1 f28d96d3 2021-01-25 op .\" Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 3e4749f7 2020-10-02 op .\" Permission to use, copy, modify, and distribute this software for any
4 3e4749f7 2020-10-02 op .\" purpose with or without fee is hereby granted, provided that the above
5 3e4749f7 2020-10-02 op .\" copyright notice and this permission notice appear in all copies.
7 3e4749f7 2020-10-02 op .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 3e4749f7 2020-10-02 op .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 3e4749f7 2020-10-02 op .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 3e4749f7 2020-10-02 op .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 3e4749f7 2020-10-02 op .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 3e4749f7 2020-10-02 op .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 3e4749f7 2020-10-02 op .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 39a7b611 2021-01-30 op .Dd $Mdocdate: January 30 2021$
19 714685c1 2021-01-30 op .Nd simple and secure Gemini server
24 15902770 2021-01-15 op .Op Fl c Ar config
29 f28d96d3 2021-01-25 op .Op Fl d Pa certs-dir
30 f28d96d3 2021-01-25 op .Op Fl H Ar hostname
31 721e2325 2020-11-18 op .Op Fl p Ar port
32 f28d96d3 2021-01-25 op .Op Fl x Pa cgi
35 3e4749f7 2020-10-02 op .Sh DESCRIPTION
37 b9220ca4 2021-01-11 op is a simple and minimal gemini server that can serve static files and
38 b9220ca4 2021-01-11 op execute CGI scripts.
39 eb699783 2021-01-18 op It can run without a configuration file with a limited set of features
43 3007f565 2021-02-04 op rereads the configuration file when it receives
46 eb699783 2021-01-18 op The options are as follows:
47 f28d96d3 2021-01-25 op .Bl -tag -width 14m
48 eb699783 2021-01-18 op .It Fl c Pa config
49 f28d96d3 2021-01-25 op Specify the configuration file.
51 46af8c6c 2021-01-27 op Stays and logs on the foreground.
53 eb699783 2021-01-18 op Check that the configuration is valid, but don't start the server.
56 eb699783 2021-01-18 op If no configuration file is given,
58 f28d96d3 2021-01-25 op will look for the following options
59 f28d96d3 2021-01-25 op .Bl -tag -width 14m
62 f28d96d3 2021-01-25 op .It Fl d Pa certs-path
63 f28d96d3 2021-01-25 op Directory where certificates for the config-less mode are stored.
65 f28d96d3 2021-01-25 op .Pa $XDG_DATA_HOME/gmid ,
67 f28d96d3 2021-01-25 op .Pa ~/.local/share/gmid .
68 71cf3975 2021-01-25 op .It Fl H Ar hostname
69 f28d96d3 2021-01-25 op The hostname, by default
70 f28d96d3 2021-01-25 op .Ar localhost .
71 f28d96d3 2021-01-25 op Certificates for the given
73 f28d96d3 2021-01-25 op are searched inside the
75 f28d96d3 2021-01-25 op directory given with the
78 714685c1 2021-01-30 op They have the form
79 f28d96d3 2021-01-25 op .Pa hostname.cert.pem
81 f28d96d3 2021-01-25 op .Pa hostname.key.pem .
82 f28d96d3 2021-01-25 op If a certificate and key doesn't exists for a given hostname they
83 714685c1 2021-01-30 op will be automatically generated.
85 fab952e1 2020-10-03 op Print the usage and exit.
86 721e2325 2020-11-18 op .It Fl p Ar port
87 eb699783 2021-01-18 op The port to listen on, by default 1965.
89 8904fa0e 2021-01-27 op Increase the verbosity of the logs.
90 f28d96d3 2021-01-25 op .It Fl x Pa path
91 eb699783 2021-01-18 op Enable execution of CGI scripts.
92 eb699783 2021-01-18 op See the description of the
94 eb699783 2021-01-18 op option in the section
96 eb699783 2021-01-18 op below to learn how
99 eb699783 2021-01-18 op Cannot be provided more than once.
101 f28d96d3 2021-01-25 op The root directory to serve.
102 f28d96d3 2021-01-25 op By default the current working directory is assumed.
104 eb699783 2021-01-18 op .Sh CONFIGURATION FILE
105 eb699783 2021-01-18 op The configuration file is divided into two sections:
106 eb699783 2021-01-18 op .Bl -tag -width xxxx
107 eb699783 2021-01-18 op .It Sy Global Options
108 eb699783 2021-01-18 op Global settings for
110 eb699783 2021-01-18 op .It Sy Servers
111 f28d96d3 2021-01-25 op Virtual hosts definition.
114 eb699783 2021-01-18 op Within the sections, empty lines are ignored and comments can be put
115 eb699783 2021-01-18 op anywhere in the file using a hash mark
117 eb699783 2021-01-18 op and extend to the end of the current line.
118 eb699783 2021-01-18 op A boolean is either the symbol
122 f28d96d3 2021-01-25 op A string is a sequence of characters wrapped in double quotes,
123 f28d96d3 2021-01-25 op .Dq like this .
124 eb699783 2021-01-18 op .Ss Global Options
125 eb699783 2021-01-18 op .Bl -tag -width 12m
126 ae08ec7d 2021-01-25 op .It Ic chroot Pa path
128 ae08ec7d 2021-01-25 op the process to the given
130 ae08ec7d 2021-01-25 op The daemon has to be run with root privileges and thus the option
132 714685c1 2021-01-30 op needs to be provided, so privileges can be dropped.
135 714685c1 2021-01-30 op will enter the chroot after loading the TLS keys, but before opening
136 714685c1 2021-01-30 op the virtual host root directories.
137 714685c1 2021-01-30 op It's recommended to keep the TLS keys outside the chroot.
138 ae08ec7d 2021-01-25 op Future version of
140 ae08ec7d 2021-01-25 op may require this.
141 2b92a447 2021-02-06 op .It Ic ipv6 Ar bool
142 2b92a447 2021-02-06 op Enable or disable IPv6 support.
143 2b92a447 2021-02-06 op By default is off.
144 2b92a447 2021-02-06 op .It Ic mime Ar mime-type Ar file-extension
145 2b92a447 2021-02-06 op Add a mapping for the given
146 2b92a447 2021-02-06 op .Ar file-extension
148 2b92a447 2021-02-06 op .Ar mime-type .
149 2b92a447 2021-02-06 op Both argument are strings.
150 2b92a447 2021-02-06 op .It Ic port Ar portno
151 2b92a447 2021-02-06 op The port to listen on.
152 2b92a447 2021-02-06 op By default is 1965.
153 a709ddf5 2021-02-07 op .It Ic prefork Ar number
154 a709ddf5 2021-02-07 op Run the specified number of server processes.
155 a709ddf5 2021-02-07 op This increases the performance and prevents delays when connecting to
158 a709ddf5 2021-02-07 op runs 3 server processes by default, when not in config-less mode.
159 2b92a447 2021-02-06 op .It Ic protocols Ar string
160 2b92a447 2021-02-06 op Specify the TLS protocols to enable.
162 2b92a447 2021-02-06 op .Xr tls_config_parse_protocols 3
163 2b92a447 2021-02-06 op for the valid protocol string values.
164 2b92a447 2021-02-06 op By default, both TLSv1.3 and TLSv1.2 are enabled.
167 2b92a447 2021-02-06 op to enable only TLSv1.3.
168 ae08ec7d 2021-01-25 op .It Ic user Ar string
169 ae08ec7d 2021-01-25 op Run the daemon as the given user.
172 eb699783 2021-01-18 op Every virtual host is defined by a
175 eb699783 2021-01-18 op .Bl -tag -width Ds
176 eb699783 2021-01-18 op .It Ic server Ar hostname Brq ...
177 75fbb178 2021-01-28 op Match the server name using shell globbing rules.
178 75fbb178 2021-01-28 op This can be an explicit name,
179 de27389e 2021-01-21 op .Ar www.example.com ,
180 de27389e 2021-01-21 op or a name including a wildcards,
181 de27389e 2021-01-21 op .Ar *.example.com .
184 eb699783 2021-01-18 op Followed by a block of options that is enclosed in curly brackets:
185 eb699783 2021-01-18 op .Bl -tag -width Ds
186 2b92a447 2021-02-06 op .It Ic auto Ic index Ar bool
187 2b92a447 2021-02-06 op If no index file is found, automatically generate a directory listing.
188 2b92a447 2021-02-06 op It's disabled by default.
189 2b92a447 2021-02-06 op .It Ic block Op Ic return Ar code Op Ar meta
190 2b92a447 2021-02-06 op Send a reply and close the connection;
196 2b92a447 2021-02-06 op .Dq temporary failure
200 2b92a447 2021-02-06 op is in the 3x range, then
202 2b92a447 2021-02-06 op must be provided.
205 2b92a447 2021-02-06 op the following special sequences are replaced:
206 2b92a447 2021-02-06 op .Bl -tag -compact
208 2b92a447 2021-02-06 op is replaced with a single
211 2b92a447 2021-02-06 op is replaced with the request path.
213 2b92a447 2021-02-06 op is replaced with the query string of the request.
215 2b92a447 2021-02-06 op is replaced with the server port.
217 2b92a447 2021-02-06 op is replaced with the server name.
219 eb699783 2021-01-18 op .It Ic cert Pa file
220 eb699783 2021-01-18 op Path to the certificate to use for this server.
223 eb699783 2021-01-18 op should contain a PEM encoded certificate.
224 eb699783 2021-01-18 op This option is mandatory.
225 eb699783 2021-01-18 op .It Ic cgi Pa path
226 87f2b68b 2021-02-02 op Execute CGI scripts that matches
228 87f2b68b 2021-02-02 op using shell globbing rules.
229 6119e13e 2021-01-19 op .It Ic default type Ar string
230 6119e13e 2021-01-19 op Set the default media type that is used if the media type for a
231 6119e13e 2021-01-19 op specified extension is not found.
232 6119e13e 2021-01-19 op If not specified, the
233 6119e13e 2021-01-19 op .Ic default type
235 6119e13e 2021-01-19 op .Dq application/octet-stream .
236 2b92a447 2021-02-06 op .It Ic entrypoint Pa path
237 2b92a447 2021-02-06 op Make the CGI script at
239 2b92a447 2021-02-06 op .Pq relative to the Ic root No directory
240 2b92a447 2021-02-06 op handle all the requests for the current virtual host
241 2b92a447 2021-02-06 op .It Ic index Ar string
242 2b92a447 2021-02-06 op Set the directory index file.
243 2b92a447 2021-02-06 op If not specified, it defaults to
244 2b92a447 2021-02-06 op .Pa index.gmi .
245 2b92a447 2021-02-06 op .It Ic key Pa file
246 2b92a447 2021-02-06 op Specify the private key to use for this server.
249 2b92a447 2021-02-06 op should contain a PEM encoded private key.
250 2b92a447 2021-02-06 op This option is mandatory.
251 05c23a54 2021-01-19 op .It Ic lang Ar string
252 05c23a54 2021-01-19 op Specify the language tag for the text/gemini content served.
253 05c23a54 2021-01-19 op If not specified, no
255 05c23a54 2021-01-19 op parameter will be added in the response.
256 c8b74339 2021-01-24 op .It Ic location Pa path Brq ...
257 c8b74339 2021-01-24 op Specify server configuration rules for a specific location.
260 c8b74339 2021-01-24 op argument will be matched against the request path with shell globbing
262 6016a593 2021-01-30 op In case of multiple location statements in the same context, the first
263 6016a593 2021-01-30 op matching location will be put into effect and the later ones ignored.
264 6016a593 2021-01-30 op Therefore is advisable to match for more specific paths first and for
265 6016a593 2021-01-30 op generic ones later on.
268 c8b74339 2021-01-24 op section may include most of the server configuration rules
270 2b92a447 2021-02-06 op .Ic cert , Ic key , Ic root , Ic location ,
271 e3ddf390 2021-02-06 op .Ic entrypoint No and Ic cgi .
272 2b92a447 2021-02-06 op .It Ic root Pa directory
273 2b92a447 2021-02-06 op Specify the root directory for this server.
274 2b92a447 2021-02-06 op This option is mandatory.
275 2b92a447 2021-02-06 op It's relative to the chroot, if enabled.
276 6abda252 2021-02-06 op .It Ic strip Ar number
279 6abda252 2021-02-06 op components from the beginning of the path.
280 6abda252 2021-02-06 op It's only considered for the
282 2b92a447 2021-02-06 op parameter in the scope of a
283 6abda252 2021-02-06 op .Ic block return .
286 87f2b68b 2021-02-02 op When a request for an executable file matches the
288 87f2b68b 2021-02-02 op rule, that file will be execute and its output fed to the client.
290 ee655e64 2021-02-01 op The CGI scripts are executed in the directory they reside and inherit
291 a7b9bb4d 2021-01-24 op the environment from
293 0ed56567 2020-11-06 op with these additional variables set:
294 ee655e64 2021-02-01 op .Bl -tag -width 24m
295 28ec6178 2021-01-24 op .It Ev GATEWAY_INTERFACE
297 ee655e64 2021-02-01 op .It Ev GEMINI_DOCUMENT_ROOT
298 ee655e64 2021-02-01 op The root directory of the virtual host.
299 ee655e64 2021-02-01 op .It Ev GEMINI_SCRIPT_FILENAME
300 ee655e64 2021-02-01 op Full path to the CGI script being executed.
301 ee655e64 2021-02-01 op .It Ev GEMINI_URL
302 ee655e64 2021-02-01 op The full IRI of the request.
303 ee655e64 2021-02-01 op .It Ev GEMINI_URL_PATH
304 ee655e64 2021-02-01 op The path of the request.
305 ee655e64 2021-02-01 op .It Ev PATH_INFO
306 ee655e64 2021-02-01 op The portion of the requested path that is derived from the the IRI
307 ee655e64 2021-02-01 op path hierarchy following the part that identifies the script itself.
308 ee655e64 2021-02-01 op Can be unset.
309 ee655e64 2021-02-01 op .It Ev PATH_TRANSLATED
310 ee655e64 2021-02-01 op Present if and only if
311 ee655e64 2021-02-01 op .Ev PATH_INFO
313 ee655e64 2021-02-01 op It represent the translation of the
314 ee655e64 2021-02-01 op .Ev PATH_INFO .
316 ee655e64 2021-02-01 op builds this by appending the
317 ee655e64 2021-02-01 op .Ev PATH_INFO
318 ee655e64 2021-02-01 op to the virtual host directory root.
319 ee655e64 2021-02-01 op .It Ev QUERY_STRING
320 ee655e64 2021-02-01 op The decoded query string.
321 ee655e64 2021-02-01 op .It Ev REMOTE_ADDR , Ev REMOTE_HOST
322 ee655e64 2021-02-01 op Textual representation of the client IP.
323 ee655e64 2021-02-01 op .It Ev REQUEST_METHOD
324 ee655e64 2021-02-01 op This is present only for RFC3875 (CGI) compliance.
325 ee655e64 2021-02-01 op It's always set to the empty string.
326 ee655e64 2021-02-01 op .It Ev SCRIPT_NAME
327 ee655e64 2021-02-01 op The part of the
328 ee655e64 2021-02-01 op .Ev GEMINI_URL_PATH
329 ee655e64 2021-02-01 op that identifies the current CGI script.
330 ee655e64 2021-02-01 op .It Ev SERVER_NAME
331 ee655e64 2021-02-01 op The name of the server
332 ee655e64 2021-02-01 op .It Ev SERVER_PORT
333 ee655e64 2021-02-01 op The port the server is listening on.
334 28ec6178 2021-01-24 op .It Ev SERVER_PROTOCOL
336 0ed56567 2020-11-06 op .It Ev SERVER_SOFTWARE
337 ee655e64 2021-02-01 op The name and version of the server, i.e.
339 677afbd3 2020-12-02 op .It Ev AUTH_TYPE
340 28ec6178 2021-01-24 op The string "Certificate" if the client used a certificate, otherwise
342 677afbd3 2020-12-02 op .It Ev REMOTE_USER
343 677afbd3 2020-12-02 op The subject of the client certificate if provided, otherwise unset.
344 677afbd3 2020-12-02 op .It Ev TLS_CLIENT_ISSUER
345 28ec6178 2021-01-24 op The is the issuer of the client certificate if provided, otherwise
347 677afbd3 2020-12-02 op .It Ev TLS_CLIENT_HASH
348 677afbd3 2020-12-02 op The hash of the client certificate if provided, otherwise unset.
349 ee655e64 2021-02-01 op The format is
350 ee655e64 2021-02-01 op .Dq ALGO:HASH .
354 75fbb178 2021-01-28 op To auto-detect the MIME type of the response
356 75fbb178 2021-01-28 op looks at the file extension and consults its internal table.
357 75fbb178 2021-01-28 op By default the following mappings are loaded, but they can be
358 75fbb178 2021-01-28 op overridden or extended using the
360 75fbb178 2021-01-28 op configuration option.
361 75fbb178 2021-01-28 op If no MIME is found, the value of
362 75fbb178 2021-01-28 op .Ic default type
363 75fbb178 2021-01-28 op matching the file
365 75fbb178 2021-01-28 op will be used, which is
366 75fbb178 2021-01-28 op .Dq application/octet-stream
369 75fbb178 2021-01-28 op .Bl -tag -offset indent -width 14m -compact
370 75fbb178 2021-01-28 op .It gemini, gmi
378 75fbb178 2021-01-28 op .It markdown, md
379 75fbb178 2021-01-28 op text/markdown
381 75fbb178 2021-01-28 op application/pdf
385 75fbb178 2021-01-28 op image/svg+xml
392 f28d96d3 2021-01-25 op Serve the current directory
393 6980aad6 2020-10-02 op .Bd -literal -offset indent
397 f28d96d3 2021-01-25 op To serve the directory
399 f28d96d3 2021-01-25 op and enable CGI scripts inside
400 f28d96d3 2021-01-25 op .Pa docs/cgi ,
402 0ed56567 2020-11-06 op .Bd -literal -offset indent
403 f28d96d3 2021-01-25 op $ mkdir docs/cgi
404 f28d96d3 2021-01-25 op $ cat <<EOF > cgi/hello
406 0ed56567 2020-11-06 op printf "20 text/plain\\r\\n"
407 f28d96d3 2021-01-25 op echo "hello world"
409 f28d96d3 2021-01-25 op $ chmod +x docs/cgi/hello
410 f28d96d3 2021-01-25 op $ gmid -x cgi docs
413 eb699783 2021-01-18 op The following is an example of a possible configuration for a site
414 eb699783 2021-01-18 op that enables only TLSv1.3, adds a mime type for the file extension
415 eb699783 2021-01-18 op "rtf" and defines two virtual host:
416 eb699783 2021-01-18 op .Bd -literal -offset indent
417 eb699783 2021-01-18 op ipv6 on # enable ipv6
419 eb699783 2021-01-18 op protocols "tlsv1.3"
421 eb699783 2021-01-18 op mime "application/rtf" "rtf"
423 eb699783 2021-01-18 op server "example.com" {
424 eb699783 2021-01-18 op cert "/path/to/cert.pem"
425 eb699783 2021-01-18 op key "/path/to/key.pem"
426 eb699783 2021-01-18 op root "/var/gemini/example.com"
429 eb699783 2021-01-18 op server "it.example.com" {
430 eb699783 2021-01-18 op cert "/path/to/cert.pem"
431 eb699783 2021-01-18 op key "/path/to/key.pem"
432 eb699783 2021-01-18 op root "/var/gemini/it.example.com"
433 87f2b68b 2021-02-02 op cgi "/cgi-bin/*"
438 f28d96d3 2021-01-25 op Yet another example, showing how to enable a
443 f28d96d3 2021-01-25 op .Bd -literal -offset indent
444 f28d96d3 2021-01-25 op chroot "/var/gemini"
447 f28d96d3 2021-01-25 op server "example.com" {
448 f28d96d3 2021-01-25 op cert "/path/to/cert.pem"
449 f28d96d3 2021-01-25 op key "/path/to/key.pem"
450 714685c1 2021-01-30 op root "/example.com" # in the /var/gemini chroot
452 4ee08bd1 2021-02-03 op location "/static/*" {
453 f28d96d3 2021-01-25 op auto index on
454 f28d96d3 2021-01-25 op index "index.gemini"
458 ef04b551 2021-01-09 op .Sh ACKNOWLEDGEMENTS
461 eb699783 2021-01-18 op .Dq Flexible and Economical
462 eb699783 2021-01-18 op UTF-8 decoder written by
463 f28d96d3 2021-01-25 op .An Bjoern Hoehrmann .
468 714685c1 2021-01-30 op program was written by
469 714685c1 2021-01-30 op .An Omar Polo Aq Mt op@omarpolo.com .
473 eb699783 2021-01-18 op The root directories of all virtual hosts are opened during the daemon
474 eb699783 2021-01-18 op startup; this means that if a root directory gets deleted and then
477 eb699783 2021-01-18 op won't be able to serve files inside that directory until a restart.
478 eb699783 2021-01-18 op This restriction applies only to the root directories and not their content.
480 714685c1 2021-01-30 op a %2F sequence is indistinguishable from a literal slash: this is not
481 714685c1 2021-01-30 op RFC3986-compliant.
483 714685c1 2021-01-30 op a %00 sequence is treated as invalid character and thus rejected.
