_ISSUER
391 1595c277 2022-04-07 op The is the issuer of the client certificate if provided, otherwise
392 1595c277 2022-04-07 op unset.
393 1595c277 2022-04-07 op .It Ev TLS_CLIENT_HASH
394 1595c277 2022-04-07 op The hash of the client certificate if provided, otherwise unset.
395 1595c277 2022-04-07 op The format is
396 1595c277 2022-04-07 op .Dq ALGO:HASH .
397 1595c277 2022-04-07 op .It Ev TLS_VERSION
398 1595c277 2022-04-07 op The TLS version negotiated with the peer.
399 1595c277 2022-04-07 op .It Ev TLS_CIPHER
400 1595c277 2022-04-07 op The cipher suite negotiated with the peer.
401 1595c277 2022-04-07 op .It Ev TLS_CIPHER_STRENGTH
402 1595c277 2022-04-07 op The strength in bits for the symmetric cipher that is being used with
403 1595c277 2022-04-07 op the peer.
404 1595c277 2022-04-07 op .It Ev TLS_CLIENT_NOT_AFTER
405 1595c277 2022-04-07 op The time corresponding to the end of the validity period of the peer
406 1595c277 2022-04-07 op certificate in the ISO 8601 format
407 1595c277 2022-04-07 op .Pq e.g. Dq 2021-02-07T20:17:41Z .
408 1595c277 2022-04-07 op .It Ev TLS_CLIENT_NOT_BEFORE
409 1595c277 2022-04-07 op The time corresponding to the start of the validity period of the peer
410 1595c277 2022-04-07 op certificate in the ISO 8601 format.
411 1595c277 2022-04-07 op .El
412 6a8387e5 2023-07-23 op .It Ic fastcgi off
413 6a8387e5 2023-07-23 op Disable FastCGI handling in the current location.
414 a1ba9650 2023-07-23 op .It Ic index Ar string
415 a1ba9650 2023-07-23 op Set the directory index file.
416 a1ba9650 2023-07-23 op If not specified, it defaults to
417 a1ba9650 2023-07-23 op .Pa index.gmi .
418 a1ba9650 2023-07-23 op .It Ic key Ar file
419 a1ba9650 2023-07-23 op Specify the private key to use for this server.
420 a1ba9650 2023-07-23 op .Ar file
421 a1ba9650 2023-07-23 op should contain a PEM encoded private key.
422 a1ba9650 2023-07-23 op This option is mandatory.
423 a1ba9650 2023-07-23 op .It Ic lang Ar string
424 a1ba9650 2023-07-23 op Specify the language tag for the text/gemini content served.
425 a1ba9650 2023-07-23 op If not specified, no
426 a1ba9650 2023-07-23 op .Dq lang
427 a1ba9650 2023-07-23 op parameter will be added in the response.
428 a1ba9650 2023-07-23 op .It Ic listen on Ar address Op Ic port Ar number
429 a1ba9650 2023-07-23 op Set the listen
430 a1ba9650 2023-07-23 op .Ar address
431 a1ba9650 2023-07-23 op and
432 a1ba9650 2023-07-23 op .Ar port
433 a1ba9650 2023-07-23 op which defaults to
434 a1ba9650 2023-07-23 op .Sq 1965 .
435 a1ba9650 2023-07-23 op This statement can be specified multiple times.
436 a1ba9650 2023-07-23 op If
437 a1ba9650 2023-07-23 op .Ar address
438 a1ba9650 2023-07-23 op is
439 a1ba9650 2023-07-23 op .Sq *
440 a1ba9650 2023-07-23 op then
441 a1ba9650 2023-07-23 op .Xr gmid 8
442 a1ba9650 2023-07-23 op will listen on all IPv4 and IPv6 addresses.
443 a1ba9650 2023-07-23 op .Ar 0.0.0.0
444 a1ba9650 2023-07-23 op can be used to listen on all IPv4 addresses and
445 a1ba9650 2023-07-23 op .Ar ::
446 a1ba9650 2023-07-23 op on all IPv6 addresses.
447 a1ba9650 2023-07-23 op .It Ic location Ar path Brq ...
448 a1ba9650 2023-07-23 op Specify server configuration rules for a specific location.
449 a1ba9650 2023-07-23 op .Ar path
450 a1ba9650 2023-07-23 op argument will be matched against the request path with shell globbing
451 a1ba9650 2023-07-23 op rules.
452 a1ba9650 2023-07-23 op In case of multiple location statements in the same context, the first
453 a1ba9650 2023-07-23 op matching location will be put into effect and the later ones ignored.
454 a1ba9650 2023-07-23 op Therefore is advisable to match for more specific paths first and for
455 a1ba9650 2023-07-23 op generic ones later on.
456 a1ba9650 2023-07-23 op A
457 a1ba9650 2023-07-23 op .Ic location
458 a1ba9650 2023-07-23 op section may include most of the server configuration rules
459 a1ba9650 2023-07-23 op except
460 a1ba9650 2023-07-23 op .Ic alias , Ic cert , Ic key , Ic listen , Ic location
461 a1ba9650 2023-07-23 op and
462 a1ba9650 2023-07-23 op .Ic proxy .
463 a1ba9650 2023-07-23 op .It Ic log Ar bool
464 a1ba9650 2023-07-23 op Enable or disable the logging for the current server or location block.
465 1595c277 2022-04-07 op .It Ic ocsp Ar file
466 1595c277 2022-04-07 op Specify an OCSP response to be stapled during TLS handshakes
467 1595c277 2022-04-07 op with this server.
468 1595c277 2022-04-07 op The
469 1595c277 2022-04-07 op .Ar file
470 1595c277 2022-04-07 op should contain a DER-format OCSP response retrieved from an
471 1595c277 2022-04-07 op OCSP server for the
472 1595c277 2022-04-07 op .Ic cert
473 1595c277 2022-04-07 op in use.
474 1595c277 2022-04-07 op If the OCSP response in
475 1595c277 2022-04-07 op .Ar file
476 1595c277 2022-04-07 op is empty, OCSP stapling will not be used.
477 1595c277 2022-04-07 op The default is to not use OCSP stapling.
478 d2da235a 2022-10-05 op .It Ic proxy Oo Cm proto Ar name Oc Oo Cm for-host Ar host Oo Cm port Ar port Oc Oc Brq ...
479 1595c277 2022-04-07 op Set up a reverse proxy.
480 1595c277 2022-04-07 op The optional matching rules
481 1595c277 2022-04-07 op .Cm proto
482 1595c277 2022-04-07 op and
483 1595c277 2022-04-07 op .Cm for-host
484 1595c277 2022-04-07 op can be used to enable proxying only for protocols matching
485 1595c277 2022-04-07 op .Ar name
486 1595c277 2022-04-07 op .Po Dq gemini
487 1595c277 2022-04-07 op by default
488 1595c277 2022-04-07 op .Pc
489 1595c277 2022-04-07 op and/or whose request IRI matches
490 1595c277 2022-04-07 op .Ar host
491 1595c277 2022-04-07 op and
492 1595c277 2022-04-07 op .Ar port
493 1595c277 2022-04-07 op .Pq 1965 by default .
494 1595c277 2022-04-07 op Matching happens using shell globbing rules.
495 1595c277 2022-04-07 op .Pp
496 1595c277 2022-04-07 op In case of multiple matching proxy blocks in the same context, the
497 1595c277 2022-04-07 op first matching proxy will be put into effect and the later ones
498 1595c277 2022-04-07 op ignored.
499 1595c277 2022-04-07 op .Pp
500 1595c277 2022-04-07 op Valid options are:
501 1595c277 2022-04-07 op .Bl -tag -width Ds
502 1595c277 2022-04-07 op .It Ic cert Ar file
503 1595c277 2022-04-07 op Specify the client certificate to use when making requests.
504 1595c277 2022-04-07 op .It Ic key Ar file
505 1595c277 2022-04-07 op Specify the client certificate key to use when making requests.
506 1595c277 2022-04-07 op .It Ic protocols Ar string
507 1595c277 2022-04-07 op Specify the TLS protocols allowed when making remote requests.
508 1595c277 2022-04-07 op Refer to the
509 1595c277 2022-04-07 op .Xr tls_config_parse_protocols 3
510 1595c277 2022-04-07 op function for the valid protocol string values.
511 1595c277 2022-04-07 op By default, both TLSv1.2 and TLSv1.3 are enabled.
512 d2da235a 2022-10-05 op .It Ic relay-to Ar host Op Cm port Ar port
513 1595c277 2022-04-07 op Relay the request to the given
514 1595c277 2022-04-07 op .Ar host
515 1595c277 2022-04-07 op at the given
516 1595c277 2022-04-07 op .Ar port ,
517 1595c277 2022-04-07 op 1965 by default.
518 1595c277 2022-04-07 op This is the only mandatory option in a
519 1595c277 2022-04-07 op .Ic proxy
520 1595c277 2022-04-07 op block.
521 1595c277 2022-04-07 op .It Ic require Ic client Ic ca Ar file
522 1595c277 2022-04-07 op Allow the proxying only from clients that provide a certificate
523 1595c277 2022-04-07 op signed by the CA certificate in
524 1595c277 2022-04-07 op .Ar file .
525 1595c277 2022-04-07 op .It Ic sni Ar hostname
526 1595c277 2022-04-07 op Use the given
527 1595c277 2022-04-07 op .Ar hostname
528 1595c277 2022-04-07 op instead of the one extracted from the
529 1595c277 2022-04-07 op .Ic relay-to
530 1595c277 2022-04-07 op rule for the TLS handshake with the proxied gemini server.
531 1595c277 2022-04-07 op .It Ic use-tls Ar bool
532 1595c277 2022-04-07 op Specify whether to use TLS when connecting to the proxied host.
533 1595c277 2022-04-07 op Enabled by default.
534 1595c277 2022-04-07 op .It Ic verifyname Ar bool
535 1595c277 2022-04-07 op Enable or disable the TLS server name verification.
536 1595c277 2022-04-07 op Enabled by default.
537 1595c277 2022-04-07 op .El
538 1595c277 2022-04-07 op .It Ic root Ar directory
539 1595c277 2022-04-07 op Specify the root directory for this server
540 1595c277 2022-04-07 op .Pq alas the current Dq document root .
541 1595c277 2022-04-07 op It's relative to the chroot if enabled.
542 1595c277 2022-04-07 op .It Ic require Ic client Ic ca Ar path
543 1595c277 2022-04-07 op Allow requests only from clients that provide a certificate signed by
544 1595c277 2022-04-07 op the CA certificate in
545 1595c277 2022-04-07 op .Ar path .
546 1595c277 2022-04-07 op It needs to be a PEM-encoded certificate and it's not relative to the
547 1595c277 2022-04-07 op chroot.
548 1595c277 2022-04-07 op .It Ic strip Ar number
549 1595c277 2022-04-07 op Strip
550 1595c277 2022-04-07 op .Ar number
551 1595c277 2022-04-07 op components from the beginning of the path before doing a lookup in the
552 1595c277 2022-04-07 op root directory.
553 1595c277 2022-04-07 op It's also considered for the
554 1595c277 2022-04-07 op .Ar meta
555 1595c277 2022-04-07 op parameter in the scope of a
556 1595c277 2022-04-07 op .Ic block return .
557 1595c277 2022-04-07 op .El
558 1595c277 2022-04-07 op .Ss Types
559 1595c277 2022-04-07 op The
560 1595c277 2022-04-07 op .Ic types
561 1595c277 2022-04-07 op section must include one or more lines of the following syntax, enclosed
562 1595c277 2022-04-07 op in curly brances:
563 1595c277 2022-04-07 op .Bl -tag -width Ds
564 7edcf2b3 2023-06-24 op .It Ar type Ns / Ns Ar subtype Ar name Op Ar name ...
565 1595c277 2022-04-07 op Set the media
566 1595c277 2022-04-07 op .Ar type
567 1595c277 2022-04-07 op and
568 1595c277 2022-04-07 op .Ar subtype
569 1595c277 2022-04-07 op to the specified extension
570 1595c277 2022-04-07 op .Ar name .
571 1595c277 2022-04-07 op One or more names can be specified per line.
572 1595c277 2022-04-07 op Earch line may end with an optional semicolon.
573 1595c277 2022-04-07 op .It Ic include Ar file
574 1595c277 2022-04-07 op Include types definition from an external file, for example
575 1595c277 2022-04-07 op .Pa /usr/share/misc/mime.types .
576 1595c277 2022-04-07 op .El
577 1595c277 2022-04-07 op .Pp
578 1595c277 2022-04-07 op By default
579 1595c277 2022-04-07 op .Nm gmid
580 5f03bf17 2022-04-08 op uses the following mapping if no
581 5f03bf17 2022-04-08 op .Ic types
582 93cab6dc 2022-04-08 op block is defined:
583 7edcf2b3 2023-06-24 op .Pp
584 1595c277 2022-04-07 op .Bl -tag -offset indent -width 15m -compact
585 1595c277 2022-04-07 op .It application/pdf
586 1595c277 2022-04-07 op pdf
587 1595c277 2022-04-07 op .It image/gif
588 1595c277 2022-04-07 op gif
589 1595c277 2022-04-07 op .It image/jpeg
590 aa6b8cf8 2022-04-08 op jpg jpeg
591 1595c277 2022-04-07 op .It image/png
592 1595c277 2022-04-07 op png
593 1595c277 2022-04-07 op .It image/svg+xml
594 1595c277 2022-04-07 op svg
595 1595c277 2022-04-07 op .It text/gemini
596 1595c277 2022-04-07 op gemini gmi
597 1595c277 2022-04-07 op .It text/markdown
598 1595c277 2022-04-07 op markdown md
599 1595c277 2022-04-07 op .It text/x-patch
600 1595c277 2022-04-07 op diff patch
601 1595c277 2022-04-07 op .It text/xml
602 1595c277 2022-04-07 op xml
603 1595c277 2022-04-07 op .El
604 93cab6dc 2022-04-08 op .Pp
605 93cab6dc 2022-04-08 op As an exception,
606 93cab6dc 2022-04-08 op .Nm gmid
607 93cab6dc 2022-04-08 op uses the MIME type
608 93cab6dc 2022-04-08 op .Ar text/gemini
609 93cab6dc 2022-04-08 op for file extensions
610 93cab6dc 2022-04-08 op .Ar gemini
611 93cab6dc 2022-04-08 op or
612 93cab6dc 2022-04-08 op .Ar gmi
613 93cab6dc 2022-04-08 op if no mapping was found.
614 1595c277 2022-04-07 op .Sh EXAMPLES
615 1595c277 2022-04-07 op The following is an example of a possible configuration for a site
616 1595c277 2022-04-07 op that enables only TLSv1.3, adds the MIME types mapping from
617 1595c277 2022-04-07 op .Pa /usr/share/misc/mime.types
618 1595c277 2022-04-07 op and defines two virtual host:
619 1595c277 2022-04-07 op .Bd -literal -offset indent
620 1595c277 2022-04-07 op protocols "tlsv1.3"
621 1595c277 2022-04-07 op 
622 1595c277 2022-04-07 op types {
623 1595c277 2022-04-07 op 	include "/usr/share/misc/mime.types"
624 1595c277 2022-04-07 op }
625 1595c277 2022-04-07 op 
626 1595c277 2022-04-07 op server "example.com" {
627 7edcf2b3 2023-06-24 op 	listen on * port 1965
628 1595c277 2022-04-07 op 	cert "/etc/ssl/example.com.pem"
629 1595c277 2022-04-07 op 	key  "/etc/ssl/private/example.com.key"
630 1595c277 2022-04-07 op 	root "/var/gemini/example.com"
631 1595c277 2022-04-07 op }
632 1595c277 2022-04-07 op 
633 1595c277 2022-04-07 op server "example.it" {
634 7edcf2b3 2023-06-24 op 	listen on * port 1965
635 1595c277 2022-04-07 op 	cert "/etc/ssl/example.it.pem"
636 1595c277 2022-04-07 op 	key  "/etc/ssl/private/example.it.key"
637 1595c277 2022-04-07 op 	root "/var/gemini/example.it"
638 1595c277 2022-04-07 op 
639 1595c277 2022-04-07 op 	# set the language for text/gemini files
640 1595c277 2022-04-07 op 	lang "it"
641 1595c277 2022-04-07 op }
642 1595c277 2022-04-07 op .Ed
643 1595c277 2022-04-07 op .Pp
644 1595c277 2022-04-07 op Yet another example, showing how to enable a
645 1595c277 2022-04-07 op .Ic chroot
646 1595c277 2022-04-07 op and use
647 1595c277 2022-04-07 op .Ic location
648 1595c277 2022-04-07 op rule
649 1595c277 2022-04-07 op .Bd -literal -offset indent
650 1595c277 2022-04-07 op chroot "/var/gemini"
651 1595c277 2022-04-07 op user "_gmid"
652 1595c277 2022-04-07 op 
653 1595c277 2022-04-07 op server "example.com" {
654 7edcf2b3 2023-06-24 op 	listen on * port 1965
655 7edcf2b3 2023-06-24 op 
656 1595c277 2022-04-07 op 	# absolute paths:
657 1595c277 2022-04-07 op 	cert "/etc/ssl/example.com.pem"
658 1595c277 2022-04-07 op 	key  "/etc/ssl/private/example.com.key"
659 1595c277 2022-04-07 op 
660 1595c277 2022-04-07 op 	# relative to the chroot:
661 1595c277 2022-04-07 op 	root "/example.com"
662 1595c277 2022-04-07 op 
663 1595c277 2022-04-07 op 	location "/static/*" {
664 1595c277 2022-04-07 op 		# load the following rules only for
665 1595c277 2022-04-07 op 		# requests that matches "/static/*"
666 1595c277 2022-04-07 op 
667 1595c277 2022-04-07 op 		auto index on
668 1595c277 2022-04-07 op 		index "index.gemini"
669 161651fa 2023-08-03 op 	}
670 161651fa 2023-08-03 op }
671 161651fa 2023-08-03 op .Ed
672 161651fa 2023-08-03 op .Pp
673 161651fa 2023-08-03 op This shows how to set up a reverse proxy: all request for
674 161651fa 2023-08-03 op .Sq example.com
675 161651fa 2023-08-03 op will be forwarded to 10.0.0.6 transparently.
676 161651fa 2023-08-03 op Proxying establish a new TLS connection, so any client-certificates used
677 161651fa 2023-08-03 op to connect to
678 161651fa 2023-08-03 op .Xr gmid 8
679 161651fa 2023-08-03 op cannot be provided to the proxied server as well.
680 161651fa 2023-08-03 op .Bd -literal -offset indent
681 161651fa 2023-08-03 op server "example.com" {
682 161651fa 2023-08-03 op 	listen on * port 1965
683 161651fa 2023-08-03 op 	cert "/etc/ssl/example.com.pem"
684 161651fa 2023-08-03 op 	key "/etc/ssl/private/example.com.key"
685 161651fa 2023-08-03 op 	proxy {
686 161651fa 2023-08-03 op 		relay-to 10.0.0.6 port 1965
687 1595c277 2022-04-07 op 	}
688 1595c277 2022-04-07 op }
689 1595c277 2022-04-07 op .Ed
690 1595c277 2022-04-07 op .Sh SEE ALSO
691 9b15e4c6 2022-09-08 op .Xr gmid 8 ,
692 1595c277 2022-04-07 op .Xr slowcgi 8
693 1595c277 2022-04-07 op .Sh AUTHORS
694 1595c277 2022-04-07 op .An -nosplit
695 1595c277 2022-04-07 op The
696 1595c277 2022-04-07 op .Nm gmid
697 1595c277 2022-04-07 op program was written by
698 1595c277 2022-04-07 op .An Omar Polo Aq Mt op@omarpolo.com .