[default] # Can be more than one bind, however beware: # '::' and/or '0.0.0.0' is a 'bind' to all ('::' seems to work for IPv4 as well) - vhost with their own bind and the same ports will result in an error. # 'Address already in use' or something similar. # To bind to more than one address, make the value an array ie: ['192.168.0.24', '10.0.1.1'] bind = '::' # To bind to more than one port, make the value an array ie: [1965, 1966, 1967] ports = 1965 # Can specify one or both of these. tls = ['v1.2', 'v1.3'] ## The following options are specific to default and will not work with vhost # Working dir is used as a relative location if a 'pathy' option (like log_file) is not absolute. # If working_dir does not have a path, then the *current working directory* is the used. working_dir = "/etc/jakes-gemini-server" # avoid putting final '/' # Unless path is absolute, it is relative to working_dir log_file = "jakes-gemini-server.log" # if log_to_stdout is true then log_file is ignored and the 'log' is printed (almost unbuffered) to stdout. log_to_stdout = true # Unless path is absolute, it is relative to working_dir. # If this is not specified then it will place it in certs dir (and create the directory if needed, maybe not with the best permissions) cert_key_dir = "certs" # avoid putting final '/' # If the cert_key_dir directory is not writable, then a warning will emit # because generating cert/key pairs will fail and cause the program to die. # Setting the following to 'false' will not emit an error. cert_key_dir_write_warning = true # For each accepted connection a fork() is called. This toggles if that should happen or not. # For debugging or memory reasons, it may help to set this to false, though it may result in clients timing out # Will cause 'timed-out' and 'sysread failed' to appear at the same time in log files. fork = true # When the server accept()s the client needs to send, per the Gemini spec: '' # This timeout option determines how long the server will wait before timing them out. # 0 is equivalent to 'do not timeout'. Naughty bots/people sit there doing nothing but clogging the ports. timeout = 5 ## These are not specific to default and can be used with vhost ## Vhost options will override default options # Default document root, when a vhost has none of its own. root = "default_root" # append 'index.gmi' when the path ends with '/' or is nothing assume_index = true # list the contents of a directory if no index.gmi is found and request is a directory dir_listing = false # otherwise the fallback is 'application/octet-stream' (gemini is primary text based so 'octet-stream' probably not wanted) default_mime = 'text/plain' ### Not implimented yet # similar to .htaccess, .gmiaccess #gmi_access = true # automatically reject access to .gmiaccess #gmi_access_request_reject = true # No need for a single config file #include_configs = ["./sites_enabled"] # A Vhost is *required* since it both serves as vhost and server name identification (sni) # Vhost example - probably you want to see that it actually works right away # `$ ncat --ssl localhost 1965'. Quick! You have 5 seconds! type: 'gemini://localhost ' (don't forget the whitespace) # (ncat (probably) packaged with nmap) ['localhost'] # Generate certificate and key automatically? Uses cert_key_dir auto_cert = true # Overrides default setting assume_index = true # A more realistic example #['example.com'] #bind = ['172.16.0.53', '10.43.14.32'] #ports = [10000,10001,10002] #auto_cert = false # Location to the cert/key pair is relative to cert_key_dir unless the path is absolute # The existance of cert and key option will cause auto_cert to be ignored. #cert = "cert.pem" # a file #key = "key.pem" # a file # # this Vhost's document root #root = "/srv/gemini/example.com" # # Overrides default setting #assume_index = true #dir_listing = true #default_mime = 'text/plain'