Blob

Date:
Message:
moving "default type" from global options to server options
Actions:
History | Blame | Raw File
1 .\" Copyright (c) 2020 Omar Polo <op@omarpolo.com>

2 .\"

3 .\" Permission to use, copy, modify, and distribute this software for any

4 .\" purpose with or without fee is hereby granted, provided that the above

5 .\" copyright notice and this permission notice appear in all copies.

6 .\"

7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

14 .Dd $Mdocdate: October 2 2020$

15 .Dt GMIND 1

16 .Os

17 .Sh NAME

18 .Nm gmid

19 .Nd dead simple zero configuration gemini server

20 .Sh SYNOPSIS

21 .Nm

22 .Bk -words

23 .Op Fl n

24 .Op Fl c Ar config

25 |

26 .Op Fl 6fh

27 .Op Fl C Ar cert

28 .Op Fl d Ar root

29 .Op Fl K Ar key

30 .Op Fl p Ar port

31 .Op Fl x Ar directory

32 .Ek

33 .Sh DESCRIPTION

34 .Nm

35 is a simple and minimal gemini server that can serve static files and

36 execute CGI scripts.

37 It can run without a configuration file with a limited set of features

38 available.

39 If a configuration file is given, no other flags shall be given,

40 except for

41 .Fl n .

42 .Pp

43 .Nm

44 fully supports IRIs (Internationalized Resource Identifiers, see

45 RFC3987).

46 .Pp

47 The options are as follows:

48 .Bl -tag -width 12m

49 .It Fl c Pa config

50 Specifies the configuration file.

51 .It Fl n

52 Check that the configuration is valid, but don't start the server.

53 .El

54 .Pp

55 If no configuration file is given,

56 .Nm

57 will look for the following option

58 .Bl -tag -width 12m

59 .It Fl 6

60 Enable IPv6.

61 .It Fl C Pa file

62 The certificate to use.

63 .It Fl d Pa directory

64 The root directory to serve.

65 .It Fl f

66 Stays and log in the foreground, do not daemonize the process.

67 .It Fl h

68 Print the usage and exit.

69 .It Fl K Pa file

70 The key for the certificate.

71 .It Fl p Ar port

72 The port to listen on, by default 1965.

73 .It Fl x Pa directory

74 Enable execution of CGI scripts.

75 See the description of the

76 .Ic cgi

77 .Ic server

78 option in the section

79 .Sq Servers

80 below to learn how

81 .Pa directory

82 is processed.

83 Cannot be provided more than once.

84 .El

85 .Sh CONFIGURATION FILE

86 The configuration file is divided into two sections:

87 .Bl -tag -width xxxx

88 .It Sy Global Options

89 Global settings for

90 .Nm .

91 .It Sy Servers

92 Virtual hosts definition

93 .El

94 .Pp

95 Within the sections, empty lines are ignored and comments can be put

96 anywhere in the file using a hash mark

97 .Pq Sq # ,

98 and extend to the end of the current line.

99 A boolean is either the symbol

100 .Sq on

101 or

102 .Sq off .

103 .Ss Global Options

104 .Bl -tag -width 12m

105 .It Ic daemon Ar bool

106 Enable or disables the daemon mode.

107 In daemon mode

108 .Nm

109 will log to syslog and fork in the background.

110 By default is off.

111 .It Ic ipv6 Ar bool

112 Enable or disable IPv6 support.

113 By default is off.

114 .It Ic port Ar portno

115 The port to listen on.

116 By default is 1965.

117 .It Ic protocols Ar string

118 Specify the TLS protocols to enable.

119 Refer to

120 .Xr tls_config_parse_protocols 3

121 for the valid protocol string values.

122 By default, both TLSv1.3 and TLSv1.2 are used.

123 Use

124 .Dq tlsv1.3

125 to enable only TLSv1.3.

126 .It Ic mime Ar mime-type Ar file-extension

127 Add a mapping for the given

128 .Ar file-extension

129 to the given

130 .Ar mime-type .

131 Both argument are strings.

132 .El

133 .Ss Servers

134 Every virtual host is defined by a

135 .Ic server

136 block:

137 .Bl -tag -width Ds

138 .It Ic server Ar hostname Brq ...

139 .El

140 .Pp

141 Followed by a block of options that is enclosed in curly brackets:

142 .Bl -tag -width Ds

143 .It Ic cert Pa file

144 Path to the certificate to use for this server.

145 The

146 .Pa file

147 should contain a PEM encoded certificate.

148 This option is mandatory.

149 .It Ic key Pa file

150 Specify the private key to use for this server.

151 The

152 .Pa file

153 should contain a PEM encoded private key.

154 This option is mandatory.

155 .It Ic root Pa directory

156 Specify the root directory for this server.

157 This option is mandatory.

158 .It Ic cgi Pa path

159 Enable the execution of CGI scripts if

160 .Pa path

161 is a prefix of the user request string.

162 An empty path "" will effectively enable the execution of any file

163 with the executable bit set inside the root directory.

164 .It Ic default type Ar string

165 Set the default media type that is used if the media type for a

166 specified extension is not found.

167 If not specified, the

168 .Ic default type

169 is set to

170 .Dq application/octet-stream .

171 .It Ic lang Ar string

172 Specify the language tag for the text/gemini content served.

173 If not specified, no

174 .Dq lang

175 parameter will be added in the response.

176 .El

177 .Sh CGI

178 When CGI scripts are enabled for a directory, a request for an

179 executable file will execute it and fed its output to the client.

180 .Pp

181 The CGI scripts will inherit the environment from

182 .Nm

183 with these additional variables set:

184 .Bl -tag -width 18m

185 .It Ev SERVER_SOFTWARE

186 "gmid"

187 .It Ev SERVER_PORT

188 "1965"

189 .It Ev SCRIPT_NAME

190 The (public) path to the script.

191 .It Ev SCRIPT_EXECUTABLE

192 The full path to the executable.

193 .It Ev REQUEST_URI

194 The user request (without the query parameters.)

195 .It Ev REQUEST_RELATIVE

196 The request relative to the script.

197 .It Ev QUERY_STRING

198 The query parameters.

199 .It Ev REMOTE_HOST

200 The remote IP address.

201 .It Ev REMOTE_ADDR

202 The remote IP address.

203 .It Ev DOCUMENT_ROOT

204 The root directory being served, the one provided with the

205 .Ar d

206 parameter to

207 .Nm

208 or the root directory of the virtual host.

209 .It Ev AUTH_TYPE

210 The string "Certificate" if the client used a certificate, otherwise unset.

211 .It Ev REMOTE_USER

212 The subject of the client certificate if provided, otherwise unset.

213 .It Ev TLS_CLIENT_ISSUER

214 The is the issuer of the client certificate if provided, otherwise unset.

215 .It Ev TLS_CLIENT_HASH

216 The hash of the client certificate if provided, otherwise unset.

217 The format is "ALGO:HASH".

218 .El

219 .Pp

220 Let's say you have a script in

221 .Pa /cgi-bin/script

222 and the user request is

223 .Pa /cgi-bin/script/foo/bar?quux .

224 Then

225 .Ev SCRIPT_NAME

226 will be

227 .Pa cgi-bin/script ,

228 .Ev SCRIPT_EXECUTABLE

229 will be

230 .Pa $DOCUMENT_ROOT/cgi-bin/script ,

231 .Ev REQUEST_URI

232 will be

233 .Pa cgi-bin/script/foo/bar ,

234 .Ev REQUEST_RELATIVE

235 will be

236 .Pa foo/bar

237 and

238 .Ev QUERY_STRING

239 will be

240 .Ar quux .

241 .Sh EXAMPLES

242 To quickly getting started

243 .Bd -literal -offset indent

244 $ # generate a cert and a key

245 $ openssl req -x509 -newkey rsa:4096 -keyout key.pem \\

246         -out cert.pem -days 365 -nodes

247 $ mkdir docs

248 $ cat <<EOF > docs/index.gmi

249 # Hello world

250 test paragraph...

251 EOF

252 $ gmid -c cert.pem -k key.pem -d docs

253 .Ed

254 .Pp

255 Now you can visit gemini://localhost/ with your preferred gemini

256 client.

257 .Pp

258 To add some CGI scripts, assuming a setup similar to the previous

259 example, you can

260 .Bd -literal -offset indent

261 $ mkdir docs/cgi-bin

262 $ cat <<EOF > docs/cgi-bin/hello-world

263 #!/bin/sh

264 printf "20 text/plain\\r\\n"

265 echo "hello world!"

266 EOF

267 $ gmid -x cgi-bin

268 .Ed

269 .Pp

270 Note that the argument to the

271 .Fl x

272 option is

273 .Pa cgi-bin

274 and not

275 .Pa docs/cgi-bin ,

276 since it's relative to the document root.

277 .Pp

278 The following is an example of a possible configuration for a site

279 that enables only TLSv1.3, adds a mime type for the file extension

280 "rtf" and defines two virtual host:

281 .Bd -literal -offset indent

282 ipv6 on		# enable ipv6

283 daemon on	# enable daemon mode

285 protocols "tlsv1.3"

287 mime "application/rtf" "rtf"

289 server "example.com" {

290 	cert "/path/to/cert.pem"

291 	key  "/path/to/key.pem"

292 	root "/var/gemini/example.com"

295 server "it.example.com" {

296 	cert "/path/to/cert.pem"

297 	key  "/path/to/key.pem"

298 	root "/var/gemini/it.example.com"

299 	cgi  "/cgi-bin"

301 .Ed

302 .Sh ACKNOWLEDGEMENTS

303 .Nm

304 uses the

305 .Dq Flexible and Economical

306 UTF-8 decoder written by

307 .An Bjoern Hoehrmann

308 for its IRI parser.

309 .Sh CAVEATS

310 .Bl -bullet

311 .It

312 The root directories of all virtual hosts are opened during the daemon

313 startup; this means that if a root directory gets deleted and then

314 re-created,

315 .Nm

316 won't be able to serve files inside that directory until a restart.

317 This restriction applies only to the root directories and not their content.

318 .It

319 a %2F sequence in the path part is indistinguishable from a literal

320 slash: this is not RFC3986-compliant.

321 .It

322 a %00 sequence either in the path or in the query part is treated as

323 invalid character and thus rejected.

324 .El