Blame

Date:
Message:
readme updates
Actions:
History | Blob | Raw File
  1 b9220ca4 2021-01-11 op # gmid

  2 3e4749f7 2020-10-02 op 

  3 601bc1cc 2021-01-30 op gmid is a Gemini server written with security in mind.  I initially

  4 601bc1cc 2021-01-30 op wrote it to serve static files, but it has grown into a featureful

  5 601bc1cc 2021-01-30 op server that can be used from either the command line to serve local

  6 601bc1cc 2021-01-30 op directories

  7 3e4749f7 2020-10-02 op 

  8 601bc1cc 2021-01-30 op     gmid docs  # serve the directory docs over gemini

  9 3e4749f7 2020-10-02 op 

 10 601bc1cc 2021-01-30 op or as a traditional daemon

 11 3e4749f7 2020-10-02 op 

 12 2f09adb0 2021-01-25 op     gmid -c /etc/gmid.conf

 13 2f09adb0 2021-01-25 op 

 14 2f09adb0 2021-01-25 op 

 15 b9220ca4 2021-01-11 op ## Features

 16 3e4749f7 2020-10-02 op 

 17 601bc1cc 2021-01-30 op (random order)

 18 601bc1cc 2021-01-30 op 

 19 4d2ec6d7 2021-01-13 op  - IRI support (RFC3987)

 20 286c4f40 2021-01-27 op  - punycode support

 21 601bc1cc 2021-01-30 op  - dual stack (IPv4 and IPv6)

 22 601bc1cc 2021-01-30 op  - automatic certificate generation for config-less mode

 23 b9220ca4 2021-01-11 op  - CGI scripts

 24 b9220ca4 2021-01-11 op  - (very) low memory footprint

 25 b9220ca4 2021-01-11 op  - small codebase, easily hackable

 26 b9220ca4 2021-01-11 op  - virtual hosts

 27 286c4f40 2021-01-27 op  - per-location rules

 28 286c4f40 2021-01-27 op  - optional directory listings

 29 286c4f40 2021-01-27 op  - configurable mime types

 30 ea58dab1 2021-01-17 op  - sandboxed by default on OpenBSD, Linux and FreeBSD

 31 0b00962d 2021-01-25 op  - chroot support

 32 3e4749f7 2020-10-02 op 

 33 fab952e1 2020-10-03 op 

 34 b9220ca4 2021-01-11 op ## Drawbacks

 35 3e4749f7 2020-10-02 op 

 36 b9220ca4 2021-01-11 op  - not suited for very busy hosts.  If you receive an high number of

 37 b9220ca4 2021-01-11 op    connection per-second you'd probably want to run multiple gmid

 38 b9220ca4 2021-01-11 op    instances behind relayd/haproxy or a different server.

 39 85dff1f9 2021-01-11 op 

 40 286c4f40 2021-01-27 op 

 41 286c4f40 2021-01-27 op ## Internationalisation (IRIs, UNICODE, punycode, all that stuff)

 42 286c4f40 2021-01-27 op 

 43 286c4f40 2021-01-27 op Even thought the current Gemini specification doesn't mention anything

 44 601bc1cc 2021-01-30 op in this regard, I do think these are important things and so I tried

 45 601bc1cc 2021-01-30 op to implement them in the most user-friendly way I could think of.

 46 286c4f40 2021-01-27 op 

 47 601bc1cc 2021-01-30 op For starters, gmid has full support for IRI (RFC3987 —

 48 22a742e4 2021-01-29 op Internationalized Resource Identifiers).  IRIs are a superset of URIs,

 49 286c4f40 2021-01-27 op so there aren't incompatibilities with URI-only clients.

 50 286c4f40 2021-01-27 op 

 51 601bc1cc 2021-01-30 op There is full support also for punycode.  In theory, the user doesn't

 52 286c4f40 2021-01-27 op even need to know that punycode is a thing.  The hostname in the

 53 601bc1cc 2021-01-30 op configuration file can (and must be) in the decoded form (e.g. `naïve`

 54 601bc1cc 2021-01-30 op and not `xn--nave-6pa`), gmid will do the rest.

 55 286c4f40 2021-01-27 op 

 56 601bc1cc 2021-01-30 op The only missing piece is UNICODE normalisation of the IRI path: gmid

 57 601bc1cc 2021-01-30 op doesn't do that (yet).

 58 286c4f40 2021-01-27 op 

 59 286c4f40 2021-01-27 op 

 60 b9220ca4 2021-01-11 op ## Building

 61 3e4749f7 2020-10-02 op 

 62 42650ade 2021-01-27 op gmid depends on a POSIX libc, OpenSSL/LibreSSL and libtls (provided

 63 42650ade 2021-01-27 op either by LibreSSL or libretls).  At build time, flex and yacc (or GNU

 64 42650ade 2021-01-27 op bison) are also needed.

 65 3e4749f7 2020-10-02 op 

 66 771d8f28 2021-01-17 op The build is as simple as

 67 3e4749f7 2020-10-02 op 

 68 601bc1cc 2021-01-30 op     ./configure

 69 b9220ca4 2021-01-11 op     make

 70 3e4749f7 2020-10-02 op 

 71 8f0da580 2021-01-21 op If the configure scripts fails to pick up something, please open an

 72 f980545b 2021-01-21 op issue or notify me via email.

 73 8f0da580 2021-01-21 op 

 74 771d8f28 2021-01-17 op To install execute:

 75 881a9dd9 2021-01-16 op 

 76 771d8f28 2021-01-17 op     make install

 77 771d8f28 2021-01-17 op 

 78 601bc1cc 2021-01-30 op ### Docker

 79 771d8f28 2021-01-17 op 

 80 601bc1cc 2021-01-30 op If you have trouble installing LibreSSL or libretls, you can use

 81 601bc1cc 2021-01-30 op Docker to build a `gmid` image with:

 82 601bc1cc 2021-01-30 op 

 83 17b09e3c 2021-01-18 op     docker build -t gmid .

 84 17b09e3c 2021-01-18 op 

 85 17b09e3c 2021-01-18 op and then run it with something along the lines of

 86 17b09e3c 2021-01-18 op 

 87 17b09e3c 2021-01-18 op     docker run --rm -it -p 1965:1965 \

 88 6c117838 2021-01-25 op         -v /path/to/gmid.conf:...:ro \

 89 17b09e3c 2021-01-18 op         -v /path/to/docs:/var/gemini \

 90 6c117838 2021-01-25 op         gmid -c .../gmid.conf

 91 17b09e3c 2021-01-18 op 

 92 601bc1cc 2021-01-30 op (ellipses used for brevity)

 93 17b09e3c 2021-01-18 op 

 94 dd8cc7d3 2021-01-22 op ### Local libretls

 95 17b09e3c 2021-01-18 op 

 96 8f0da580 2021-01-21 op This is **NOT** recommended, please try to port LibreSSL/LibreTLS to

 97 8f0da580 2021-01-21 op your distribution of choice or use docker instead.

 98 8f0da580 2021-01-21 op 

 99 601bc1cc 2021-01-30 op However, it's possible to statically-link `gmid` to locally-installed

100 601bc1cc 2021-01-30 op libretls quite easily.  (It's how I test gmid on Fedora, for instance)

101 8f0da580 2021-01-21 op 

102 04397b32 2021-01-21 op Let's say you have compiled and installed libretls in `$LIBRETLS`,

103 8f0da580 2021-01-21 op then you can build `gmid` with

104 8f0da580 2021-01-21 op 

105 04397b32 2021-01-21 op     ./configure CFLAGS="-I$LIBRETLS/include" \

106 45b4aa6e 2021-01-23 op                 LDFLAGS="$LIBRETLS/lib/libtls.a -lssl -lcrypto -lpthread"

107 8f0da580 2021-01-21 op     make

108 8f0da580 2021-01-21 op 

109 dd8cc7d3 2021-01-22 op ### Testing

110 dd8cc7d3 2021-01-22 op 

111 31a4993a 2021-01-23 op Execute

112 dd8cc7d3 2021-01-22 op 

113 dd8cc7d3 2021-01-22 op     make regress

114 dd8cc7d3 2021-01-22 op 

115 601bc1cc 2021-01-30 op to start the suite.  Keep in mind that the regression tests will

116 601bc1cc 2021-01-30 op create files inside the `regress` directory and bind the 10965 port.

117 dd8cc7d3 2021-01-22 op 

118 dd8cc7d3 2021-01-22 op 

119 881a9dd9 2021-01-16 op ## Architecture/Security considerations

120 881a9dd9 2021-01-16 op 

121 881a9dd9 2021-01-16 op gmid is composed by two processes: a listener and an executor.  The

122 881a9dd9 2021-01-16 op listener process is the only one that needs internet access and is

123 881a9dd9 2021-01-16 op sandboxed.  When a CGI script needs to be executed, the executor

124 881a9dd9 2021-01-16 op (outside of the sandbox) sets up a pipe and gives one end to the

125 881a9dd9 2021-01-16 op listener, while the other is bound to the CGI script standard output.

126 909ea500 2021-01-27 op This way, is still possible to execute CGI scripts without

127 601bc1cc 2021-01-30 op restrictions even in the presence of a sandboxed network process.

128 881a9dd9 2021-01-16 op 

129 601bc1cc 2021-01-30 op On OpenBSD, the listener runs with the `stdio recvfd rpath inet`

130 601bc1cc 2021-01-30 op pledges, while the executor has `stdio sendfd proc exec`; both have

131 601bc1cc 2021-01-30 op unveiled only the served directories.

132 881a9dd9 2021-01-16 op 

133 ea58dab1 2021-01-17 op On FreeBSD, the executor process is sandboxed with `capsicum(4)`.

134 d939d0f0 2021-01-17 op 

135 601bc1cc 2021-01-30 op On Linux, a `seccomp(2)` filter is installed in the listener to allow

136 601bc1cc 2021-01-30 op only certain syscalls, see [sandbox.c](sandbox.c) for more information

137 601bc1cc 2021-01-30 op on the BPF program.

138 ea58dab1 2021-01-17 op 

139 ea58dab1 2021-01-17 op In any case, you are invited to run gmid inside some sort of

140 0b00962d 2021-01-25 op container/jail/chroot.