rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gmid/site/quickstart.html

277 lines
6.9 KiB
HTML
Raw Normal View History

add the Quickstart page
2021-10-09 18:30:36 +02:00
<!doctype html>
<html lang="en">
<head>
<title>gmid | contrib</title>
<meta charset="utf8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style>
body {
font-family: monospace;
font-size: 14px;
max-width: 780px;
margin: 0 auto;
padding: 20px;
padding-bottom: 80px;
}
h1::before {
content: "# ";
}
h2 {
margin-top: 40px;
}
h2::before {
content: "## ";
}
h3::before {
content: "### ";
}
blockquote {
margin: 0;
padding: 0;
}
blockquote::before {
content: "> ";
}
blockquote p {
font-style: italic;
display: inline;
}
p.link::before {
content: "→ ";
}
strong::before { content: "*" }
strong::after { content: "*" }
hr {
border: 0;
height: 1px;
background-color: #222;
width: 100%;
display: block;
margin: 2em auto;
}
img {
border-radius: 5px;
}
pre {
overflow: auto;
padding: 1rem;
background-color: #f0f0f0;
border-radius: 3px;
}
pre.banner {
display: flex;
flex-direction: row;
justify-content: center;
}
code, kbd {
color: #9d109d;
}
img {
display: block;
margin: 0 auto;
max-width: 100%;
}
@media (prefers-color-scheme: dark) {
body {
background-color: #222;
color: white;
}
a {
color: aqua;
}
hr {
background-color: #ddd;
}
pre {
background-color: #353535;
}
code, kbd {
color: #ff4cff;
}
}
@media (max-width: 400px) {
pre.banner { font-size: 9px; }
}
@media (max-width: 500px) {
pre.banner { font-size: 10px; }
}
</style>
</head>
<body>
<header>
<nav>
<a href="/">Home</a> |
<a href="contrib.html">contrib</a> |
Quickstart |
<a href="gmid.1.html">docs</a>
</nav>
</header>
<h1>gmid quickstart</h1>
<p>gmid can be run in two different “modes”:</p>
<dl>
<dt>configless:</dt>
<dd>
a quick way to serve a directory tree from the shell, useful
for testing a capsule before uploading it
</dd>
<dt>daemon mode:</dt>
<dd>
gmid reads the configuration file and runs in the background
</dd>
</dl>
<p>To run gmid in the “configless” mode, just type:</p>
<pre>$ gmid path/to/dir</pre>
<p>
gmid will then generate a certificate inside ~/.local/share/gmid
typo
2021-10-09 18:31:43 +02:00
and serve the given directory locally.
add the Quickstart page
2021-10-09 18:30:36 +02:00
</p>
<p>
To run gmid in daemon mode a configuration file is needed. The
format of the configuration file is described in the manpage and
is quite flexible, but for simple setup something like the
following should be enough:
</p>
<pre># /etc/gmid.conf
server "example.com" {
cert "/path/to/certificate"
key "/path/to/private-key"
root "/var/gemini/example.com"
}</pre>
<p>
A X.509 (TLS) certificate can be generated using
<a href="https://git.omarpolo.com/gmid/tree/contrib/gencert">contrib/gencert</a>:
</p>
<pre>$ ./contrib/gencert example.com
Generating a 4096 bit RSA private key
.................................................++++
..........++++
writing new private key to './example.com.key'
-----
Generated files:
./example.com.pem : certificate
./example.com.key : private key</pre>
<p>
Optionally copy example.com.pem and example.com.key to
another location.
</p>
<p>
Make sure that the cert and key options in the configuration
file points to these files.
</p>
<p>Then running gmid is as easy as</p>
<pre>$ gmid -c /etc/gmid.conf</pre>
<h2>Securing your gmid installation</h2>
<p>
gmid employs various techniques to prevent the damage caused by
bugs, but some steps needs to be done manually.
</p>
<p>
If gmid was installed from your distribution package manager,
chance are that it already does all of this and is also
providing a service to run gmid automatically (e.g. a systemd
unit file, a rc script, …) Otherwise, its heavily suggested to
create at least a dedicated user.
</p>
<h3>A dedicated user</h3>
<p>
Ideally, gmid should be run with root privileges and to drop
privileges to a local user. This way, the created certificates
can be readable only by root. For example, on GNU/linux systems
a gmid user can be created with:
</p>
<pre>$ useradd --system --no-create-home -s /bin/nologin -c "gmid Gemini server" gmid</pre>
<p>
Please consult your OS documentation for more information on the
matter.
</p>
<p>
The configuration then needs to be adjusted to include the
user directive at the top:
</p>
<pre># /etc/gmid.conf
user "gmid"
server "example.com" { … }</pre>
<p>
gmid then needs to be started with root privileges, but will
then switch to the provided user automatically. If by accident
the user is forgotten and gmid is running as root, it will
complain loudly in the logs.
</p>
<h3>chroot</h3>
<p>
Its a common practice for system daemons to chroot themselves
into a directory. From here on Ill assume /var/gemini, but it
can be any directory.
</p>
<p>
A chroot on UNIX-like OS is an operation that changes the
“apparent” root directory (i.e. “/”) from the current process
and its child. Think of it like imprisoning a process into a
directory and never letting it escape until it terminates.
</p>
<p>
Using a chroot may complicate the use of CGI scripts, because
then all the dependencies of the scripts (like sh, perl, or
other libraries) needs to be installed inside the chroot too.
For this very reason gmid supports FastCGI too.
</p>
<p>
The chroot feature requires a dedicate user, see the previous
section.
</p>
<p>
To chroot gmid inside a directory, use the chroot directive in
the configuration file:
</p>
<pre># /etc/gmid.conf
# the given directory, /var/gemini in this case, must exists.
chroot "/var/gemini"</pre>
<p>
Note that once chroot is in place, every root directive is
implicitly relative to the chroot, but cert and key arent!
</p>
<p>For example, given the following configuration:</p>
<pre># /etc/gmid.conf
user "gmid"
chroot "/var/gemini"
server "example.com" {
cert "/etc/ssl/example.com.pem"
key "/etc/ssl/example.com.key"
root "/example.com"
}</pre>
<p>
The certificate and the key path are the specified ones, but the
root directory of the virtual host is actually
“/var/gemini/example.com/”.
</p>
</body>
</html>