summaryrefslogtreecommitdiff
path: root/config.toml.sample
blob: a668491aa652efaa03cac2b91cabcd046ca7036f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
[default]
# Can be more than one bind, however beware:
# '::' and/or '0.0.0.0' is a 'bind' to all ('::' seems to work for IPv4 as well) - vhost with their own bind and the same ports will result in an error.
# 'Address already in use' or something similar.
# To bind to more than one address, make the value an array ie: ['192.168.0.24', '10.0.1.1']
# bind can also be set to 'no' which means if vhosts are to be accessed via internet, the vhost will need their own bind option.
bind = '::'
# To bind to more than one port, make the value an array ie: [1965, 1966, 1967]
ports = 1965
# Can specify one or both of these.
tls = ['v1.2', 'v1.3']
# UNIX socket, will make all vhost accessible via this socket unless they have their own 'unix' parameter.
# Ports parameter will not matter in regards to unix socket.
# unix can be set to 'no' where it will not make an unix socket, although vhost can have their own unix parameter.
# The path of the unix socket needs to be readable/writable.
# If the socket file exists when attempting to use it then this program will delete that file and make a new one.
# By default, if unix does not exist, there will be no unix socket.
unix = 'no'

## The following options are specific to default and will not work with vhost 
# Working dir is used as a relative location if a 'pathy' option (like log_file) is not absolute.
# If working_dir does not have a path, then the *current working directory* is the used.
working_dir = "/etc/jakes-gemini-server" # avoid putting final '/'
# Unless path is absolute, it is relative to working_dir
log_file = "jakes-gemini-server.log"
# if log_to_stdout is true then log_file is ignored and the 'log' is printed (almost unbuffered) to stdout.
log_to_stdout = true
# Unless path is absolute, it is relative to working_dir.
# If this is not specified then it will place it in certs dir (and create the directory if needed, maybe not with the best permissions)
cert_key_dir = "certs" # avoid putting final '/'
# If the cert_key_dir directory is not writable, then a warning will emit 
# because generating cert/key pairs will fail and cause the program to die. 
# Setting the following to 'false' will not emit an error.
cert_key_dir_write_warning = true
# For each accepted connection a fork() is called. This toggles if that should happen or not.
# For debugging or memory reasons, it may help to set this to false, though it may result in clients timing out
# Will cause 'timed-out' and 'sysread failed' to appear at the same time in log files.
fork = true
# When the server accept()s the client needs to send, per the Gemini spec: '<URL><CR><LF>'
# This timeout option determines how long the server will wait before timing them out. 
# 0 is equivalent to 'do not timeout'.  Naughty bots/people sit there doing nothing but clogging the ports.
timeout = 5

## These are not specific to default and can be used with vhost
## Vhost options will override default options
# Default document root, when a vhost has none of its own.
root = "default_root"
# append 'index.gmi' when the path ends with '/' or is nothing
assume_index = true 
# list the contents of a directory if no index.gmi is found and request is a directory
dir_listing = false 
# otherwise the fallback is 'application/octet-stream' (gemini is primary text based so 'octet-stream' probably not wanted)
default_mime = 'text/plain' 
# redirection allows this program to check for vhost redirect values.
# 'no' meaning, no redirection.
# 'simple', which is simply "if 'x' key exist, return the value for it"
# 'regex' which is a bit more complex and uses Perl's built in regualar expression. See the vhost for an example of one.
redirection = 'simple'
# gone, a default context dones't really do anything besides let all vhost check for a .gone file if the original path doesn't exist.
# vhost setting for this is somewhat more involved
gone = true

### Not implimented yet
# similar to .htaccess, .gmiaccess
#gmi_access = true 
# automatically reject access to .gmiaccess
#gmi_access_request_reject = true 
# No need for a single config file
#include_configs = ["./sites_enabled"]

# A Vhost is *required* since it both serves as vhost and server name identification (sni)
# Vhost example - probably you want to see that it actually works right away
# `$ ncat --ssl localhost 1965'. Quick! You have 5 seconds! type: 'gemini://localhost ' (don't forget the whitespace)
# (ncat (probably) packaged with nmap)
['localhost']
# Generate certificate and key automatically? Uses cert_key_dir
auto_cert = true
# Overrides default setting
assume_index = true

# A more realistic example
#['example.com']
# Listen to more than just 'example.com' with server_alias.  No need two vhost configurations.
# server_alias can just be a single string, e.g. "server_alias='www.example.com'". An array allows
# for more than one alias.  If auto_cert is true, then *ON CREATION OF THE CERT* the server_alias's will be added to it.
#server_alias=['www.example.com', 'example.org']
# bind can be set to a string or a list or 'no' which will not be accessible via IP address.
#bind = ['172.16.0.53', '10.43.14.32']
#ports = [10000,10001,10002]
# example.com can only be accesed through this socket, other vhost can use it too.
# unix can be set to some path or to 'no' which will not include it in default's unix path if it is set.
#unix = '/some/other/path/to/unix.sock'
#auto_cert = false
# Location to the cert/key pair is relative to cert_key_dir unless the path is absolute
# The existance of cert and key option will cause auto_cert to be ignored.
#cert = "cert.pem" # a file
#key  = "key.pem" # a file
#
# this Vhost's document root
#root = "/srv/gemini/example.com" 
#
# Overrides default setting
#assume_index = true
#dir_listing = true
#default_mime = 'text/plain'
#
## Regex settings:
##   they are checked in the following order:
##   certificate, redirection, gone
#
#redirection = 'regex'
#redirect = {
#    # note the beginning '/'. 
#    # The regex is complied like so: qr{^...$} (^ = beginning of line, $ = end of line)
#    # In other words, the entire key value MUST match.
#    # this one would be a simple redirection
#    '/redirect' = 'gemini://my-other-example.com',
#
#    # these are Perl's regular expression.
#    '/share/some_(.*)' = "/share/",
#    #               $1
#    '/blog/2022/dec/(.+)' = '/blog/2022/jul/$1',
#    #      $1     $2   $3 
#    '/blog/(20..)/(.+)/(.+)' = '/newsgroup/$1-$2/$3',
#}
#
#cert_req = {
#  # will accept ANY certificate
#  '/cert_required(.*) = 'any',
#  # Same as above but you can set the text that will accopany the header.
#  '/blog/secret(.*) = [
#      'any', 'This is my secret place.'
#  ],
#  # Lock an area off with specific fingerprints (sha256)!
#  '/payment_club(.*)' = [
#      'pubkey, 'Accepted members only',
#       # fingerprints (sha256) can have colons and be upper or lower case: program will normalize them.
#       '0b435dd2efc7c7569d97559c22d4a35abbd19cfd6d15d23989773a69df5556c2',
#       '...',
#  ],
#  # Suppose you have a LOT of pubkeys? This example will solve it.
#  '/secret_blog(.*)' = [
#      # file option allows you to specify files that should have a listing of accepted pubkeys
#      # the second option '0' just tells the server to serve default meta text
#      'file', 0,
#      '../pubkeys1.txt',
#      '../pubkeys2.txt',
#   ],
#}
# if you dont want a vhost to be able to set gone, leave this hash empty or delete it entirely.
#gone = {
#   # this checks if a path location doesn't exist, but does if '.gone' is appended, which will return a gone gemini status
#   append = true,
#   path = [
#       # regex matching
#       '/some/path/that/is/percise/text.gmi',
#       # This will match pretty a lot of things
#       '/blog/2021*',
#        # like '/blog/20215/april/' or even '/blog/2021-converense/'
#        # in other words: be careful and be as specific as you can be!
#  ]
#}