commit - e7c7f19c4e46e48d577964f4e020a4feb08b581a
commit + 714685c10c68d3c1c8b990b9877fbc72b38562c1
blob - be298f2b1fcf1943a8c1ce763f20bba876363f12
blob + 781bf41f36d70a4b0ca14a4fb036bc0a3fb72c75
--- gmid.1
+++ gmid.1
.Os
.Sh NAME
.Nm gmid
-.Nd dead simple zero configuration gemini server
+.Nd simple and secure Gemini server
.Sh SYNOPSIS
.Nm
.Bk -words
and
.Fl n .
.Pp
-.Nm
-fully supports IRIs (Internationalized Resource Identifiers, see
-RFC3987).
-.Pp
The options are as follows:
.Bl -tag -width 14m
.It Fl c Pa config
directory given with the
.Fl d
option.
-The have the form
+They have the form
.Pa hostname.cert.pem
and
.Pa hostname.key.pem .
If a certificate and key doesn't exists for a given hostname they
-would be automatically generated.
+will be automatically generated.
.It Fl h
Print the usage and exit.
.It Fl p Ar port
Enable execution of CGI scripts.
See the description of the
.Ic cgi
-.Ic server
option in the section
.Sq Servers
below to learn how
Refer to
.Xr tls_config_parse_protocols 3
for the valid protocol string values.
-By default, both TLSv1.3 and TLSv1.2 are used.
+By default, both TLSv1.3 and TLSv1.2 are enabled.
Use
.Dq tlsv1.3
to enable only TLSv1.3.
.Pa path .
The daemon has to be run with root privileges and thus the option
.Ic user
-needs to be provided, so
+needs to be provided, so privileges can be dropped.
+Note that
.Nm
-can drop the privileges.
-Note that they are dropped after loading the TLS keys, so it's
-recommended to put those outside the chroot.
+will enter the chroot after loading the TLS keys, but before opening
+the virtual host root directories.
+It's recommended to keep the TLS keys outside the chroot.
Future version of
.Nm
may require this.
server "example.com" {
cert "/path/to/cert.pem"
key "/path/to/key.pem"
- root "/var/gemini/example.com"
+ root "/example.com" # in the /var/gemini chroot
location "/static/" {
auto index on
.Dq Flexible and Economical
UTF-8 decoder written by
.An Bjoern Hoehrmann .
+.Sh AUTHORS
+.An -nosplit
+The
+.Nm
+program was written by
+.An Omar Polo Aq Mt op@omarpolo.com .
.Sh CAVEATS
.Bl -bullet
.It
won't be able to serve files inside that directory until a restart.
This restriction applies only to the root directories and not their content.
.It
-a %2F sequence in the path part is indistinguishable from a literal
-slash: this is not RFC3986-compliant.
+a %2F sequence is indistinguishable from a literal slash: this is not
+RFC3986-compliant.
.It
-a %00 sequence either in the path or in the query part is treated as
-invalid character and thus rejected.
+a %00 sequence is treated as invalid character and thus rejected.
.El