secretshop/README.md

# SecretShop: a small Gemini server.

## NOTE
I haven't worked on this in a while and it may not be up to date with the Gemini spec.

## Features
* Multi-site hosting
* Also supports simple Gopher hosting
* Fully compliant with Jetforce diagnostics
* Client Certificates
* Probably won't kill your computer


## Where to get it
  git clone https://git.saintnet.tech/stryan/secretshop.git

  I also release binaries at https://build.opensuse.org/project/show/home:stryan

  The release tab also has pre-generated archives if you don't want to run master.

## Configuration
SecretShop looks in it's current running directory and /etc/secretshop for it's config file.
Configuration is in a file labeled "config.yaml" in one of the above directories. See the sample config for more details.

A standard file looks like such:

	---
	port: 1965
	active_capsules:
	        - localhost
	localhost:
	        Hostname: "localhost"
	        Port: "1965"
	        RootDir: "/var/gemini"
	        CGIDir: "/var/gemini/cgi"
	        KeyFile: "localhost.key"
	        CertFile: "localhost.crt"
		AccessControl:
			Identified:
				- /id
	                Known:
		                - /known
			Trusted:
				- /private
	                Whitelist: "whitelist"
		Lang: "en"

Where each "active_capsule" is a virtual Gemini capsule. SecretShop supports virtual Gemini capsules all listening on port 1965.

By default, a capsule requires the Hostname, Root Directory, Keyfile, and CertFile to start properly. The capsule also needs to be listed in the "active_capsules" list.
Each capsule can optionally have a "AccessControl" section for use with client certificates. AccessControl is broken up into three zones:
	Identified: Requires a client to present a certificate of some kind to access. Currently not validate certificate. Response code 60
	Known: Reserved for transient certificates; currently not fully implemented. Reponse code 61
	Trusted: Requires a client to present a certificate who's fingerprint matches an entry in the Whitelist file. Currently checks validity dates and the fingerprint. Response codes 62-65

For the Trusted zone, a Whitelist section must exist, with a path leading to the whitelist file. The whitelist file is a text file containing Certificate fingerprints, one for line. This is used
to authenticate client certificates.

If you want full logging (i.e. you're not using systemd, rsyslog, something that auto adds timestamps and program names etc) you can add the "full_logging: true" option.

SecretShop supports specifying what language a Gemini capsule uses for content. See section 5.2 of the Gemini spec for more details. This is set per vhost.

## Building
Build Dependencies: go1.14

Running "make" should work for any given x86 machine.

If you're planning on running this on a Raspberry Pi or other ARM machine try 
	env GOOS=linux GOARCH=arm GOARM=5 make 

## Installation
Running "make install" will install to /usr//bin by default and will attempt to install the systemd service file

## Uninstall
Run "make uninstall".

## Running
Either run the executable directly or use the Systemd unit file.

## Caveats
Currently does not support transient certificates
Only handles whitelisting for certificate authorization

## Licensing
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.
formatting 2020-02-21 21:13:54 +00:00			`# SecretShop: a small Gemini server.`
add readme 2020-02-13 01:29:32 +00:00
clarifiaction 2022-05-17 16:21:04 +00:00			`## NOTE`
			`I haven't worked on this in a while and it may not be up to date with the Gemini spec.`

formatting 2020-02-21 21:13:54 +00:00			`## Features`
add multi site 2020-02-19 20:26:46 +00:00			`* Multi-site hosting`
update docs 2020-02-20 22:03:34 +00:00			`* Also supports simple Gopher hosting`
Update README 2020-02-13 01:52:11 +00:00			`* Fully compliant with Jetforce diagnostics`
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00			`* Client Certificates`
Update README 2020-02-13 01:52:11 +00:00			`* Probably won't kill your computer`
add readme 2020-02-13 01:29:32 +00:00
update readme 2020-05-15 00:34:07 +00:00
			`## Where to get it`
			`git clone https://git.saintnet.tech/stryan/secretshop.git`

			`I also release binaries at https://build.opensuse.org/project/show/home:stryan`

update readme 2020-05-15 01:17:26 +00:00			`The release tab also has pre-generated archives if you don't want to run master.`

formatting 2020-02-21 21:13:54 +00:00			`## Configuration`
add readme 2020-02-13 01:29:32 +00:00			`SecretShop looks in it's current running directory and /etc/secretshop for it's config file.`
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00			`Configuration is in a file labeled "config.yaml" in one of the above directories. See the sample config for more details.`

			`A standard file looks like such:`
add readme 2020-02-13 01:29:32 +00:00
formatting 2020-02-21 21:13:54 +00:00			`---`
use actual virtual hosts 2020-02-22 21:17:38 +00:00			`port: 1965`
formatting 2020-02-21 21:13:54 +00:00			`active_capsules:`
			`- localhost`
			`localhost:`
			`Hostname: "localhost"`
			`Port: "1965"`
			`RootDir: "/var/gemini"`
			`CGIDir: "/var/gemini/cgi"`
			`KeyFile: "localhost.key"`
			`CertFile: "localhost.crt"`
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00			`AccessControl:`
			`Identified:`
			`- /id`
			`Known:`
			`- /known`
			`Trusted:`
			`- /private`
			`Whitelist: "whitelist"`
Update README 2020-06-09 16:38:00 +00:00			`Lang: "en"`
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00
			`Where each "active_capsule" is a virtual Gemini capsule. SecretShop supports virtual Gemini capsules all listening on port 1965.`

			`By default, a capsule requires the Hostname, Root Directory, Keyfile, and CertFile to start properly. The capsule also needs to be listed in the "active_capsules" list.`
			`Each capsule can optionally have a "AccessControl" section for use with client certificates. AccessControl is broken up into three zones:`
			`Identified: Requires a client to present a certificate of some kind to access. Currently not validate certificate. Response code 60`
			`Known: Reserved for transient certificates; currently not fully implemented. Reponse code 61`
			`Trusted: Requires a client to present a certificate who's fingerprint matches an entry in the Whitelist file. Currently checks validity dates and the fingerprint. Response codes 62-65`
add readme 2020-02-13 01:29:32 +00:00
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00			`For the Trusted zone, a Whitelist section must exist, with a path leading to the whitelist file. The whitelist file is a text file containing Certificate fingerprints, one for line. This is used`
			`to authenticate client certificates.`

			`If you want full logging (i.e. you're not using systemd, rsyslog, something that auto adds timestamps and program names etc) you can add the "full_logging: true" option.`
use actual virtual hosts 2020-02-22 21:17:38 +00:00
Update README 2020-06-09 16:38:00 +00:00			`SecretShop supports specifying what language a Gemini capsule uses for content. See section 5.2 of the Gemini spec for more details. This is set per vhost.`

formatting 2020-02-21 21:13:54 +00:00			`## Building`
update readme 2020-04-27 20:02:23 +00:00			`Build Dependencies: go1.14`

formatting 2020-02-21 21:13:54 +00:00			`Running "make" should work for any given x86 machine.`

			`If you're planning on running this on a Raspberry Pi or other ARM machine try`
			`env GOOS=linux GOARCH=arm GOARM=5 make`

			`## Installation`
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00			`Running "make install" will install to /usr//bin by default and will attempt to install the systemd service file`
Makefile, readme in markdown 2020-02-21 21:10:08 +00:00
formatting 2020-02-21 21:13:54 +00:00			`## Uninstall`
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00			`Run "make uninstall".`
Makefile, readme in markdown 2020-02-21 21:10:08 +00:00
formatting 2020-02-21 21:13:54 +00:00			`## Running`
Update readme, makefile, standardize logging 2020-05-15 19:12:22 +00:00			`Either run the executable directly or use the Systemd unit file.`
update readme 2020-04-27 20:01:08 +00:00
			`## Caveats`
update docs 2020-05-14 22:17:44 +00:00			`Currently does not support transient certificates`
			`Only handles whitelisting for certificate authorization`
add licensing 2020-05-14 23:49:10 +00:00
			`## Licensing`
			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <https://www.gnu.org/licenses/>.`