1 .\" Copyright (c) 2020 Omar Polo <op@omarpolo.com>
2 .\"
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
6 .\"
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 .Dd $Mdocdate: October 2 2020$
15 .Dt GMIND 1
16 .Os
17 .Sh NAME
18 .Nm gmid
19 .Nd dead simple zero configuration gemini server
20 .Sh SYNOPSIS
21 .Nm
22 .Bk -words
23 .Op Fl fh
24 .Op Fl c Ar cert.pem
25 .Op Fl d Ar docs
26 .Op Fl k Ar key.pem
27 .Op Fl p Ar port
28 .Op Fl x Ar cgi-bin
29 .Ek
30 .Sh DESCRIPTION
31 .Nm
32 is a very simple and minimal gemini server that can serve static files
33 and execute CGI scripts.
34 .Pp
35 .Nm
36 won't serve files outside the given directory and won't follow
37 symlinks.
38 Furthermore, on
39 .Ox ,
40 .Xr pledge 2
41 and
42 .Xr unveil 2
43 are used to ensure that
44 .Nm
45 dosen't do anything else than read files from the given directory,
46 accept network connections and, optionally, execute CGI scripts.
47 .Pp
48 .Nm
49 fully supports IRIs (Internationalized Resource Identifiers, see
50 RFC3987).
51 .Pp
52 It should be noted that
53 .Nm
54 is very simple in its implementation, and so it may not be appropriate
55 for serving sites with lots of users.
56 After all, the code is single threaded and use a single process,
57 although it can handle multiple clients at the same time.
58 .Pp
59 If a user request path is a directory,
60 .Nm
61 will try to serve a
62 .Pa index.gmi
63 file inside that directory.
64 .Pp
65 The options are as follows:
66 .Bl -tag -width 12m
67 .It Fl c Ar cert.pem
68 The certificate to use, by default is
69 .Pa cert.pem .
70 .It Fl d Ar docs
71 The root directory to serve.
72 .Nm
73 won't serve any file that is outside that directory.
74 By default is
75 .Pa docs .
76 .It Fl f
77 stays and log in the foreground, do not daemonize the process.
78 .It Fl h
79 Print the usage and exit.
80 .It Fl k Ar key.pem
81 The key for the certificate, by default is
82 .Pa key.pem .
83 .It Fl p Ar port
84 The port to bind to, by default 1965.
85 .It Fl x Ar dir
86 Enable execution of CGI scripts inside the given directory (relative
87 to the document root.)  Cannot be provided more than once.
88 .El
89 .Sh CGI
90 When CGI scripts are enabled for a directory, a request for an
91 executable file will execute it and fed its output to the client.
92 .Pp
93 The CGI scripts will inherit the environment from
94 .Nm
95 with these additional variables set:
96 .Bl -tag -width 18m
97 .It Ev SERVER_SOFTWARE
98 "gmid"
99 .It Ev SERVER_PORT
100 "1965"
101 .It Ev SCRIPT_NAME
102 The (public) path to the script.
103 .It Ev SCRIPT_EXECUTABLE
104 The full path to the executable.
105 .It Ev REQUEST_URI
106 The user request (without the query parameters.)
107 .It Ev REQUEST_RELATIVE
108 The request relative to the script.
109 .It Ev QUERY_STRING
110 The query parameters.
111 .It Ev REMOTE_HOST
112 The remote IP address.
113 .It Ev REMOTE_ADDR
114 The remote IP address.
115 .It Ev DOCUMENT_ROOT
116 The root directory being served, the one provided with the
117 .Ar d
118 parameter to
119 .Nm
120 .It Ev AUTH_TYPE
121 The string "Certificate" if the client used a certificate, otherwise unset.
122 .It Ev REMOTE_USER
123 The subject of the client certificate if provided, otherwise unset.
124 .It Ev TLS_CLIENT_ISSUER
125 The is the issuer of the client certificate if provided, otherwise unset.
126 .It Ev TLS_CLIENT_HASH
127 The hash of the client certificate if provided, otherwise unset.
128 The format is "ALGO:HASH".
129 .El
130 .Pp
131 Let's say you have a script in
132 .Pa /cgi-bin/script
133 and the user request is
134 .Pa /cgi-bin/script/foo/bar?quux .
135 Then
136 .Ev SCRIPT_NAME
137 will be
138 .Pa /cgi-bin/script ,
139 .Ev SCRIPT_EXECUTABLE
140 will be
141 .Pa $DOCUMENT_ROOT/cgi-bin/script ,
142 .Ev REQUEST_URI
143 will be
144 .Pa /cgi-bin/script/foo/bar ,
145 .Ev REQUEST_RELATIVE
146 will be
147 .Pa foo/bar and
148 .Ev QUERY_STRING
149 will be
150 .Ar quux .
151 .Sh EXAMPLES
152 To quickly getting started
153 .Bd -literal -offset indent
154 $ # generate a cert and a key
155 $ openssl req -x509 -newkey rsa:4096 -keyout key.pem \\
156         -out cert.pem -days 365 -nodes
157 $ mkdir docs
158 $ cat <<EOF > docs/index.gmi
159 # Hello world
160 test paragraph...
161 EOF
162 $ gmid -c cert.pem -k key.pem -d docs
163 .Ed
164 .Pp
165 Now you can visit gemini://localhost/ with your preferred gemini
166 client.
167 .Pp
168 To add some CGI scripts, assuming a setup similar to the previous
169 example, you can
170 .Bd -literal -offset indent
171 $ mkdir docs/cgi-bin
172 $ cat <<EOF > docs/cgi-bin/hello-world
173 #!/bin/sh
174 printf "20 text/plain\\r\\n"
175 echo "hello world!"
176 EOF
177 $ gmid -x cgi-bin
178 .Ed
179 .Pp
180 Note that the argument to the
181 .Fl x
182 option is
183 .Pa cgi-bin
184 and not
185 .Pa docs/cgi-bin ,
186 since it's relative to the document root.
187 .Sh ACKNOWLEDGEMENTS
188 .Nm
189 uses the "Flexible and Economical" UTF-8 decoder written by
190 .An Bjoern Hoehrmann .
191 .Sh CAVEATS
192 .Bl -bullet
193 .It
194 it doesn't support virtual hosts: the host part of the request URL is
195 completely ignored.
196 .It
197 a %2F sequence in the path part is indistinguishable from a literal
198 slash: this is not RFC3986-compliant.
199 .It
200 a %00 sequence either in the path or in the query part is treated as
201 invalid character and thus rejected.
202 .El