Blob


1 .\" Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
2 .\"
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
6 .\"
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: April 7 2022$
15 .Dt GMID 1
16 .Os
17 .Sh NAME
18 .Nm gmid
19 .Nd simple and secure Gemini server
20 .Sh SYNOPSIS
21 .Nm
22 .Bk -words
23 .Op Fl fnv
24 .Op Fl c Ar config
25 .Op Fl D Ar macro Ns = Ns Ar value
26 .Op Fl P Ar pidfile
27 .Ek
28 .Nm
29 .Bk -words
30 .Op Fl 6hVv
31 .Op Fl d Ar certs-dir
32 .Op Fl H Ar hostname
33 .Op Fl p Ar port
34 .Op Ar dir
35 .Ek
36 .Sh DESCRIPTION
37 .Nm
38 is a simple and minimal gemini server that can serve static files,
39 talk to FastCGI applications and act as a gemini reverse proxy.
40 It can run without a configuration file with a limited set of features
41 available.
42 .Pp
43 .Nm
44 rereads the configuration file when it receives
45 .Dv SIGHUP .
46 .Pp
47 The options are as follows:
48 .Bl -tag -width 14m
49 .It Fl c Ar config
50 Specify the configuration file.
51 .It Fl D Ar macro Ns = Ns Ar value
52 Define
53 .Ar macro
54 to be set to
55 .Ar value
56 on the command line.
57 Overrides the definition of
58 .Ar macro
59 in the config file if present.
60 .It Fl f
61 Stays and logs on the foreground.
62 .It Fl n
63 Check that the configuration is valid, but don't start the server.
64 If specified two or more time, dump the configuration in addition to
65 verify it.
66 .It Fl P Ar pidfile
67 Write daemon's pid to the given location.
68 .Ar pidfile
69 will also act as lock: if another process is holding a lock on that
70 file,
71 .Nm
72 will refuse to start.
73 .El
74 .Pp
75 If no configuration file is given,
76 .Nm
77 runs in
78 .Dq config-less mode
79 .Pq i.e. runs in the foreground to serve a directory from the shell
80 and looks for the following options
81 .Bl -tag -width 14m
82 .It Fl 6
83 Enable IPv6.
84 .It Fl d Ar certs-path
85 Directory where certificates for the config-less mode are stored.
86 By default it is
87 .Pa $XDG_DATA_HOME/gmid ,
88 i.e.
89 .Pa ~/.local/share/gmid .
90 .It Fl H Ar hostname
91 The hostname
92 .Po
93 .Ar localhost
94 by default
95 .Pc .
96 Certificates for the given
97 .Ar hostname
98 are searched inside the
99 .Ar certs-dir
100 directory given with the
101 .Fl d
102 option.
103 They have the form
104 .Pa hostname.cert.pem
105 and
106 .Pa hostname.key.pem .
107 If a certificate or a key doesn't exist for a given hostname, they
108 will be generated automatically.
109 .It Fl h , Fl -help
110 Print the usage and exit.
111 .It Fl p Ar port
112 The port to listen on, by default 1965.
113 .It Fl V , Fl -version
114 Print the version and exit.
115 .It Fl v
116 Verbose mode.
117 Multiple
118 .Fl v
119 options increase the verbosity.
120 .It Ar dir
121 The root directory to serve.
122 By default the current working directory is assumed.
123 .El
124 .Sh LOGGING
125 Messages and requests are logged by
126 .Xr syslog 3
127 using the
128 .Dv DAEMON
129 facility or printed on
130 .Em stderr .
131 .Pp
132 Requests are logged with the
133 .Dv NOTICE
134 severity.
135 Each request log entry has the following fields, separated by
136 whitespace:
137 .Pp
138 .Bl -bullet -compact
139 .It
140 Client IP address and the source port number, separated by a colon
141 .It
142 .Sy GET
143 keyword
144 .It
145 Request URL
146 .It
147 Response status
148 .It
149 Response meta
150 .El
151 .Sh EXAMPLES
152 Serve the current directory
153 .Bd -literal -offset indent
154 $ gmid .
155 .Ed
156 .Pp
157 To run
158 .Nm
159 as a deamon a configuration file and a X.509 certificate must be provided.
160 A self-signed certificate, which are commonly used in the Geminispace,
161 can be generated using for e.g.\&
162 .Xr openssl 1 :
163 .Bd -literal -offset indent
164 # openssl req \-x509 \-newkey rsa:4096 \-nodes \e
165 \-keyout /etc/ssl/private/example.com.key \e
166 \-out /etc/ssl/example.com.pem \e
167 \-days 365 \-subj "/CN=example.com"
168 # chmod 600 /etc/ssl/example.com.crt
169 # chmod 600 /etc/ssl/private/example.com.key
170 .Ed
171 .Pp
172 Then
173 .Nm
174 can be started with
175 .Bd -literal -offset indent
176 # gmid -c /etc/gmid.conf
177 .Ed
178 .Sh SEE ALSO
179 .Xr gmid.conf 5
180 .Sh ACKNOWLEDGEMENTS
181 .Nm
182 uses the
183 .Dq Flexible and Economical
184 UTF-8 decoder written by
185 .An Bjoern Hoehrmann .
186 .Sh AUTHORS
187 .An -nosplit
188 The
189 .Nm
190 program was written by
191 .An Omar Polo Aq Mt op@omarpolo.com .
192 .Sh CAVEATS
193 .Bl -bullet
194 .It
195 All the root directories are opened during the daemon startup; if a
196 root directory is deleted and then re-created,
197 .Nm
198 won't be able to serve files inside that directory until a restart.
199 This restriction only applies to the root directories and not their
200 content.
201 .It
202 a %2F sequence is indistinguishable from a literal slash: this is not
203 RFC3986-compliant.
204 .It
205 a %00 sequence is treated as invalid character and thus rejected.
206 .El