1 .\" Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: April 7 2022$
19 .Nd simple and secure Gemini server
25 .Op Fl D Ar macro Ns = Ns Ar value
39 is a simple and minimal gemini server that can serve static files,
40 execute CGI scripts and talk to FastCGI applications.
41 It can run without a configuration file with a limited set of features
45 rereads the configuration file when it receives
48 The options are as follows:
51 Specify the configuration file.
52 .It Fl D Ar macro Ns = Ns Ar value
58 Overrides the definition of
60 in the config file if present.
62 Stays and logs on the foreground.
64 Check that the configuration is valid, but don't start the server.
65 If specified two or more time, dump the configuration in addition to
68 Write daemon's pid to the given location.
70 will also act as lock: if another process is holding a lock on that
76 If no configuration file is given,
80 .Pq i.e. runs in the foreground to serve a directory from the shell
81 and looks for the following options
85 .It Fl d Ar certs-path
86 Directory where certificates for the config-less mode are stored.
88 .Pa $XDG_DATA_HOME/gmid ,
90 .Pa ~/.local/share/gmid .
97 Certificates for the given
99 are searched inside the
101 directory given with the
105 .Pa hostname.cert.pem
107 .Pa hostname.key.pem .
108 If a certificate or a key doesn't exist for a given hostname, they
109 will be generated automatically.
111 Print the usage and exit.
113 The port to listen on, by default 1965.
114 .It Fl V , Fl -version
115 Print the version and exit.
120 options increase the verbosity.
125 See the description of the
129 section below to learn how
132 Cannot be provided more than once.
134 The root directory to serve.
135 By default the current working directory is assumed.
138 Messages and requests are logged by
142 facility or printed on
145 Requests are logged with the
148 Each request log entry has the following fields, separated by
153 Client IP address and the source port number, separated by a colon
165 Serve the current directory
166 .Bd -literal -offset indent
170 To serve the directory
172 and enable CGI scripts inside
174 .Bd -literal -offset indent
176 $ cat <<EOF > docs/cgi/hello
178 printf "20 text/plain\er\en"
181 $ chmod +x docs/cgi/hello
182 $ gmid -x '/cgi/*' docs
187 as a deamon a configuration file and a X.509 certificate must be provided.
188 A self-signed certificate, which are commonly used in the Geminispace,
189 can be generated using for e.g.\&
191 .Bd -literal -offset indent
192 # openssl req \-x509 \-newkey rsa:4096 \-nodes \e
193 \-keyout /etc/ssl/private/example.com.key \e
194 \-out /etc/ssl/example.com.pem \e
195 \-days 365 \-subj "/CN=example.com"
196 # chmod 600 /etc/ssl/example.com.crt
197 # chmod 600 /etc/ssl/private/example.com.key
203 .Bd -literal -offset indent
204 # gmid -c /etc/gmid.conf
211 .Dq Flexible and Economical
212 UTF-8 decoder written by
213 .An Bjoern Hoehrmann .
218 program was written by
219 .An Omar Polo Aq Mt op@omarpolo.com .
223 All the root directories are opened during the daemon startup; if a
224 root directory is deleted and then re-created,
226 won't be able to serve files inside that directory until a restart.
227 This restriction only applies to the root directories and not their
230 a %2F sequence is indistinguishable from a literal slash: this is not
233 a %00 sequence is treated as invalid character and thus rejected.