commit 33c4c3a5ba6331d7140be52dc3a4612abc07694d
from: Omar Polo <op@omarpolo.com>
date: Wed Oct 13 20:52:19 2021 UTC

more small improvements for the quickstart

commit - 2ae10bb4ee41cd16a6f2abdb6196ab515818aa32
commit + 33c4c3a5ba6331d7140be52dc3a4612abc07694d
blob - 61e3f649748592e6728edfeec760c19aaa0fa1e6
blob + 95bbd29ce08dcf882f35e66c7be595ad25247cae
--- site/quickstart.gmi
+++ site/quickstart.gmi
@@ -27,13 +27,15 @@ To run gmid in daemon mode a configuration file is nee
 # /etc/gmid.conf
 
 server "example.com" {
-	cert "/path/to/certificate"
-	key  "/path/to/private-key"
+	cert "/etc/ssl/example.com.pem"
+	key  "/etc/ssl/private/example.com.key"
+
+	# path to the root directory of your capsule
 	root "/var/gemini/example.com"
 }
 ```
 
-You also need to generate a certificate for the capsule.  A X.509 (TLS) certificate can be generated for e.g. with contrib/gencert
+A certificate is needed for the capsule.  Generate one for e.g. using contrib/gencert:
 
 => https://git.omarpolo.com/gmid/tree/contrib/gencert contrib/gencert
 
@@ -50,10 +52,17 @@ Generated files:
         ./example.com.key : private key
 ```
 
-Optionally, move ‘example.com.pem’ and ‘example.com.key’ to another location.
+Move ‘example.com.pem’ and ‘example.com.key’ to a safe place and double check that the ‘cert’ and ‘key’ options in the configuration points to these files.
 
-Make sure that the ‘cert’ and ‘key’ options in the configuration file points to these files.
+For example, save them in ‘/etc/ssl/’ (as root)
 
+```how to save the certificate and private key in /etc/ssl
+# mkdir -p /etc/ssl/private
+# chown 700 /etc/ssl/private
+# mv example.com.pem /etc/ssl/
+# mv example.com.key /etc/ssl/private/
+```
+
 Then running gmid is as easy as
 
 ```running gmid
@@ -67,7 +76,7 @@ Congratulations, your capsule is online!
 
 gmid employs various techniques to prevent the damage caused by bugs, but some steps needs to be done manually.
 
-If gmid was installed from your distribution package manager, chance are that it already does all of this and is also providing a service to run gmid automatically (e.g. a systemd unit file, a rc script, …)  Otherwise, it’s heavily suggested to create at least a dedicated user.
+If gmid was installed from your distribution package manager, chance are that it already does all of this and is also providing a service to run gmid automatically (e.g. a rc script, a systemd unit file, …)  Otherwise, it’s heavily suggested to create at least a dedicated user.
 
 
 ### A dedicated user
blob - 470db033e31872a7d7a0057d5ce83c3a3fa2d656
blob + ded73b32f02c8a948c0dae2f0534edd821f994d3
--- site/quickstart.html
+++ site/quickstart.html
@@ -158,13 +158,15 @@
     <pre># /etc/gmid.conf
 
 server "example.com" {
-	cert "/path/to/certificate"
-	key  "/path/to/private-key"
+	cert "/etc/ssl/example.com.pem"
+	key  "/etc/ssl/private/example.com/key"
+
+	# path to the root directory of your capsule
 	root "/var/gemini/example.com"
 }</pre>
     <p>
-      You also need to generate a certificate for the capsule.  A
-      X.509 (TLS) certificate can be generated for e.g. with
+      A certificate is needed for the capsule.  Generate one for
+      e.g. using
       <a href="https://git.omarpolo.com/gmid/tree/contrib/gencert">contrib/gencert</a>:
     </p>
     <pre>$ ./contrib/gencert example.com
@@ -178,9 +180,15 @@ Generated files:
         ./example.com.pem : certificate
         ./example.com.key : private key</pre>
     <p>
-      Optionally, move ‘example.com.pem’ and ‘example.com.key’ to
-      another location.
+      Move ‘example.com.pem’ and ‘example.com.key’ to a safe place and
+      double check that the ‘cert’ and ‘key’ options in the
+      configuration points to these files.
     </p>
+    <p>For example, save them in ‘/etc/ssl/’ (as root)</p>
+    <pre># mkdir -p /etc/ssl/private
+# chown 700 /etc/ssl/private
+# mv example.com.pem /etc/ssl/
+# mv example.com.key /etc/ssl/private/</pre>
     <p>
       Make sure that the ‘cert’ and ‘key’ options in the configuration
       file points to these files.
@@ -196,8 +204,8 @@ Generated files:
     <p>
       If gmid was installed from your distribution package manager,
       chance are that it already does all of this and is also
-      providing a service to run gmid automatically (e.g. a systemd
-      unit file, a rc script, …)  Otherwise, it’s heavily suggested to
+      providing a service to run gmid automatically (e.g. a rc script,
+      a systemd unit file …)  Otherwise, it’s heavily suggested to
       create at least a dedicated user.
     </p>
     <h3>A dedicated user</h3>