Where each "active_capsule" is a virtual Gemini capsule. SecretShop supports virtual Gemini capsules all listening on port 1965.
By default, a capsule requires the Hostname, Root Directory, Keyfile, and CertFile to start properly. The capsule also needs to be listed in the "active_capsules" list.
Each capsule can optionally have a "AccessControl" section for use with client certificates. AccessControl is broken up into three zones:
Identified: Requires a client to present a certificate of some kind to access. Currently not validate certificate. Response code 60
Known: Reserved for transient certificates; currently not fully implemented. Reponse code 61
Trusted: Requires a client to present a certificate who's fingerprint matches an entry in the Whitelist file. Currently checks validity dates and the fingerprint. Response codes 62-65
For the Trusted zone, a Whitelist section must exist, with a path leading to the whitelist file. The whitelist file is a text file containing Certificate fingerprints, one for line. This is used
to authenticate client certificates.
If you want full logging (i.e. you're not using systemd, rsyslog, something that auto adds timestamps and program names etc) you can add the "full_logging: true" option.
SecretShop supports specifying what language a Gemini capsule uses for content. See section 5.2 of the Gemini spec for more details. This is set per vhost.