1 .\" Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: January 25 2021$
19 .Nd dead simple zero configuration gemini server
35 is a simple and minimal gemini server that can serve static files and
37 It can run without a configuration file with a limited set of features
39 If a configuration file is given, no other flags shall be given,
46 fully supports IRIs (Internationalized Resource Identifiers, see
49 The options are as follows:
52 Specify the configuration file.
54 Stays and logs on the foreground.
56 Check that the configuration is valid, but don't start the server.
59 If no configuration file is given,
61 will look for the following options
65 .It Fl d Pa certs-path
66 Directory where certificates for the config-less mode are stored.
68 .Pa $XDG_DATA_HOME/gmid ,
70 .Pa ~/.local/share/gmid .
72 The hostname, by default
74 Certificates for the given
76 are searched inside the
78 directory given with the
84 .Pa hostname.key.pem .
85 If a certificate and key doesn't exists for a given hostname they
86 would be automatically generated.
88 Print the usage and exit.
90 The port to listen on, by default 1965.
92 Increase the verbosity of the logs.
94 Enable execution of CGI scripts.
95 See the description of the
103 Cannot be provided more than once.
105 The root directory to serve.
106 By default the current working directory is assumed.
108 .Sh CONFIGURATION FILE
109 The configuration file is divided into two sections:
111 .It Sy Global Options
115 Virtual hosts definition.
118 Within the sections, empty lines are ignored and comments can be put
119 anywhere in the file using a hash mark
121 and extend to the end of the current line.
122 A boolean is either the symbol
126 A string is a sequence of characters wrapped in double quotes,
131 Enable or disable IPv6 support.
133 .It Ic port Ar portno
134 The port to listen on.
136 .It Ic protocols Ar string
137 Specify the TLS protocols to enable.
139 .Xr tls_config_parse_protocols 3
140 for the valid protocol string values.
141 By default, both TLSv1.3 and TLSv1.2 are used.
144 to enable only TLSv1.3.
145 .It Ic mime Ar mime-type Ar file-extension
146 Add a mapping for the given
150 Both argument are strings.
151 .It Ic chroot Pa path
153 the process to the given
155 The daemon has to be run with root privileges and thus the option
157 needs to be provided, so
159 can drop the privileges.
160 Note that they are dropped after loading the TLS keys, so it's
161 recommended to put those outside the chroot.
165 .It Ic user Ar string
166 Run the daemon as the given user.
169 Every virtual host is defined by a
173 .It Ic server Ar hostname Brq ...
174 Match the server name using shell globbing rules. This can be an explicit name,
175 .Ar www.example.com ,
176 or a name including a wildcards,
180 Followed by a block of options that is enclosed in curly brackets:
183 Path to the certificate to use for this server.
186 should contain a PEM encoded certificate.
187 This option is mandatory.
189 Specify the private key to use for this server.
192 should contain a PEM encoded private key.
193 This option is mandatory.
194 .It Ic root Pa directory
195 Specify the root directory for this server.
196 This option is mandatory.
197 It's relative to the chroot, if enabled.
199 Enable the execution of CGI scripts if
201 is a prefix of the user request string.
202 An empty path "" will effectively enable the execution of any file
203 with the executable bit set inside the root directory.
204 .It Ic default type Ar string
205 Set the default media type that is used if the media type for a
206 specified extension is not found.
207 If not specified, the
210 .Dq application/octet-stream .
211 .It Ic lang Ar string
212 Specify the language tag for the text/gemini content served.
215 parameter will be added in the response.
216 .It Ic index Ar string
217 Set the directory index file.
218 If not specified, it defaults to
220 .It Ic auto Ic index Ar bool
221 If no index file is found, automatically generate a directory listing.
222 It's disabled by default.
223 .It Ic location Pa path Brq ...
224 Specify server configuration rules for a specific location.
227 argument will be matched against the request path with shell globbing
229 In case of multiple location statements in the same context, the last
230 matching location will be put into effect.
231 Therefore is advisable to match for a generic paths first and for more
232 specific ones later on.
235 section may include most of the server configuration rules
237 .Ic cert , Ic key , Ic root , Ic location No and Ic CGI .
240 When CGI scripts are enabled for a directory, a request for an
241 executable file will execute it and fed its output to the client.
243 The CGI scripts are executed in the root directory of the virtual
244 host, or in the served directory if run without config, and inherits
247 with these additional variables set:
249 .It Ev GATEWAY_INTERFACE
251 .It Ev SERVER_PROTOCOL
253 .It Ev SERVER_SOFTWARE
259 This variable is not available when operating without a configuration.
261 The (public) path to the script, e.g.
262 .Pa "/cgi-bin/example.cgi"
263 .It Ev SCRIPT_EXECUTABLE
264 The full path to the executable.
266 The user request (without the query parameters.)
267 .It Ev REQUEST_RELATIVE
268 The request relative to the script.
270 The query parameters.
272 The remote IP address.
274 The remote IP address.
276 The root directory being served, the one provided with the
280 or the root directory of the virtual host.
282 The string "Certificate" if the client used a certificate, otherwise
285 The subject of the client certificate if provided, otherwise unset.
286 .It Ev TLS_CLIENT_ISSUER
287 The is the issuer of the client certificate if provided, otherwise
289 .It Ev TLS_CLIENT_HASH
290 The hash of the client certificate if provided, otherwise unset.
291 The format is "ALGO:HASH".
294 Let's say you have a script in
296 and the user request is
297 .Pa /cgi-bin/script/foo/bar?quux .
302 .Ev SCRIPT_EXECUTABLE
304 .Pa $DOCUMENT_ROOT/cgi-bin/script ,
307 .Pa cgi-bin/script/foo/bar ,
316 Serve the current directory
317 .Bd -literal -offset indent
321 To serve the directory
323 and enable CGI scripts inside
326 .Bd -literal -offset indent
328 $ cat <<EOF > cgi/hello
330 printf "20 text/plain\\r\\n"
333 $ chmod +x docs/cgi/hello
337 Note that the argument to the
343 since it's relative to the document root.
345 The following is an example of a possible configuration for a site
346 that enables only TLSv1.3, adds a mime type for the file extension
347 "rtf" and defines two virtual host:
348 .Bd -literal -offset indent
349 ipv6 on # enable ipv6
353 mime "application/rtf" "rtf"
355 server "example.com" {
356 cert "/path/to/cert.pem"
357 key "/path/to/key.pem"
358 root "/var/gemini/example.com"
361 server "it.example.com" {
362 cert "/path/to/cert.pem"
363 key "/path/to/key.pem"
364 root "/var/gemini/it.example.com"
370 Yet another example, showing how to enable a
375 .Bd -literal -offset indent
379 server "example.com" {
380 cert "/path/to/cert.pem"
381 key "/path/to/key.pem"
382 root "/var/gemini/example.com"
384 location "/static/" {
393 .Dq Flexible and Economical
394 UTF-8 decoder written by
395 .An Bjoern Hoehrmann .
399 The root directories of all virtual hosts are opened during the daemon
400 startup; this means that if a root directory gets deleted and then
403 won't be able to serve files inside that directory until a restart.
404 This restriction applies only to the root directories and not their content.
406 a %2F sequence in the path part is indistinguishable from a literal
407 slash: this is not RFC3986-compliant.
409 a %00 sequence either in the path or in the query part is treated as
410 invalid character and thus rejected.