op public repos

Blame

Date:: Wed Jan 27 23:14:16 2021 UTC
Message:: -v for verbose logging
Actions:: History | Blob | Raw File
  1 f28d96d3 2021-01-25 op .\" Copyright (c) 2021 Omar Polo <op@omarpolo.com>
  2 3e4749f7 2020-10-02 op .\"
  3 3e4749f7 2020-10-02 op .\" Permission to use, copy, modify, and distribute this software for any
  4 3e4749f7 2020-10-02 op .\" purpose with or without fee is hereby granted, provided that the above
  5 3e4749f7 2020-10-02 op .\" copyright notice and this permission notice appear in all copies.
  6 3e4749f7 2020-10-02 op .\"
  7 3e4749f7 2020-10-02 op .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  8 3e4749f7 2020-10-02 op .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  9 3e4749f7 2020-10-02 op .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 10 3e4749f7 2020-10-02 op .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 11 3e4749f7 2020-10-02 op .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 12 3e4749f7 2020-10-02 op .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 13 3e4749f7 2020-10-02 op .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 14 f28d96d3 2021-01-25 op .Dd $Mdocdate: January 25 2021$
 15 3e4749f7 2020-10-02 op .Dt GMIND 1
 16 3e4749f7 2020-10-02 op .Os
 17 3e4749f7 2020-10-02 op .Sh NAME
 18 3e4749f7 2020-10-02 op .Nm gmid
 19 fab952e1 2020-10-03 op .Nd dead simple zero configuration gemini server
 20 3e4749f7 2020-10-02 op .Sh SYNOPSIS
 21 3e4749f7 2020-10-02 op .Nm
 22 3e4749f7 2020-10-02 op .Bk -words
 23 46af8c6c 2021-01-27 op .Op Fl fn
 24 15902770 2021-01-15 op .Op Fl c Ar config
 25 15902770 2021-01-15 op |
 26 8904fa0e 2021-01-27 op .Op Fl 6hv
 27 f28d96d3 2021-01-25 op .Op Fl d Pa certs-dir
 28 f28d96d3 2021-01-25 op .Op Fl H Ar hostname
 29 721e2325 2020-11-18 op .Op Fl p Ar port
 30 f28d96d3 2021-01-25 op .Op Fl x Pa cgi
 31 f28d96d3 2021-01-25 op .Op Pa dir
 32 3e4749f7 2020-10-02 op .Ek
 33 3e4749f7 2020-10-02 op .Sh DESCRIPTION
 34 3e4749f7 2020-10-02 op .Nm
 35 b9220ca4 2021-01-11 op is a simple and minimal gemini server that can serve static files and
 36 b9220ca4 2021-01-11 op execute CGI scripts.
 37 eb699783 2021-01-18 op It can run without a configuration file with a limited set of features
 38 eb699783 2021-01-18 op available.
 39 eb699783 2021-01-18 op If a configuration file is given, no other flags shall be given,
 40 eb699783 2021-01-18 op except for
 41 46af8c6c 2021-01-27 op .Fl f
 42 46af8c6c 2021-01-27 op and
 43 eb699783 2021-01-18 op .Fl n .
 44 3e4749f7 2020-10-02 op .Pp
 45 3e4749f7 2020-10-02 op .Nm
 46 df6ca41d 2020-12-25 op fully supports IRIs (Internationalized Resource Identifiers, see
 47 df6ca41d 2020-12-25 op RFC3987).
 48 df6ca41d 2020-12-25 op .Pp
 49 eb699783 2021-01-18 op The options are as follows:
 50 f28d96d3 2021-01-25 op .Bl -tag -width 14m
 51 eb699783 2021-01-18 op .It Fl c Pa config
 52 f28d96d3 2021-01-25 op Specify the configuration file.
 53 46af8c6c 2021-01-27 op .It Fl f
 54 46af8c6c 2021-01-27 op Stays and logs on the foreground.
 55 eb699783 2021-01-18 op .It Fl n
 56 eb699783 2021-01-18 op Check that the configuration is valid, but don't start the server.
 57 eb699783 2021-01-18 op .El
 58 3e4749f7 2020-10-02 op .Pp
 59 eb699783 2021-01-18 op If no configuration file is given,
 60 fab952e1 2020-10-03 op .Nm
 61 f28d96d3 2021-01-25 op will look for the following options
 62 f28d96d3 2021-01-25 op .Bl -tag -width 14m
 63 85dff1f9 2021-01-11 op .It Fl 6
 64 85dff1f9 2021-01-11 op Enable IPv6.
 65 f28d96d3 2021-01-25 op .It Fl d Pa certs-path
 66 f28d96d3 2021-01-25 op Directory where certificates for the config-less mode are stored.
 67 f28d96d3 2021-01-25 op By default is
 68 f28d96d3 2021-01-25 op .Pa $XDG_DATA_HOME/gmid ,
 69 f28d96d3 2021-01-25 op i.e.
 70 f28d96d3 2021-01-25 op .Pa ~/.local/share/gmid .
 71 71cf3975 2021-01-25 op .It Fl H Ar hostname
 72 f28d96d3 2021-01-25 op The hostname, by default
 73 f28d96d3 2021-01-25 op .Ar localhost .
 74 f28d96d3 2021-01-25 op Certificates for the given
 75 f28d96d3 2021-01-25 op .Ar hostname
 76 f28d96d3 2021-01-25 op are searched inside the
 77 f28d96d3 2021-01-25 op .Pa certs-dir
 78 f28d96d3 2021-01-25 op directory given with the
 79 f28d96d3 2021-01-25 op .Fl d
 80 f28d96d3 2021-01-25 op option.
 81 f28d96d3 2021-01-25 op The have the form
 82 f28d96d3 2021-01-25 op .Pa hostname.cert.pem
 83 f28d96d3 2021-01-25 op and
 84 f28d96d3 2021-01-25 op .Pa hostname.key.pem .
 85 f28d96d3 2021-01-25 op If a certificate and key doesn't exists for a given hostname they
 86 f28d96d3 2021-01-25 op would be automatically generated.
 87 3e4749f7 2020-10-02 op .It Fl h
 88 fab952e1 2020-10-03 op Print the usage and exit.
 89 721e2325 2020-11-18 op .It Fl p Ar port
 90 eb699783 2021-01-18 op The port to listen on, by default 1965.
 91 8904fa0e 2021-01-27 op .It Fl v
 92 8904fa0e 2021-01-27 op Increase the verbosity of the logs.
 93 f28d96d3 2021-01-25 op .It Fl x Pa path
 94 eb699783 2021-01-18 op Enable execution of CGI scripts.
 95 eb699783 2021-01-18 op See the description of the
 96 eb699783 2021-01-18 op .Ic cgi
 97 eb699783 2021-01-18 op .Ic server
 98 eb699783 2021-01-18 op option in the section
 99 eb699783 2021-01-18 op .Sq Servers
100 eb699783 2021-01-18 op below to learn how
101 f28d96d3 2021-01-25 op .Pa path
102 eb699783 2021-01-18 op is processed.
103 eb699783 2021-01-18 op Cannot be provided more than once.
104 f28d96d3 2021-01-25 op .It Pa dir
105 f28d96d3 2021-01-25 op The root directory to serve.
106 f28d96d3 2021-01-25 op By default the current working directory is assumed.
107 3e4749f7 2020-10-02 op .El
108 eb699783 2021-01-18 op .Sh CONFIGURATION FILE
109 eb699783 2021-01-18 op The configuration file is divided into two sections:
110 eb699783 2021-01-18 op .Bl -tag -width xxxx
111 eb699783 2021-01-18 op .It Sy Global Options
112 eb699783 2021-01-18 op Global settings for
113 eb699783 2021-01-18 op .Nm .
114 eb699783 2021-01-18 op .It Sy Servers
115 f28d96d3 2021-01-25 op Virtual hosts definition.
116 eb699783 2021-01-18 op .El
117 eb699783 2021-01-18 op .Pp
118 eb699783 2021-01-18 op Within the sections, empty lines are ignored and comments can be put
119 eb699783 2021-01-18 op anywhere in the file using a hash mark
120 eb699783 2021-01-18 op .Pq Sq # ,
121 eb699783 2021-01-18 op and extend to the end of the current line.
122 eb699783 2021-01-18 op A boolean is either the symbol
123 eb699783 2021-01-18 op .Sq on
124 eb699783 2021-01-18 op or
125 eb699783 2021-01-18 op .Sq off .
126 f28d96d3 2021-01-25 op A string is a sequence of characters wrapped in double quotes,
127 f28d96d3 2021-01-25 op .Dq like this .
128 eb699783 2021-01-18 op .Ss Global Options
129 eb699783 2021-01-18 op .Bl -tag -width 12m
130 eb699783 2021-01-18 op .It Ic ipv6 Ar bool
131 eb699783 2021-01-18 op Enable or disable IPv6 support.
132 eb699783 2021-01-18 op By default is off.
133 eb699783 2021-01-18 op .It Ic port Ar portno
134 eb699783 2021-01-18 op The port to listen on.
135 eb699783 2021-01-18 op By default is 1965.
136 eb699783 2021-01-18 op .It Ic protocols Ar string
137 eb699783 2021-01-18 op Specify the TLS protocols to enable.
138 eb699783 2021-01-18 op Refer to
139 eb699783 2021-01-18 op .Xr tls_config_parse_protocols 3
140 eb699783 2021-01-18 op for the valid protocol string values.
141 eb699783 2021-01-18 op By default, both TLSv1.3 and TLSv1.2 are used.
142 eb699783 2021-01-18 op Use
143 eb699783 2021-01-18 op .Dq tlsv1.3
144 eb699783 2021-01-18 op to enable only TLSv1.3.
145 eb699783 2021-01-18 op .It Ic mime Ar mime-type Ar file-extension
146 eb699783 2021-01-18 op Add a mapping for the given
147 eb699783 2021-01-18 op .Ar file-extension
148 eb699783 2021-01-18 op to the given
149 eb699783 2021-01-18 op .Ar mime-type .
150 eb699783 2021-01-18 op Both argument are strings.
151 ae08ec7d 2021-01-25 op .It Ic chroot Pa path
152 ae08ec7d 2021-01-25 op .Xr chroot 2
153 ae08ec7d 2021-01-25 op the process to the given
154 ae08ec7d 2021-01-25 op .Pa path .
155 ae08ec7d 2021-01-25 op The daemon has to be run with root privileges and thus the option
156 ae08ec7d 2021-01-25 op .Ic user
157 ae08ec7d 2021-01-25 op needs to be provided, so
158 ae08ec7d 2021-01-25 op .Nm
159 ae08ec7d 2021-01-25 op can drop the privileges.
160 ae08ec7d 2021-01-25 op Note that they are dropped after loading the TLS keys, so it's
161 ae08ec7d 2021-01-25 op recommended to put those outside the chroot.
162 ae08ec7d 2021-01-25 op Future version of
163 ae08ec7d 2021-01-25 op .Nm
164 ae08ec7d 2021-01-25 op may require this.
165 ae08ec7d 2021-01-25 op .It Ic user Ar string
166 ae08ec7d 2021-01-25 op Run the daemon as the given user.
167 eb699783 2021-01-18 op .El
168 eb699783 2021-01-18 op .Ss Servers
169 eb699783 2021-01-18 op Every virtual host is defined by a
170 eb699783 2021-01-18 op .Ic server
171 eb699783 2021-01-18 op block:
172 eb699783 2021-01-18 op .Bl -tag -width Ds
173 eb699783 2021-01-18 op .It Ic server Ar hostname Brq ...
174 de27389e 2021-01-21 op Match the server name using shell globbing rules.  This can be an explicit name,
175 de27389e 2021-01-21 op .Ar www.example.com ,
176 de27389e 2021-01-21 op or a name including a wildcards,
177 de27389e 2021-01-21 op .Ar *.example.com .
178 eb699783 2021-01-18 op .El
179 eb699783 2021-01-18 op .Pp
180 eb699783 2021-01-18 op Followed by a block of options that is enclosed in curly brackets:
181 eb699783 2021-01-18 op .Bl -tag -width Ds
182 eb699783 2021-01-18 op .It Ic cert Pa file
183 eb699783 2021-01-18 op Path to the certificate to use for this server.
184 eb699783 2021-01-18 op The
185 eb699783 2021-01-18 op .Pa file
186 eb699783 2021-01-18 op should contain a PEM encoded certificate.
187 eb699783 2021-01-18 op This option is mandatory.
188 eb699783 2021-01-18 op .It Ic key Pa file
189 eb699783 2021-01-18 op Specify the private key to use for this server.
190 eb699783 2021-01-18 op The
191 eb699783 2021-01-18 op .Pa file
192 eb699783 2021-01-18 op should contain a PEM encoded private key.
193 eb699783 2021-01-18 op This option is mandatory.
194 eb699783 2021-01-18 op .It Ic root Pa directory
195 eb699783 2021-01-18 op Specify the root directory for this server.
196 eb699783 2021-01-18 op This option is mandatory.
197 f28d96d3 2021-01-25 op It's relative to the chroot, if enabled.
198 eb699783 2021-01-18 op .It Ic cgi Pa path
199 eb699783 2021-01-18 op Enable the execution of CGI scripts if
200 eb699783 2021-01-18 op .Pa path
201 eb699783 2021-01-18 op is a prefix of the user request string.
202 eb699783 2021-01-18 op An empty path "" will effectively enable the execution of any file
203 eb699783 2021-01-18 op with the executable bit set inside the root directory.
204 6119e13e 2021-01-19 op .It Ic default type Ar string
205 6119e13e 2021-01-19 op Set the default media type that is used if the media type for a
206 6119e13e 2021-01-19 op specified extension is not found.
207 6119e13e 2021-01-19 op If not specified, the
208 6119e13e 2021-01-19 op .Ic default type
209 6119e13e 2021-01-19 op is set to
210 6119e13e 2021-01-19 op .Dq application/octet-stream .
211 05c23a54 2021-01-19 op .It Ic lang Ar string
212 05c23a54 2021-01-19 op Specify the language tag for the text/gemini content served.
213 05c23a54 2021-01-19 op If not specified, no
214 05c23a54 2021-01-19 op .Dq lang
215 05c23a54 2021-01-19 op parameter will be added in the response.
216 e7a2a99b 2021-01-24 op .It Ic index Ar string
217 e7a2a99b 2021-01-24 op Set the directory index file.
218 e7a2a99b 2021-01-24 op If not specified, it defaults to
219 f28d96d3 2021-01-25 op .Pa index.gmi .
220 252908e6 2021-01-24 op .It Ic auto Ic index Ar bool
221 252908e6 2021-01-24 op If no index file is found, automatically generate a directory listing.
222 252908e6 2021-01-24 op It's disabled by default.
223 c8b74339 2021-01-24 op .It Ic location Pa path Brq ...
224 c8b74339 2021-01-24 op Specify server configuration rules for a specific location.
225 c8b74339 2021-01-24 op The
226 c8b74339 2021-01-24 op .Pa path
227 c8b74339 2021-01-24 op argument will be matched against the request path with shell globbing
228 c8b74339 2021-01-24 op rules.
229 c8b74339 2021-01-24 op In case of multiple location statements in the same context, the last
230 c8b74339 2021-01-24 op matching location will be put into effect.
231 c8b74339 2021-01-24 op Therefore is advisable to match for a generic paths first and for more
232 c8b74339 2021-01-24 op specific ones later on.
233 c8b74339 2021-01-24 op A
234 c8b74339 2021-01-24 op .Ic location
235 c8b74339 2021-01-24 op section may include most of the server configuration rules
236 c8b74339 2021-01-24 op except
237 c8b74339 2021-01-24 op .Ic cert , Ic key , Ic root , Ic location No and Ic CGI .
238 eb699783 2021-01-18 op .El
239 72342dc9 2020-11-06 op .Sh CGI
240 0ed56567 2020-11-06 op When CGI scripts are enabled for a directory, a request for an
241 0ed56567 2020-11-06 op executable file will execute it and fed its output to the client.
242 72342dc9 2020-11-06 op .Pp
243 a7b9bb4d 2021-01-24 op The CGI scripts are executed in the root directory of the virtual
244 a7b9bb4d 2021-01-24 op host, or in the served directory if run without config, and inherits
245 a7b9bb4d 2021-01-24 op the environment from
246 0ed56567 2020-11-06 op .Nm
247 0ed56567 2020-11-06 op with these additional variables set:
248 a5d310bc 2020-11-10 op .Bl -tag -width 18m
249 28ec6178 2021-01-24 op .It Ev GATEWAY_INTERFACE
250 28ec6178 2021-01-24 op "CGI/1.1"
251 28ec6178 2021-01-24 op .It Ev SERVER_PROTOCOL
252 28ec6178 2021-01-24 op "GEMINI"
253 0ed56567 2020-11-06 op .It Ev SERVER_SOFTWARE
254 0ed56567 2020-11-06 op "gmid"
255 0ed56567 2020-11-06 op .It Ev SERVER_PORT
256 0ed56567 2020-11-06 op "1965"
257 28ec6178 2021-01-24 op .It Ev SERVER_NAME
258 28ec6178 2021-01-24 op The vhost.
259 28ec6178 2021-01-24 op This variable is not available when operating without a configuration.
260 a5d310bc 2020-11-10 op .It Ev SCRIPT_NAME
261 28ec6178 2021-01-24 op The (public) path to the script, e.g.
262 28ec6178 2021-01-24 op .Pa "/cgi-bin/example.cgi"
263 a5d310bc 2020-11-10 op .It Ev SCRIPT_EXECUTABLE
264 a5d310bc 2020-11-10 op The full path to the executable.
265 a5d310bc 2020-11-10 op .It Ev REQUEST_URI
266 a5d310bc 2020-11-10 op The user request (without the query parameters.)
267 a5d310bc 2020-11-10 op .It Ev REQUEST_RELATIVE
268 a5d310bc 2020-11-10 op The request relative to the script.
269 0ed56567 2020-11-06 op .It Ev QUERY_STRING
270 a5d310bc 2020-11-10 op The query parameters.
271 a5d310bc 2020-11-10 op .It Ev REMOTE_HOST
272 a5d310bc 2020-11-10 op The remote IP address.
273 677afbd3 2020-12-02 op .It Ev REMOTE_ADDR
274 677afbd3 2020-12-02 op The remote IP address.
275 a5d310bc 2020-11-10 op .It Ev DOCUMENT_ROOT
276 a5d310bc 2020-11-10 op The root directory being served, the one provided with the
277 a5d310bc 2020-11-10 op .Ar d
278 a5d310bc 2020-11-10 op parameter to
279 a5d310bc 2020-11-10 op .Nm
280 eb699783 2021-01-18 op or the root directory of the virtual host.
281 677afbd3 2020-12-02 op .It Ev AUTH_TYPE
282 28ec6178 2021-01-24 op The string "Certificate" if the client used a certificate, otherwise
283 28ec6178 2021-01-24 op unset.
284 677afbd3 2020-12-02 op .It Ev REMOTE_USER
285 677afbd3 2020-12-02 op The subject of the client certificate if provided, otherwise unset.
286 677afbd3 2020-12-02 op .It Ev TLS_CLIENT_ISSUER
287 28ec6178 2021-01-24 op The is the issuer of the client certificate if provided, otherwise
288 28ec6178 2021-01-24 op unset.
289 677afbd3 2020-12-02 op .It Ev TLS_CLIENT_HASH
290 677afbd3 2020-12-02 op The hash of the client certificate if provided, otherwise unset.
291 677afbd3 2020-12-02 op The format is "ALGO:HASH".
292 0ed56567 2020-11-06 op .El
293 a5d310bc 2020-11-10 op .Pp
294 a5d310bc 2020-11-10 op Let's say you have a script in
295 a5d310bc 2020-11-10 op .Pa /cgi-bin/script
296 a5d310bc 2020-11-10 op and the user request is
297 a5d310bc 2020-11-10 op .Pa /cgi-bin/script/foo/bar?quux .
298 a5d310bc 2020-11-10 op Then
299 a5d310bc 2020-11-10 op .Ev SCRIPT_NAME
300 a5d310bc 2020-11-10 op will be
301 b9220ca4 2021-01-11 op .Pa cgi-bin/script ,
302 a5d310bc 2020-11-10 op .Ev SCRIPT_EXECUTABLE
303 a5d310bc 2020-11-10 op will be
304 a5d310bc 2020-11-10 op .Pa $DOCUMENT_ROOT/cgi-bin/script ,
305 a5d310bc 2020-11-10 op .Ev REQUEST_URI
306 a5d310bc 2020-11-10 op will be
307 b9220ca4 2021-01-11 op .Pa cgi-bin/script/foo/bar ,
308 a5d310bc 2020-11-10 op .Ev REQUEST_RELATIVE
309 a5d310bc 2020-11-10 op will be
310 b9220ca4 2021-01-11 op .Pa foo/bar
311 b9220ca4 2021-01-11 op and
312 a5d310bc 2020-11-10 op .Ev QUERY_STRING
313 a5d310bc 2020-11-10 op will be
314 a5d310bc 2020-11-10 op .Ar quux .
315 3e4749f7 2020-10-02 op .Sh EXAMPLES
316 f28d96d3 2021-01-25 op Serve the current directory
317 6980aad6 2020-10-02 op .Bd -literal -offset indent
318 f28d96d3 2021-01-25 op $ gmid .
319 6980aad6 2020-10-02 op .Ed
320 3e4749f7 2020-10-02 op .Pp
321 f28d96d3 2021-01-25 op To serve the directory
322 f28d96d3 2021-01-25 op .Pa docs
323 f28d96d3 2021-01-25 op and enable CGI scripts inside
324 f28d96d3 2021-01-25 op .Pa docs/cgi ,
325 f28d96d3 2021-01-25 op you can
326 0ed56567 2020-11-06 op .Bd -literal -offset indent
327 f28d96d3 2021-01-25 op $ mkdir docs/cgi
328 f28d96d3 2021-01-25 op $ cat <<EOF > cgi/hello
329 0ed56567 2020-11-06 op #!/bin/sh
330 0ed56567 2020-11-06 op printf "20 text/plain\\r\\n"
331 f28d96d3 2021-01-25 op echo "hello world"
332 0ed56567 2020-11-06 op EOF
333 f28d96d3 2021-01-25 op $ chmod +x docs/cgi/hello
334 f28d96d3 2021-01-25 op $ gmid -x cgi docs
335 0ed56567 2020-11-06 op .Ed
336 0ed56567 2020-11-06 op .Pp
337 0ed56567 2020-11-06 op Note that the argument to the
338 0ed56567 2020-11-06 op .Fl x
339 0ed56567 2020-11-06 op option is
340 f28d96d3 2021-01-25 op .Pa cgi
341 0ed56567 2020-11-06 op and not
342 f28d96d3 2021-01-25 op .Pa docs/cgi ,
343 a5d310bc 2020-11-10 op since it's relative to the document root.
344 eb699783 2021-01-18 op .Pp
345 eb699783 2021-01-18 op The following is an example of a possible configuration for a site
346 eb699783 2021-01-18 op that enables only TLSv1.3, adds a mime type for the file extension
347 eb699783 2021-01-18 op "rtf" and defines two virtual host:
348 eb699783 2021-01-18 op .Bd -literal -offset indent
349 eb699783 2021-01-18 op ipv6 on		# enable ipv6
350 eb699783 2021-01-18 op 
351 eb699783 2021-01-18 op protocols "tlsv1.3"
352 eb699783 2021-01-18 op 
353 eb699783 2021-01-18 op mime "application/rtf" "rtf"
354 eb699783 2021-01-18 op 
355 eb699783 2021-01-18 op server "example.com" {
356 eb699783 2021-01-18 op 	cert "/path/to/cert.pem"
357 eb699783 2021-01-18 op 	key  "/path/to/key.pem"
358 eb699783 2021-01-18 op 	root "/var/gemini/example.com"
359 eb699783 2021-01-18 op }
360 eb699783 2021-01-18 op 
361 eb699783 2021-01-18 op server "it.example.com" {
362 eb699783 2021-01-18 op 	cert "/path/to/cert.pem"
363 eb699783 2021-01-18 op 	key  "/path/to/key.pem"
364 eb699783 2021-01-18 op 	root "/var/gemini/it.example.com"
365 eb699783 2021-01-18 op 	cgi  "/cgi-bin"
366 de27389e 2021-01-21 op 	lang "it"
367 eb699783 2021-01-18 op }
368 eb699783 2021-01-18 op .Ed
369 f28d96d3 2021-01-25 op .Pp
370 f28d96d3 2021-01-25 op Yet another example, showing how to enable a
371 f28d96d3 2021-01-25 op .Ic chroot
372 f28d96d3 2021-01-25 op and use
373 f28d96d3 2021-01-25 op .Ic location
374 f28d96d3 2021-01-25 op rule
375 f28d96d3 2021-01-25 op .Bd -literal -offset indent
376 f28d96d3 2021-01-25 op chroot "/var/gemini"
377 f28d96d3 2021-01-25 op user "_gmid"
378 f28d96d3 2021-01-25 op 
379 f28d96d3 2021-01-25 op server "example.com" {
380 f28d96d3 2021-01-25 op 	cert "/path/to/cert.pem"
381 f28d96d3 2021-01-25 op 	key  "/path/to/key.pem"
382 f28d96d3 2021-01-25 op 	root "/var/gemini/example.com"
383 f28d96d3 2021-01-25 op 
384 f28d96d3 2021-01-25 op 	location "/static/" {
385 f28d96d3 2021-01-25 op 		auto index on
386 f28d96d3 2021-01-25 op 		index "index.gemini"
387 f28d96d3 2021-01-25 op 	}
388 f28d96d3 2021-01-25 op }
389 f28d96d3 2021-01-25 op .Ed
390 ef04b551 2021-01-09 op .Sh ACKNOWLEDGEMENTS
391 ef04b551 2021-01-09 op .Nm
392 eb699783 2021-01-18 op uses the
393 eb699783 2021-01-18 op .Dq Flexible and Economical
394 eb699783 2021-01-18 op UTF-8 decoder written by
395 f28d96d3 2021-01-25 op .An Bjoern Hoehrmann .
396 3e4749f7 2020-10-02 op .Sh CAVEATS
397 3e4749f7 2020-10-02 op .Bl -bullet
398 3e4749f7 2020-10-02 op .It
399 eb699783 2021-01-18 op The root directories of all virtual hosts are opened during the daemon
400 eb699783 2021-01-18 op startup; this means that if a root directory gets deleted and then
401 eb699783 2021-01-18 op re-created,
402 eb699783 2021-01-18 op .Nm
403 eb699783 2021-01-18 op won't be able to serve files inside that directory until a restart.
404 eb699783 2021-01-18 op This restriction applies only to the root directories and not their content.
405 043acc97 2020-12-25 op .It
406 043acc97 2020-12-25 op a %2F sequence in the path part is indistinguishable from a literal
407 043acc97 2020-12-25 op slash: this is not RFC3986-compliant.
408 00781742 2020-12-25 op .It
409 00781742 2020-12-25 op a %00 sequence either in the path or in the query part is treated as
410 00781742 2020-12-25 op invalid character and thus rejected.
411 3e4749f7 2020-10-02 op .El