Blob


1 .\" Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
2 .\"
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
6 .\"
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: April 7 2022$
15 .Dt GMID 1
16 .Os
17 .Sh NAME
18 .Nm gmid
19 .Nd simple and secure Gemini server
20 .Sh SYNOPSIS
21 .Nm
22 .Bk -words
23 .Op Fl fnv
24 .Op Fl c Ar config
25 .Op Fl D Ar macro Ns = Ns Ar value
26 .Op Fl P Ar pidfile
27 .Ek
28 .Nm
29 .Bk -words
30 .Op Fl 6hVv
31 .Op Fl d Ar certs-dir
32 .Op Fl H Ar hostname
33 .Op Fl p Ar port
34 .Op Fl x Ar cgi
35 .Op Ar dir
36 .Ek
37 .Sh DESCRIPTION
38 .Nm
39 is a simple and minimal gemini server that can serve static files,
40 execute CGI scripts and talk to FastCGI applications.
41 It can run without a configuration file with a limited set of features
42 available.
43 .Pp
44 .Nm
45 rereads the configuration file when it receives
46 .Dv SIGHUP .
47 .Pp
48 The options are as follows:
49 .Bl -tag -width 14m
50 .It Fl c Ar config
51 Specify the configuration file.
52 .It Fl D Ar macro Ns = Ns Ar value
53 Define
54 .Ar macro
55 to be set to
56 .Ar value
57 on the command line.
58 Overrides the definition of
59 .Ar macro
60 in the config file if present.
61 .It Fl f
62 Stays and logs on the foreground.
63 .It Fl n
64 Check that the configuration is valid, but don't start the server.
65 If specified two or more time, dump the configuration in addition to
66 verify it.
67 .It Fl P Ar pidfile
68 Write daemon's pid to the given location.
69 .Ar pidfile
70 will also act as lock: if another process is holding a lock on that
71 file,
72 .Nm
73 will refuse to start.
74 .El
75 .Pp
76 If no configuration file is given,
77 .Nm
78 runs in
79 .Dq config-less mode
80 .Pq i.e. runs in the foreground to serve a directory from the shell
81 and looks for the following options
82 .Bl -tag -width 14m
83 .It Fl 6
84 Enable IPv6.
85 .It Fl d Ar certs-path
86 Directory where certificates for the config-less mode are stored.
87 By default it is
88 .Pa $XDG_DATA_HOME/gmid ,
89 i.e.
90 .Pa ~/.local/share/gmid .
91 .It Fl H Ar hostname
92 The hostname
93 .Po
94 .Ar localhost
95 by default
96 .Pc .
97 Certificates for the given
98 .Ar hostname
99 are searched inside the
100 .Ar certs-dir
101 directory given with the
102 .Fl d
103 option.
104 They have the form
105 .Pa hostname.cert.pem
106 and
107 .Pa hostname.key.pem .
108 If a certificate or a key doesn't exist for a given hostname, they
109 will be generated automatically.
110 .It Fl h , Fl -help
111 Print the usage and exit.
112 .It Fl p Ar port
113 The port to listen on, by default 1965.
114 .It Fl V , Fl -version
115 Print the version and exit.
116 .It Fl v
117 Verbose mode.
118 Multiple
119 .Fl v
120 options increase the verbosity.
121 .It Fl x Ar path
122 Enable execution of
123 .Sx CGI
124 scripts.
125 See the description of the
126 .Ic cgi
127 option in the
128 .Sq Servers
129 section below to learn how
130 .Ar path
131 is processed.
132 Cannot be provided more than once.
133 .It Ar dir
134 The root directory to serve.
135 By default the current working directory is assumed.
136 .El
137 .Sh LOGGING
138 Messages and requests are logged by
139 .Xr syslog 3
140 using the
141 .Dv DAEMON
142 facility or printed on
143 .Em stderr .
144 .Pp
145 Requests are logged with the
146 .Dv NOTICE
147 severity.
148 Each request log entry has the following fields, separated by
149 whitespace:
150 .Pp
151 .Bl -bullet -compact
152 .It
153 Client IP address and the source port number, separated by a colon
154 .It
155 .Sy GET
156 keyword
157 .It
158 Request URL
159 .It
160 Response status
161 .It
162 Response meta
163 .El
164 .Sh EXAMPLES
165 Serve the current directory
166 .Bd -literal -offset indent
167 $ gmid .
168 .Ed
169 .Pp
170 To serve the directory
171 .Pa docs
172 and enable CGI scripts inside
173 .Pa docs/cgi
174 .Bd -literal -offset indent
175 $ mkdir docs/cgi
176 $ cat <<EOF > docs/cgi/hello
177 #!/bin/sh
178 printf "20 text/plain\er\en"
179 echo "hello world"
180 EOF
181 $ chmod +x docs/cgi/hello
182 $ gmid -x '/cgi/*' docs
183 .Ed
184 .Pp
185 An X.509 certificate must be provided to run
186 .Nm
187 using a configuration file.
188 First, the RSA certificate is created using a wildcard common name:
189 .Bd -literal -offset indent
190 # openssl genrsa \-out /etc/ssl/private/example.com.key 4096
191 # openssl req \-new \-x509 \e
192 \-key /etc/ssl/private/example.com.key \e
193 \-out /etc/ssl/example.com.crt \e
194 \-days 36500 \-nodes \e
195 \-subj "/CN=example.com"
196 # chmod 600 /etc/ssl/example.com.crt
197 # chmod 600 /etc/ssl/private/example.com.key
198 .Ed
199 .Pp
200 In the example above, a certificate is valid for one hundred years from
201 the date it was created, which is normal for TOFU.
202 .Pp
203 Then, to run
204 .Nm
205 as a daemon:
206 .Bd -literal -offset indent
207 $ gmid -c /etc/gmid.conf
208 .Ed
209 .Sh SEE ALSO
210 .Xr gmid.conf 5
211 .Sh ACKNOWLEDGEMENTS
212 .Nm
213 uses the
214 .Dq Flexible and Economical
215 UTF-8 decoder written by
216 .An Bjoern Hoehrmann .
217 .Sh AUTHORS
218 .An -nosplit
219 The
220 .Nm
221 program was written by
222 .An Omar Polo Aq Mt op@omarpolo.com .
223 .Sh CAVEATS
224 .Bl -bullet
225 .It
226 All the root directories are opened during the daemon startup; if a
227 root directory is deleted and then re-created,
228 .Nm
229 won't be able to serve files inside that directory until a restart.
230 This restriction only applies to the root directories and not their
231 content.
232 .It
233 a %2F sequence is indistinguishable from a literal slash: this is not
234 RFC3986-compliant.
235 .It
236 a %00 sequence is treated as invalid character and thus rejected.
237 .El