1 .\" Copyright (c) 2020 Omar Polo <op@omarpolo.com>
2 .\"
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
6 .\"
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: October 2 2020$
15 .Dt GMIND 1
16 .Os
17 .Sh NAME
18 .Nm gmid
19 .Nd dead simple zero configuration gemini server
20 .Sh SYNOPSIS
21 .Nm
22 .Bk -words
23 .Op Fl n
24 .Op Fl c Ar config
25 |
26 .Op Fl 6fh
27 .Op Fl C Ar cert
28 .Op Fl d Ar root
29 .Op Fl K Ar key
30 .Op Fl p Ar port
31 .Op Fl x Ar cgi-bin
32 .Ek
33 .Sh DESCRIPTION
34 .Nm
35 is a simple and minimal gemini server that can serve static files and
36 execute CGI scripts.
37 .Pp
38 .Nm
39 won't serve files outside the given directory and won't follow
40 symlinks.
41 Furthermore, on
42 .Ox ,
43 .Xr pledge 2
44 and
45 .Xr unveil 2
46 are used to ensure that
47 .Nm
48 dosen't do anything else than read files from the given directory,
49 accept network connections and, optionally, execute CGI scripts.
50 .Pp
51 .Nm
52 fully supports IRIs (Internationalized Resource Identifiers, see
53 RFC3987).
54 .Pp
55 It should be noted that
56 .Nm
57 is very simple in its implementation, and so it may not be appropriate
58 for serving sites with lots of users.
59 After all, the code is single threaded and use a single process,
60 although it can handle multiple clients at the same time.
61 .Pp
62 If a user request path is a directory,
63 .Nm
64 will try to serve a
65 .Pa index.gmi
66 file inside that directory.
67 .Pp
68 The options are as follows:
69 .Bl -tag -width 12m
70 .It Fl 6
71 Enable IPv6.
72 .It Fl c Ar cert.pem
73 The certificate to use, by default is
74 .Pa cert.pem .
75 .It Fl d Ar docs
76 The root directory to serve.
77 .Nm
78 won't serve any file that is outside that directory.
79 By default is
80 .Pa docs .
81 .It Fl f
82 stays and log in the foreground, do not daemonize the process.
83 .It Fl h
84 Print the usage and exit.
85 .It Fl k Ar key.pem
86 The key for the certificate, by default is
87 .Pa key.pem .
88 .It Fl p Ar port
89 The port to bind to, by default 1965.
90 .It Fl x Ar dir
91 Enable execution of CGI scripts inside the given directory (relative
92 to the document root.)  Cannot be provided more than once.
93 .El
94 .Sh CGI
95 When CGI scripts are enabled for a directory, a request for an
96 executable file will execute it and fed its output to the client.
97 .Pp
98 The CGI scripts will inherit the environment from
99 .Nm
100 with these additional variables set:
101 .Bl -tag -width 18m
102 .It Ev SERVER_SOFTWARE
103 "gmid"
104 .It Ev SERVER_PORT
105 "1965"
106 .It Ev SCRIPT_NAME
107 The (public) path to the script.
108 .It Ev SCRIPT_EXECUTABLE
109 The full path to the executable.
110 .It Ev REQUEST_URI
111 The user request (without the query parameters.)
112 .It Ev REQUEST_RELATIVE
113 The request relative to the script.
114 .It Ev QUERY_STRING
115 The query parameters.
116 .It Ev REMOTE_HOST
117 The remote IP address.
118 .It Ev REMOTE_ADDR
119 The remote IP address.
120 .It Ev DOCUMENT_ROOT
121 The root directory being served, the one provided with the
122 .Ar d
123 parameter to
124 .Nm
125 .It Ev AUTH_TYPE
126 The string "Certificate" if the client used a certificate, otherwise unset.
127 .It Ev REMOTE_USER
128 The subject of the client certificate if provided, otherwise unset.
129 .It Ev TLS_CLIENT_ISSUER
130 The is the issuer of the client certificate if provided, otherwise unset.
131 .It Ev TLS_CLIENT_HASH
132 The hash of the client certificate if provided, otherwise unset.
133 The format is "ALGO:HASH".
134 .El
135 .Pp
136 Let's say you have a script in
137 .Pa /cgi-bin/script
138 and the user request is
139 .Pa /cgi-bin/script/foo/bar?quux .
140 Then
141 .Ev SCRIPT_NAME
142 will be
143 .Pa cgi-bin/script ,
144 .Ev SCRIPT_EXECUTABLE
145 will be
146 .Pa $DOCUMENT_ROOT/cgi-bin/script ,
147 .Ev REQUEST_URI
148 will be
149 .Pa cgi-bin/script/foo/bar ,
150 .Ev REQUEST_RELATIVE
151 will be
152 .Pa foo/bar
153 and
154 .Ev QUERY_STRING
155 will be
156 .Ar quux .
157 .Sh EXAMPLES
158 To quickly getting started
159 .Bd -literal -offset indent
160 $ # generate a cert and a key
161 $ openssl req -x509 -newkey rsa:4096 -keyout key.pem \\
162         -out cert.pem -days 365 -nodes
163 $ mkdir docs
164 $ cat <<EOF > docs/index.gmi
165 # Hello world
166 test paragraph...
167 EOF
168 $ gmid -c cert.pem -k key.pem -d docs
169 .Ed
170 .Pp
171 Now you can visit gemini://localhost/ with your preferred gemini
172 client.
173 .Pp
174 To add some CGI scripts, assuming a setup similar to the previous
175 example, you can
176 .Bd -literal -offset indent
177 $ mkdir docs/cgi-bin
178 $ cat <<EOF > docs/cgi-bin/hello-world
179 #!/bin/sh
180 printf "20 text/plain\\r\\n"
181 echo "hello world!"
182 EOF
183 $ gmid -x cgi-bin
184 .Ed
185 .Pp
186 Note that the argument to the
187 .Fl x
188 option is
189 .Pa cgi-bin
190 and not
191 .Pa docs/cgi-bin ,
192 since it's relative to the document root.
193 .Sh ACKNOWLEDGEMENTS
194 .Nm
195 uses the "Flexible and Economical" UTF-8 decoder written by
196 .An Bjoern Hoehrmann .
197 .Sh CAVEATS
198 .Bl -bullet
199 .It
200 it doesn't support virtual hosts: the host part of the request URL is
201 completely ignored.
202 .It
203 a %2F sequence in the path part is indistinguishable from a literal
204 slash: this is not RFC3986-compliant.
205 .It
206 a %00 sequence either in the path or in the query part is treated as
207 invalid character and thus rejected.
208 .El