Blob

Date:
Message:
mention the %2F caveat
Actions:
History | Blame | Raw File
1 .\" Copyright (c) 2020 Omar Polo <op@omarpolo.com>

2 .\"

3 .\" Permission to use, copy, modify, and distribute this software for any

4 .\" purpose with or without fee is hereby granted, provided that the above

5 .\" copyright notice and this permission notice appear in all copies.

6 .\"

7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

14 .Dd $Mdocdate: October 2 2020$

15 .Dt GMIND 1

16 .Os

17 .Sh NAME

18 .Nm gmid

19 .Nd dead simple zero configuration gemini server

20 .Sh SYNOPSIS

21 .Nm

22 .Bk -words

23 .Op Fl fh

24 .Op Fl c Ar cert.pem

25 .Op Fl d Ar docs

26 .Op Fl k Ar key.pem

27 .Op Fl p Ar port

28 .Op Fl x Ar cgi-bin

29 .Ek

30 .Sh DESCRIPTION

31 .Nm

32 is a very simple and minimal gemini server that can serve static files

33 and execute CGI scripts.

34 .Pp

35 .Nm

36 will strip any sequence of

37 .Pa ../

38 or trailing

39 .Pa ..

40 in the requests made by clients and will refuse to follow symlinks.

41 Furthermore, on

42 .Ox ,

43 .Xr pledge 2

44 and

45 .Xr unveil 2

46 are used to ensure that

47 .Nm

48 dosen't do anything else than read files from the given directory,

49 accept network connections and, optionally, execute CGI scripts.

50 .Pp

51 It should be noted that

52 .Nm

53 is very simple in its implementation, and so it may not be appropriate

54 for serving sites with lots of users.

55 After all, the code is single threaded and use a single process,

56 although it can handle multiple clients at the same time.

57 .Pp

58 If a user request path is a directory,

59 .Nm

60 will try to serve a

61 .Pa index.gmi

62 file inside that directory.

63 .Pp

64 The options are as follows:

65 .Bl -tag -width 12m

66 .It Fl c Ar cert.pem

67 The certificate to use, by default is

68 .Pa cert.pem .

69 .It Fl d Ar docs

70 The root directory to serve.

71 .Nm

72 won't serve any file that is outside that directory.

73 By default is

74 .Pa docs .

75 .It Fl f

76 stays and log in the foreground, do not daemonize the process.

77 .It Fl h

78 Print the usage and exit.

79 .It Fl k Ar key.pem

80 The key for the certificate, by default is

81 .Pa key.pem .

82 .It Fl p Ar port

83 The port to bind to, by default 1965.

84 .It Fl x Ar dir

85 Enable execution of CGI scripts inside the given directory (relative

86 to the document root.)  Cannot be provided more than once.

87 .El

88 .Sh CGI

89 When CGI scripts are enabled for a directory, a request for an

90 executable file will execute it and fed its output to the client.

91 .Pp

92 The CGI scripts will inherit the environment from

93 .Nm

94 with these additional variables set:

95 .Bl -tag -width 18m

96 .It Ev SERVER_SOFTWARE

97 "gmid"

98 .It Ev SERVER_PORT

99 "1965"

100 .It Ev SCRIPT_NAME

101 The (public) path to the script.

102 .It Ev SCRIPT_EXECUTABLE

103 The full path to the executable.

104 .It Ev REQUEST_URI

105 The user request (without the query parameters.)

106 .It Ev REQUEST_RELATIVE

107 The request relative to the script.

108 .It Ev QUERY_STRING

109 The query parameters.

110 .It Ev REMOTE_HOST

111 The remote IP address.

112 .It Ev REMOTE_ADDR

113 The remote IP address.

114 .It Ev DOCUMENT_ROOT

115 The root directory being served, the one provided with the

116 .Ar d

117 parameter to

118 .Nm

119 .It Ev AUTH_TYPE

120 The string "Certificate" if the client used a certificate, otherwise unset.

121 .It Ev REMOTE_USER

122 The subject of the client certificate if provided, otherwise unset.

123 .It Ev TLS_CLIENT_ISSUER

124 The is the issuer of the client certificate if provided, otherwise unset.

125 .It Ev TLS_CLIENT_HASH

126 The hash of the client certificate if provided, otherwise unset.

127 The format is "ALGO:HASH".

128 .El

129 .Pp

130 Let's say you have a script in

131 .Pa /cgi-bin/script

132 and the user request is

133 .Pa /cgi-bin/script/foo/bar?quux .

134 Then

135 .Ev SCRIPT_NAME

136 will be

137 .Pa /cgi-bin/script ,

138 .Ev SCRIPT_EXECUTABLE

139 will be

140 .Pa $DOCUMENT_ROOT/cgi-bin/script ,

141 .Ev REQUEST_URI

142 will be

143 .Pa /cgi-bin/script/foo/bar ,

144 .Ev REQUEST_RELATIVE

145 will be

146 .Pa foo/bar and

147 .Ev QUERY_STRING

148 will be

149 .Ar quux .

150 .Sh EXAMPLES

151 To quickly getting started

152 .Bd -literal -offset indent

153 $ # generate a cert and a key

154 $ openssl req -x509 -newkey rsa:4096 -keyout key.pem \\

155         -out cert.pem -days 365 -nodes

156 $ mkdir docs

157 $ cat <<EOF > docs/index.gmi

158 # Hello world

159 test paragraph...

160 EOF

161 $ gmid -c cert.pem -k key.pem -d docs

162 .Ed

163 .Pp

164 Now you can visit gemini://localhost/ with your preferred gemini

165 client.

166 .Pp

167 To add some CGI scripts, assuming a setup similar to the previous

168 example, you can

169 .Bd -literal -offset indent

170 $ mkdir docs/cgi-bin

171 $ cat <<EOF > docs/cgi-bin/hello-world

172 #!/bin/sh

173 printf "20 text/plain\\r\\n"

174 echo "hello world!"

175 EOF

176 $ gmid -x cgi-bin

177 .Ed

178 .Pp

179 Note that the argument to the

180 .Fl x

181 option is

182 .Pa cgi-bin

183 and not

184 .Pa docs/cgi-bin ,

185 since it's relative to the document root.

186 .Sh CAVEATS

187 .Bl -bullet

188 .It

189 it doesn't support virtual hosts: the host part of the request URL is

190 completely ignored.

191 .It

192 a %2F sequence in the path part is indistinguishable from a literal

193 slash: this is not RFC3986-compliant.

194 .El