1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
[default]
# Can be more than one bind, however beware:
# '::' and/or '0.0.0.0' is a 'bind' to all ('::' seems to work for IPv4 as well) - vhost with their own bind and the same ports will result in an error.
# 'Address already in use' or something similar.
# To bind to more than one address, make the value an array ie: ['192.168.0.24', '10.0.1.1']
# bind can also be set to 'no' which means if vhosts are to be accessed via internet, the vhost will need their own bind option.
bind = '::'
# To bind to more than one port, make the value an array ie: [1965, 1966, 1967]
ports = 1965
# Can specify one or both of these.
tls = ['v1.2', 'v1.3']
# UNIX socket, will make all vhost accessible via this socket unless they have their own 'unix' parameter.
# Ports parameter will not matter in regards to unix socket.
# unix can be set to 'no' where it will not make an unix socket, although vhost can have their own unix parameter.
# The path of the unix socket needs to be readable/writable.
# If the socket file exists when attempting to use it then this program will delete that file and make a new one.
# By default, if unix does not exist, there will be no unix socket.
unix = 'no'
## The following options are specific to default and will not work with vhost
# Working dir is used as a relative location if a 'pathy' option (like log_file) is not absolute.
# If working_dir does not have a path, then the *current working directory* is the used.
working_dir = "/etc/jakes-gemini-server" # avoid putting final '/'
# Unless path is absolute, it is relative to working_dir
log_file = "jakes-gemini-server.log"
# if log_to_stdout is true then log_file is ignored and the 'log' is printed (almost unbuffered) to stdout.
log_to_stdout = true
# Unless path is absolute, it is relative to working_dir.
# If this is not specified then it will place it in certs dir (and create the directory if needed, maybe not with the best permissions)
cert_key_dir = "certs" # avoid putting final '/'
# If the cert_key_dir directory is not writable, then a warning will emit
# because generating cert/key pairs will fail and cause the program to die.
# Setting the following to 'false' will not emit an error.
cert_key_dir_write_warning = true
# For each accepted connection a fork() is called. This toggles if that should happen or not.
# For debugging or memory reasons, it may help to set this to false, though it may result in clients timing out
# Will cause 'timed-out' and 'sysread failed' to appear at the same time in log files.
fork = true
# When the server accept()s the client needs to send, per the Gemini spec: '<URL><CR><LF>'
# This timeout option determines how long the server will wait before timing them out.
# 0 is equivalent to 'do not timeout'. Naughty bots/people sit there doing nothing but clogging the ports.
timeout = 5
## These are not specific to default and can be used with vhost
## Vhost options will override default options
# Default document root, when a vhost has none of its own.
root = "default_root"
# append 'index.gmi' when the path ends with '/' or is nothing
assume_index = true
# list the contents of a directory if no index.gmi is found and request is a directory
dir_listing = false
# otherwise the fallback is 'application/octet-stream' (gemini is primary text based so 'octet-stream' probably not wanted)
default_mime = 'text/plain'
# redirection allows this program to check for vhost redirect values.
# 'no' meaning, no redirection.
# 'simple', which is simply "if 'x' key exist, return the value for it"
# 'regex' which is a bit more complex and uses Perl's built in regualar expression. See the vhost for an example of one.
redirection = 'simple'
### Not implimented yet
# similar to .htaccess, .gmiaccess
#gmi_access = true
# automatically reject access to .gmiaccess
#gmi_access_request_reject = true
# No need for a single config file
#include_configs = ["./sites_enabled"]
# A Vhost is *required* since it both serves as vhost and server name identification (sni)
# Vhost example - probably you want to see that it actually works right away
# `$ ncat --ssl localhost 1965'. Quick! You have 5 seconds! type: 'gemini://localhost ' (don't forget the whitespace)
# (ncat (probably) packaged with nmap)
['localhost']
# Generate certificate and key automatically? Uses cert_key_dir
auto_cert = true
# Overrides default setting
assume_index = true
# A more realistic example
#['example.com']
# bind can be set to a string or a list or 'no' which will not be accessible via IP address.
#bind = ['172.16.0.53', '10.43.14.32']
#ports = [10000,10001,10002]
# example.com can only be accesed through this socket, other vhost can use it too.
# unix can be set to some path or to 'no' which will not include it in default's unix path if it is set.
#unix = '/some/other/path/to/unix.sock'
#auto_cert = false
# Location to the cert/key pair is relative to cert_key_dir unless the path is absolute
# The existance of cert and key option will cause auto_cert to be ignored.
#cert = "cert.pem" # a file
#key = "key.pem" # a file
#
# this Vhost's document root
#root = "/srv/gemini/example.com"
#
# Overrides default setting
#assume_index = true
#dir_listing = true
#default_mime = 'text/plain'
#
#redirection = 'regex'
#redirect = {
# # note the beginning '/'.
# # The regex is complied like so: qr{^...$} (^ = beginning of line, $ = end of line)
# # In other words, the entire key value MUST match.
# # this one would be a simple redirection
# '/redirect' = 'gemini://my-other-example.com',
#
# # these are Perl's regular expression.
# '/share/some_(.*)' = "/share/",
# # $1
# '/blog/2022/dec/(.+)' = '/blog/2022/jul/$1',
# # $1 $2 $3
# '/blog/(20..)/(.+)/(.+)' = '/newsgroup/$1-$2/$3',
# }
|