97 lines
3.8 KiB
Markdown
97 lines
3.8 KiB
Markdown
# SecretShop: a small Gemini server.
|
|
|
|
## NOTE
|
|
I haven't worked on this in a while and it may not be up to date with the Gemini spec.
|
|
|
|
## Features
|
|
* Multi-site hosting
|
|
* Also supports simple Gopher hosting
|
|
* Fully compliant with Jetforce diagnostics
|
|
* Client Certificates
|
|
* Probably won't kill your computer
|
|
|
|
|
|
## Where to get it
|
|
git clone https://git.saintnet.tech/stryan/secretshop.git
|
|
|
|
I also release binaries at https://build.opensuse.org/project/show/home:stryan
|
|
|
|
The release tab also has pre-generated archives if you don't want to run master.
|
|
|
|
## Configuration
|
|
SecretShop looks in it's current running directory and /etc/secretshop for it's config file.
|
|
Configuration is in a file labeled "config.yaml" in one of the above directories. See the sample config for more details.
|
|
|
|
A standard file looks like such:
|
|
|
|
---
|
|
port: 1965
|
|
active_capsules:
|
|
- localhost
|
|
localhost:
|
|
Hostname: "localhost"
|
|
Port: "1965"
|
|
RootDir: "/var/gemini"
|
|
CGIDir: "/var/gemini/cgi"
|
|
KeyFile: "localhost.key"
|
|
CertFile: "localhost.crt"
|
|
AccessControl:
|
|
Identified:
|
|
- /id
|
|
Known:
|
|
- /known
|
|
Trusted:
|
|
- /private
|
|
Whitelist: "whitelist"
|
|
Lang: "en"
|
|
|
|
Where each "active_capsule" is a virtual Gemini capsule. SecretShop supports virtual Gemini capsules all listening on port 1965.
|
|
|
|
By default, a capsule requires the Hostname, Root Directory, Keyfile, and CertFile to start properly. The capsule also needs to be listed in the "active_capsules" list.
|
|
Each capsule can optionally have a "AccessControl" section for use with client certificates. AccessControl is broken up into three zones:
|
|
Identified: Requires a client to present a certificate of some kind to access. Currently not validate certificate. Response code 60
|
|
Known: Reserved for transient certificates; currently not fully implemented. Reponse code 61
|
|
Trusted: Requires a client to present a certificate who's fingerprint matches an entry in the Whitelist file. Currently checks validity dates and the fingerprint. Response codes 62-65
|
|
|
|
For the Trusted zone, a Whitelist section must exist, with a path leading to the whitelist file. The whitelist file is a text file containing Certificate fingerprints, one for line. This is used
|
|
to authenticate client certificates.
|
|
|
|
If you want full logging (i.e. you're not using systemd, rsyslog, something that auto adds timestamps and program names etc) you can add the "full_logging: true" option.
|
|
|
|
SecretShop supports specifying what language a Gemini capsule uses for content. See section 5.2 of the Gemini spec for more details. This is set per vhost.
|
|
|
|
## Building
|
|
Build Dependencies: go1.14
|
|
|
|
Running "make" should work for any given x86 machine.
|
|
|
|
If you're planning on running this on a Raspberry Pi or other ARM machine try
|
|
env GOOS=linux GOARCH=arm GOARM=5 make
|
|
|
|
## Installation
|
|
Running "make install" will install to /usr//bin by default and will attempt to install the systemd service file
|
|
|
|
## Uninstall
|
|
Run "make uninstall".
|
|
|
|
## Running
|
|
Either run the executable directly or use the Systemd unit file.
|
|
|
|
## Caveats
|
|
Currently does not support transient certificates
|
|
Only handles whitelisting for certificate authorization
|
|
|
|
## Licensing
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|