gmid/gmid.1

.\" Copyright (c) 2020 Omar Polo <op@omarpolo.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: October 2 2020$
.Dt GMIND 1
.Os
.Sh NAME
.Nm gmid
.Nd dead simple zero configuration gemini server
.Sh SYNOPSIS
.Nm
.Bk -words
.Op Fl fh
.Op Fl c Ar cert.pem
.Op Fl d Ar docs
.Op Fl k Ar key.pem
.Op Fl p Ar port
.Op Fl x Ar cgi-bin
.Ek
.Sh DESCRIPTION
.Nm
is a very simple and minimal gemini server that can serve static files
and execute CGI scripts.
.Pp
.Nm
will strip any sequence of
.Pa ../
or trailing
.Pa ..
in the requests made by clients and will refuse to follow symlinks.
Furthermore, on
.Ox ,
.Xr pledge 2
and
.Xr unveil 2
are used to ensure that
.Nm
dosen't do anything else than read files from the given directory,
accept network connections and, optionally, execute CGI scripts.
.Pp
It should be noted that
.Nm
is very simple in its implementation, and so it may not be appropriate
for serving sites with lots of users.
After all, the code is single threaded and use a single process,
although it can handle multiple clients at the same time.
.Pp
If a user request path is a directory,
.Nm
will try to serve a
.Pa index.gmi
file inside that directory.
.Pp
The options are as follows:
.Bl -tag -width 12m
.It Fl c Ar cert.pem
The certificate to use, by default is
.Pa cert.pem .
.It Fl d Ar docs
The root directory to serve.
.Nm
won't serve any file that is outside that directory.
By default is
.Pa docs .
.It Fl f
stays and log in the foreground, do not daemonize the process.
.It Fl h
Print the usage and exit.
.It Fl k Ar key.pem
The key for the certificate, by default is
.Pa key.pem .
.It Fl p Ar port
The port to bind to, by default 1965.
.It Fl x Ar dir
Enable execution of CGI scripts inside the given directory (relative
to the document root.)  Cannot be provided more than once.
.El
.Sh CGI
When CGI scripts are enabled for a directory, a request for an
executable file will execute it and fed its output to the client.
.Pp
The CGI scripts will inherit the environment from
.Nm
with these additional variables set:
.Bl -tag -width 18m
.It Ev SERVER_SOFTWARE
"gmid"
.It Ev SERVER_PORT
"1965"
.It Ev SCRIPT_NAME
The (public) path to the script.
.It Ev SCRIPT_EXECUTABLE
The full path to the executable.
.It Ev REQUEST_URI
The user request (without the query parameters.)
.It Ev REQUEST_RELATIVE
The request relative to the script.
.It Ev QUERY_STRING
The query parameters.
.It Ev REMOTE_HOST
The remote IP address.
.It Ev REMOTE_ADDR
The remote IP address.
.It Ev DOCUMENT_ROOT
The root directory being served, the one provided with the
.Ar d
parameter to
.Nm
.It Ev AUTH_TYPE
The string "Certificate" if the client used a certificate, otherwise unset.
.It Ev REMOTE_USER
The subject of the client certificate if provided, otherwise unset.
.It Ev TLS_CLIENT_ISSUER
The is the issuer of the client certificate if provided, otherwise unset.
.It Ev TLS_CLIENT_HASH
The hash of the client certificate if provided, otherwise unset.
The format is "ALGO:HASH".
.El
.Pp
Let's say you have a script in
.Pa /cgi-bin/script
and the user request is
.Pa /cgi-bin/script/foo/bar?quux .
Then
.Ev SCRIPT_NAME
will be
.Pa /cgi-bin/script ,
.Ev SCRIPT_EXECUTABLE
will be
.Pa $DOCUMENT_ROOT/cgi-bin/script ,
.Ev REQUEST_URI
will be
.Pa /cgi-bin/script/foo/bar ,
.Ev REQUEST_RELATIVE
will be
.Pa foo/bar and
.Ev QUERY_STRING
will be
.Ar quux .
.Sh EXAMPLES
To quickly getting started
.Bd -literal -offset indent
$ # generate a cert and a key
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem \\
        -out cert.pem -days 365 -nodes
$ mkdir docs
$ cat <<EOF > docs/index.gmi
# Hello world
test paragraph...
EOF
$ gmid -c cert.pem -k key.pem -d docs
.Ed
.Pp
Now you can visit gemini://localhost/ with your preferred gemini
client.
.Pp
To add some CGI scripts, assuming a setup similar to the previous
example, you can
.Bd -literal -offset indent
$ mkdir docs/cgi-bin
$ cat <<EOF > docs/cgi-bin/hello-world
#!/bin/sh
printf "20 text/plain\\r\\n"
echo "hello world!"
EOF
$ gmid -x cgi-bin
.Ed
.Pp
Note that the argument to the
.Fl x
option is
.Pa cgi-bin
and not
.Pa docs/cgi-bin ,
since it's relative to the document root.
.Sh CAVEATS
.Bl -bullet
.It
it doesn't support virtual hosts: the host part of the request URL is
completely ignored.
.El
initial commit 2020-10-02 19:39:00 +02:00			`.\" Copyright (c) 2020 Omar Polo <op@omarpolo.com>`
			`.\"`
			`.\" Permission to use, copy, modify, and distribute this software for any`
			`.\" purpose with or without fee is hereby granted, provided that the above`
			`.\" copyright notice and this permission notice appear in all copies.`
			`.\"`
			`.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`.Dd $Mdocdate: October 2 2020$`
			`.Dt GMIND 1`
			`.Os`
			`.Sh NAME`
			`.Nm gmid`
minor documentation edits 2020-10-03 17:49:09 +02:00			`.Nd dead simple zero configuration gemini server`
initial commit 2020-10-02 19:39:00 +02:00			`.Sh SYNOPSIS`
			`.Nm`
			`.Bk -words`
logging reworked and daemonize by default The -l option was removed: now it logs on syslog if -f (foreground) is not passed. 2020-12-02 21:18:01 +01:00			`.Op Fl fh`
initial commit 2020-10-02 19:39:00 +02:00			`.Op Fl c Ar cert.pem`
			`.Op Fl d Ar docs`
			`.Op Fl k Ar key.pem`
make port number configurable 2020-11-18 09:12:27 +01:00			`.Op Fl p Ar port`
documentation improvements 2020-11-06 18:11:45 +01:00			`.Op Fl x Ar cgi-bin`
initial commit 2020-10-02 19:39:00 +02:00			`.Ek`
			`.Sh DESCRIPTION`
			`.Nm`
documentation improvements 2020-11-06 18:11:45 +01:00			`is a very simple and minimal gemini server that can serve static files`
			`and execute CGI scripts.`
initial commit 2020-10-02 19:39:00 +02:00			`.Pp`
			`.Nm`
			`will strip any sequence of`
			`.Pa ../`
			`or trailing`
			`.Pa ..`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`in the requests made by clients and will refuse to follow symlinks.`
fix errors in manpage man -Tlint -l gmid.1 helped a lot 2020-10-02 19:44:32 +02:00			`Furthermore, on`
			`.Ox ,`
			`.Xr pledge 2`
initial commit 2020-10-02 19:39:00 +02:00			`and`
fix errors in manpage man -Tlint -l gmid.1 helped a lot 2020-10-02 19:44:32 +02:00			`.Xr unveil 2`
initial commit 2020-10-02 19:39:00 +02:00			`are used to ensure that`
			`.Nm`
documentation improvements 2020-11-06 18:11:45 +01:00			`dosen't do anything else than read files from the given directory,`
			`accept network connections and, optionally, execute CGI scripts.`
initial commit 2020-10-02 19:39:00 +02:00			`.Pp`
			`It should be noted that`
			`.Nm`
			`is very simple in its implementation, and so it may not be appropriate`
documentation improvements 2020-11-06 18:11:45 +01:00			`for serving sites with lots of users.`
			`After all, the code is single threaded and use a single process,`
improve wording "concurrently" means at the same time, which can be confusing when we say that it's single-threaded on a single process. 2020-12-21 15:51:09 +01:00			`although it can handle multiple clients at the same time.`
initial commit 2020-10-02 19:39:00 +02:00			`.Pp`
minor documentation edits 2020-10-03 17:49:09 +02:00			`If a user request path is a directory,`
			`.Nm`
			`will try to serve a`
			`.Pa index.gmi`
			`file inside that directory.`
			`.Pp`
initial commit 2020-10-02 19:39:00 +02:00			`The options are as follows:`
			`.Bl -tag -width 12m`
			`.It Fl c Ar cert.pem`
			`The certificate to use, by default is`
minor documentation edits 2020-10-03 17:49:09 +02:00			`.Pa cert.pem .`
initial commit 2020-10-02 19:39:00 +02:00			`.It Fl d Ar docs`
			`The root directory to serve.`
			`.Nm`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`won't serve any file that is outside that directory.`
			`By default is`
documentation improvements 2020-11-06 18:11:45 +01:00			`.Pa docs .`
logging reworked and daemonize by default The -l option was removed: now it logs on syslog if -f (foreground) is not passed. 2020-12-02 21:18:01 +01:00			`.It Fl f`
			`stays and log in the foreground, do not daemonize the process.`
initial commit 2020-10-02 19:39:00 +02:00			`.It Fl h`
minor documentation edits 2020-10-03 17:49:09 +02:00			`Print the usage and exit.`
initial commit 2020-10-02 19:39:00 +02:00			`.It Fl k Ar key.pem`
			`The key for the certificate, by default is`
minor documentation edits 2020-10-03 17:49:09 +02:00			`.Pa key.pem .`
make port number configurable 2020-11-18 09:12:27 +01:00			`.It Fl p Ar port`
			`The port to bind to, by default 1965.`
documentation improvements 2020-11-06 18:11:45 +01:00			`.It Fl x Ar dir`
			`Enable execution of CGI scripts inside the given directory (relative`
			`to the document root.) Cannot be provided more than once.`
initial commit 2020-10-02 19:39:00 +02:00			`.El`
implementing CGI – NOT READY YET! This is a first try at implementing CGI scripting. The idea is that, if CGI is explicitly enabled by the user, when a user requires an executable file instead of serving it to the client, that file will be executed and its output fed to the client. There are various pieces that are still lacking, the firsts that comes to mind are: - performance: the handle_cgi just loops ignoring the WANT_POLLIN/POLLOUT and blocking if the child process hasn’t outputted anything. - we don’t parse query variable (yet) - we need to set more variables in the child environment side question: it’s better to set the variables using setenv() or by providing an explicit environment? - document what environment the CGI script will get - improve the horrible unveil/pledge(cgi ? …) but now I can serve “hello-world”-tier script from gmid! 2020-11-06 13:01:31 +01:00			`.Sh CGI`
documentation improvements 2020-11-06 18:11:45 +01:00			`When CGI scripts are enabled for a directory, a request for an`
			`executable file will execute it and fed its output to the client.`
implementing CGI – NOT READY YET! This is a first try at implementing CGI scripting. The idea is that, if CGI is explicitly enabled by the user, when a user requires an executable file instead of serving it to the client, that file will be executed and its output fed to the client. There are various pieces that are still lacking, the firsts that comes to mind are: - performance: the handle_cgi just loops ignoring the WANT_POLLIN/POLLOUT and blocking if the child process hasn’t outputted anything. - we don’t parse query variable (yet) - we need to set more variables in the child environment side question: it’s better to set the variables using setenv() or by providing an explicit environment? - document what environment the CGI script will get - improve the horrible unveil/pledge(cgi ? …) but now I can serve “hello-world”-tier script from gmid! 2020-11-06 13:01:31 +01:00			`.Pp`
documentation improvements 2020-11-06 18:11:45 +01:00			`The CGI scripts will inherit the environment from`
			`.Nm`
			`with these additional variables set:`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`.Bl -tag -width 18m`
documentation improvements 2020-11-06 18:11:45 +01:00			`.It Ev SERVER_SOFTWARE`
			`"gmid"`
			`.It Ev SERVER_PORT`
			`"1965"`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`.It Ev SCRIPT_NAME`
			`The (public) path to the script.`
			`.It Ev SCRIPT_EXECUTABLE`
			`The full path to the executable.`
			`.It Ev REQUEST_URI`
			`The user request (without the query parameters.)`
			`.It Ev REQUEST_RELATIVE`
			`The request relative to the script.`
documentation improvements 2020-11-06 18:11:45 +01:00			`.It Ev QUERY_STRING`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`The query parameters.`
			`.It Ev REMOTE_HOST`
			`The remote IP address.`
clients certs support for CGI internally, gmid doesn’t care if the client issued a certificate, but now we pass that information to the CGI script in some new environment variables. 2020-12-02 15:17:19 +01:00			`.It Ev REMOTE_ADDR`
			`The remote IP address.`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`.It Ev DOCUMENT_ROOT`
			`The root directory being served, the one provided with the`
			`.Ar d`
			`parameter to`
			`.Nm`
clients certs support for CGI internally, gmid doesn’t care if the client issued a certificate, but now we pass that information to the CGI script in some new environment variables. 2020-12-02 15:17:19 +01:00			`.It Ev AUTH_TYPE`
			`The string "Certificate" if the client used a certificate, otherwise unset.`
			`.It Ev REMOTE_USER`
			`The subject of the client certificate if provided, otherwise unset.`
			`.It Ev TLS_CLIENT_ISSUER`
			`The is the issuer of the client certificate if provided, otherwise unset.`
			`.It Ev TLS_CLIENT_HASH`
			`The hash of the client certificate if provided, otherwise unset.`
			`The format is "ALGO:HASH".`
documentation improvements 2020-11-06 18:11:45 +01:00			`.El`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`.Pp`
			`Let's say you have a script in`
			`.Pa /cgi-bin/script`
			`and the user request is`
			`.Pa /cgi-bin/script/foo/bar?quux .`
			`Then`
			`.Ev SCRIPT_NAME`
			`will be`
			`.Pa /cgi-bin/script ,`
			`.Ev SCRIPT_EXECUTABLE`
			`will be`
			`.Pa $DOCUMENT_ROOT/cgi-bin/script ,`
			`.Ev REQUEST_URI`
			`will be`
			`.Pa /cgi-bin/script/foo/bar ,`
			`.Ev REQUEST_RELATIVE`
			`will be`
			`.Pa foo/bar and`
			`.Ev QUERY_STRING`
			`will be`
			`.Ar quux .`
initial commit 2020-10-02 19:39:00 +02:00			`.Sh EXAMPLES`
			`To quickly getting started`
fix errors in manpage man -Tlint -l gmid.1 helped a lot 2020-10-02 19:44:32 +02:00			`.Bd -literal -offset indent`
initial commit 2020-10-02 19:39:00 +02:00			`$ # generate a cert and a key`
			`$ openssl req -x509 -newkey rsa:4096 -keyout key.pem \\`
			`-out cert.pem -days 365 -nodes`
			`$ mkdir docs`
			`$ cat <<EOF > docs/index.gmi`
			`# Hello world`
			`test paragraph...`
			`EOF`
			`$ gmid -c cert.pem -k key.pem -d docs`
fix errors in manpage man -Tlint -l gmid.1 helped a lot 2020-10-02 19:44:32 +02:00			`.Ed`
initial commit 2020-10-02 19:39:00 +02:00			`.Pp`
documentation improvements 2020-11-06 18:11:45 +01:00			`Now you can visit gemini://localhost/ with your preferred gemini`
			`client.`
			`.Pp`
			`To add some CGI scripts, assuming a setup similar to the previous`
			`example, you can`
			`.Bd -literal -offset indent`
			`$ mkdir docs/cgi-bin`
			`$ cat <<EOF > docs/cgi-bin/hello-world`
			`#!/bin/sh`
			`printf "20 text/plain\\r\\n"`
			`echo "hello world!"`
			`EOF`
			`$ gmid -x cgi-bin`
			`.Ed`
			`.Pp`
			`Note that the argument to the`
			`.Fl x`
			`option is`
			`.Pa cgi-bin`
			`and not`
			`.Pa docs/cgi-bin ,`
[cgi] added support for path parameters enhance the CGI scripting support so that script can take path parameters. That is, a script at /cgi/foo is called when the request path is /cgi/foo/bar/... This commit also introduce some backward incompatible changes as the default env variables set for the CGI script changed. 2020-11-10 14:07:36 +01:00			`since it's relative to the document root.`
initial commit 2020-10-02 19:39:00 +02:00			`.Sh CAVEATS`
			`.Bl -bullet`
			`.It`
minor documentation edits 2020-10-03 17:49:09 +02:00			`it doesn't support virtual hosts: the host part of the request URL is`
initial commit 2020-10-02 19:39:00 +02:00			`completely ignored.`
			`.El`