op public repos

Blob

Date:: Thu Jan 28 16:29:06 2021 UTC
Message:: manual improvements & add section about MIME
Actions:: History | Blame | Raw File
1 .\" Copyright (c) 2021 Omar Polo <op@omarpolo.com>
2 .\"
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
6 .\"
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: January 25 2021$
15 .Dt GMIND 1
16 .Os
17 .Sh NAME
18 .Nm gmid
19 .Nd dead simple zero configuration gemini server
20 .Sh SYNOPSIS
21 .Nm
22 .Bk -words
23 .Op Fl fn
24 .Op Fl c Ar config
25 |
26 .Op Fl 6hv
27 .Op Fl d Pa certs-dir
28 .Op Fl H Ar hostname
29 .Op Fl p Ar port
30 .Op Fl x Pa cgi
31 .Op Pa dir
32 .Ek
33 .Sh DESCRIPTION
34 .Nm
35 is a simple and minimal gemini server that can serve static files and
36 execute CGI scripts.
37 It can run without a configuration file with a limited set of features
38 available.
39 If a configuration file is given, no other flags shall be given,
40 except for
41 .Fl f
42 and
43 .Fl n .
44 .Pp
45 .Nm
46 fully supports IRIs (Internationalized Resource Identifiers, see
47 RFC3987).
48 .Pp
49 The options are as follows:
50 .Bl -tag -width 14m
51 .It Fl c Pa config
52 Specify the configuration file.
53 .It Fl f
54 Stays and logs on the foreground.
55 .It Fl n
56 Check that the configuration is valid, but don't start the server.
57 .El
58 .Pp
59 If no configuration file is given,
60 .Nm
61 will look for the following options
62 .Bl -tag -width 14m
63 .It Fl 6
64 Enable IPv6.
65 .It Fl d Pa certs-path
66 Directory where certificates for the config-less mode are stored.
67 By default is
68 .Pa $XDG_DATA_HOME/gmid ,
69 i.e.
70 .Pa ~/.local/share/gmid .
71 .It Fl H Ar hostname
72 The hostname, by default
73 .Ar localhost .
74 Certificates for the given
75 .Ar hostname
76 are searched inside the
77 .Pa certs-dir
78 directory given with the
79 .Fl d
80 option.
81 The have the form
82 .Pa hostname.cert.pem
83 and
84 .Pa hostname.key.pem .
85 If a certificate and key doesn't exists for a given hostname they
86 would be automatically generated.
87 .It Fl h
88 Print the usage and exit.
89 .It Fl p Ar port
90 The port to listen on, by default 1965.
91 .It Fl v
92 Increase the verbosity of the logs.
93 .It Fl x Pa path
94 Enable execution of CGI scripts.
95 See the description of the
96 .Ic cgi
97 .Ic server
98 option in the section
99 .Sq Servers
100 below to learn how
101 .Pa path
102 is processed.
103 Cannot be provided more than once.
104 .It Pa dir
105 The root directory to serve.
106 By default the current working directory is assumed.
107 .El
108 .Sh CONFIGURATION FILE
109 The configuration file is divided into two sections:
110 .Bl -tag -width xxxx
111 .It Sy Global Options
112 Global settings for
113 .Nm .
114 .It Sy Servers
115 Virtual hosts definition.
116 .El
117 .Pp
118 Within the sections, empty lines are ignored and comments can be put
119 anywhere in the file using a hash mark
120 .Pq Sq # ,
121 and extend to the end of the current line.
122 A boolean is either the symbol
123 .Sq on
124 or
125 .Sq off .
126 A string is a sequence of characters wrapped in double quotes,
127 .Dq like this .
128 .Ss Global Options
129 .Bl -tag -width 12m
130 .It Ic ipv6 Ar bool
131 Enable or disable IPv6 support.
132 By default is off.
133 .It Ic port Ar portno
134 The port to listen on.
135 By default is 1965.
136 .It Ic protocols Ar string
137 Specify the TLS protocols to enable.
138 Refer to
139 .Xr tls_config_parse_protocols 3
140 for the valid protocol string values.
141 By default, both TLSv1.3 and TLSv1.2 are used.
142 Use
143 .Dq tlsv1.3
144 to enable only TLSv1.3.
145 .It Ic mime Ar mime-type Ar file-extension
146 Add a mapping for the given
147 .Ar file-extension
148 to the given
149 .Ar mime-type .
150 Both argument are strings.
151 .It Ic chroot Pa path
152 .Xr chroot 2
153 the process to the given
154 .Pa path .
155 The daemon has to be run with root privileges and thus the option
156 .Ic user
157 needs to be provided, so
158 .Nm
159 can drop the privileges.
160 Note that they are dropped after loading the TLS keys, so it's
161 recommended to put those outside the chroot.
162 Future version of
163 .Nm
164 may require this.
165 .It Ic user Ar string
166 Run the daemon as the given user.
167 .El
168 .Ss Servers
169 Every virtual host is defined by a
170 .Ic server
171 block:
172 .Bl -tag -width Ds
173 .It Ic server Ar hostname Brq ...
174 Match the server name using shell globbing rules.
175 This can be an explicit name,
176 .Ar www.example.com ,
177 or a name including a wildcards,
178 .Ar *.example.com .
179 .El
180 .Pp
181 Followed by a block of options that is enclosed in curly brackets:
182 .Bl -tag -width Ds
183 .It Ic cert Pa file
184 Path to the certificate to use for this server.
185 The
186 .Pa file
187 should contain a PEM encoded certificate.
188 This option is mandatory.
189 .It Ic key Pa file
190 Specify the private key to use for this server.
191 The
192 .Pa file
193 should contain a PEM encoded private key.
194 This option is mandatory.
195 .It Ic root Pa directory
196 Specify the root directory for this server.
197 This option is mandatory.
198 It's relative to the chroot, if enabled.
199 .It Ic cgi Pa path
200 Enable the execution of CGI scripts if
201 .Pa path
202 is a prefix of the user request string.
203 An empty path "" will effectively enable the execution of any file
204 with the executable bit set inside the root directory.
205 .It Ic default type Ar string
206 Set the default media type that is used if the media type for a
207 specified extension is not found.
208 If not specified, the
209 .Ic default type
210 is set to
211 .Dq application/octet-stream .
212 .It Ic lang Ar string
213 Specify the language tag for the text/gemini content served.
214 If not specified, no
215 .Dq lang
216 parameter will be added in the response.
217 .It Ic index Ar string
218 Set the directory index file.
219 If not specified, it defaults to
220 .Pa index.gmi .
221 .It Ic auto Ic index Ar bool
222 If no index file is found, automatically generate a directory listing.
223 It's disabled by default.
224 .It Ic location Pa path Brq ...
225 Specify server configuration rules for a specific location.
226 The
227 .Pa path
228 argument will be matched against the request path with shell globbing
229 rules.
230 In case of multiple location statements in the same context, the last
231 matching location will be put into effect.
232 Therefore is advisable to match for a generic paths first and for more
233 specific ones later on.
234 A
235 .Ic location
236 section may include most of the server configuration rules
237 except
238 .Ic cert , Ic key , Ic root , Ic location No and Ic CGI .
239 .El
240 .Sh CGI
241 When CGI scripts are enabled for a directory, a request for an
242 executable file will execute it and fed its output to the client.
243 .Pp
244 The CGI scripts are executed in the root directory of the virtual
245 host, or in the served directory if run without config, and inherits
246 the environment from
247 .Nm
248 with these additional variables set:
249 .Bl -tag -width 18m
250 .It Ev GATEWAY_INTERFACE
251 "CGI/1.1"
252 .It Ev SERVER_PROTOCOL
253 "GEMINI"
254 .It Ev SERVER_SOFTWARE
255 "gmid"
256 .It Ev SERVER_PORT
257 "1965"
258 .It Ev SERVER_NAME
259 The vhost.
260 This variable is not available when operating without a configuration.
261 .It Ev SCRIPT_NAME
262 The (public) path to the script, e.g.
263 .Pa "/cgi-bin/example.cgi"
264 .It Ev SCRIPT_EXECUTABLE
265 The full path to the executable.
266 .It Ev REQUEST_URI
267 The user request (without the query parameters.)
268 .It Ev REQUEST_RELATIVE
269 The request relative to the script.
270 .It Ev QUERY_STRING
271 The query parameters.
272 .It Ev REMOTE_HOST
273 The remote IP address.
274 .It Ev REMOTE_ADDR
275 The remote IP address.
276 .It Ev DOCUMENT_ROOT
277 The root directory being served, the one provided with the
278 .Ar d
279 parameter to
280 .Nm
281 or the root directory of the virtual host.
282 .It Ev AUTH_TYPE
283 The string "Certificate" if the client used a certificate, otherwise
284 unset.
285 .It Ev REMOTE_USER
286 The subject of the client certificate if provided, otherwise unset.
287 .It Ev TLS_CLIENT_ISSUER
288 The is the issuer of the client certificate if provided, otherwise
289 unset.
290 .It Ev TLS_CLIENT_HASH
291 The hash of the client certificate if provided, otherwise unset.
292 The format is "ALGO:HASH".
293 .El
294 .Pp
295 Let's say you have a script in
296 .Pa /cgi-bin/script
297 and the user request is
298 .Pa /cgi-bin/script/foo/bar?quux .
299 Then
300 .Ev SCRIPT_NAME
301 will be
302 .Pa cgi-bin/script ,
303 .Ev SCRIPT_EXECUTABLE
304 will be
305 .Pa $DOCUMENT_ROOT/cgi-bin/script ,
306 .Ev REQUEST_URI
307 will be
308 .Pa cgi-bin/script/foo/bar ,
309 .Ev REQUEST_RELATIVE
310 will be
311 .Pa foo/bar
312 and
313 .Ev QUERY_STRING
314 will be
315 .Ar quux .
316 .Sh MIME
317 To auto-detect the MIME type of the response
318 .Nm
319 looks at the file extension and consults its internal table.
320 By default the following mappings are loaded, but they can be
321 overridden or extended using the
322 .Ic mime
323 configuration option.
324 If no MIME is found, the value of
325 .Ic default type
326 matching the file
327 .Ic location
328 will be used, which is
329 .Dq application/octet-stream
330 by default.
331 .Pp
332 .Bl -tag -offset indent -width 14m -compact
333 .It gemini, gmi
334 text/gemini
335 .It gif
336 image/gif
337 .It jpeg
338 image/jpeg
339 .It jpg
340 image/jpeg
341 .It markdown, md
342 text/markdown
343 .It pdf
344 application/pdf
345 .It png
346 image/png
347 .It svg
348 image/svg+xml
349 .It txt
350 text/plain
351 .It xml
352 text/xml
353 .El
354 .Sh EXAMPLES
355 Serve the current directory
356 .Bd -literal -offset indent
357 $ gmid .
358 .Ed
359 .Pp
360 To serve the directory
361 .Pa docs
362 and enable CGI scripts inside
363 .Pa docs/cgi ,
364 you can
365 .Bd -literal -offset indent
366 $ mkdir docs/cgi
367 $ cat <<EOF > cgi/hello
368 #!/bin/sh
369 printf "20 text/plain\\r\\n"
370 echo "hello world"
371 EOF
372 $ chmod +x docs/cgi/hello
373 $ gmid -x cgi docs
374 .Ed
375 .Pp
376 Note that the argument to the
377 .Fl x
378 option is
379 .Pa cgi
380 and not
381 .Pa docs/cgi ,
382 since it's relative to the document root.
383 .Pp
384 The following is an example of a possible configuration for a site
385 that enables only TLSv1.3, adds a mime type for the file extension
386 "rtf" and defines two virtual host:
387 .Bd -literal -offset indent
388 ipv6 on		# enable ipv6
389 
390 protocols "tlsv1.3"
391 
392 mime "application/rtf" "rtf"
393 
394 server "example.com" {
395 	cert "/path/to/cert.pem"
396 	key  "/path/to/key.pem"
397 	root "/var/gemini/example.com"
398 }
399 
400 server "it.example.com" {
401 	cert "/path/to/cert.pem"
402 	key  "/path/to/key.pem"
403 	root "/var/gemini/it.example.com"
404 	cgi  "/cgi-bin"
405 	lang "it"
406 }
407 .Ed
408 .Pp
409 Yet another example, showing how to enable a
410 .Ic chroot
411 and use
412 .Ic location
413 rule
414 .Bd -literal -offset indent
415 chroot "/var/gemini"
416 user "_gmid"
417 
418 server "example.com" {
419 	cert "/path/to/cert.pem"
420 	key  "/path/to/key.pem"
421 	root "/var/gemini/example.com"
422 
423 	location "/static/" {
424 		auto index on
425 		index "index.gemini"
426 	}
427 }
428 .Ed
429 .Sh ACKNOWLEDGEMENTS
430 .Nm
431 uses the
432 .Dq Flexible and Economical
433 UTF-8 decoder written by
434 .An Bjoern Hoehrmann .
435 .Sh CAVEATS
436 .Bl -bullet
437 .It
438 The root directories of all virtual hosts are opened during the daemon
439 startup; this means that if a root directory gets deleted and then
440 re-created,
441 .Nm
442 won't be able to serve files inside that directory until a restart.
443 This restriction applies only to the root directories and not their content.
444 .It
445 a %2F sequence in the path part is indistinguishable from a literal
446 slash: this is not RFC3986-compliant.
447 .It
448 a %00 sequence either in the path or in the query part is treated as
449 invalid character and thus rejected.
450 .El