Rewording
This commit is contained in:
parent
ff78ea5049
commit
31d384833f
2 changed files with 8 additions and 22 deletions
28
README.md
28
README.md
|
@ -1,12 +1,8 @@
|
|||
# A simplistic and secure Gemini server
|
||||
|
||||
**Vger** is a gemini server supporting chroot, virtualhosts, CGI,
|
||||
default language choice, redirections and MIME types detection.
|
||||
**Vger** is a gemini server supporting chroot, virtualhosts, CGI, default language choice, redirections and MIME types detection.
|
||||
|
||||
**Vger** design is relying on inetd and a daemon to take care of
|
||||
TLS. The idea is to delegate TLS and network to daemons which
|
||||
proved doing it correctly, so vger takes its request from stdin and
|
||||
output the result to stdout.
|
||||
**Vger** design is relying on inetd and a daemon to take care of TLS. The idea is to delegate TLS and network to daemons which proved doing it correctly, so vger takes its request from stdin and output the result to stdout.
|
||||
|
||||
The average setup should look like:
|
||||
|
||||
|
@ -19,15 +15,9 @@ The average setup should look like:
|
|||
vger on inetd
|
||||
```
|
||||
|
||||
**Vger** is perfectly secure if run on **OpenBSD**, using `unveil()`
|
||||
the filesystem access is restricted to one directory (default to
|
||||
`/var/gemini/`) and with `pledge()` only systems calls related to
|
||||
reading files and reading input/output are allowed. More explanations
|
||||
about Vger security can be found
|
||||
[on this link](https://dataswamp.org/~solene/2021-01-14-vger-security.html).
|
||||
**Vger** is perfectly secure if run on **OpenBSD**, using `unveil()` the filesystem access is restricted to one directory (default to `/var/gemini/`) and with `pledge()` only systems calls related to reading files and reading input/output are allowed. More explanations about Vger security can be found [on this link](https://dataswamp.org/~solene/2021-01-14-vger-security.html).
|
||||
|
||||
For all supported OS, it's possible to run **Vger** in a chroot
|
||||
and drop privileges to a dedicated user.
|
||||
For all supported OS, it's possible to run **Vger** in a chroot and drop privileges to a dedicated user.
|
||||
|
||||
|
||||
# Install
|
||||
|
@ -45,8 +35,7 @@ On GNU/Linux, make sure you installed `libbsd`.
|
|||
|
||||
**Vger** comes with a test suite you can use with `make test`.
|
||||
|
||||
Some files under `/var/gemini/` are required to test the code path
|
||||
without a `-d` parameter.
|
||||
Some files under `/var/gemini/` are required to test the code path without a `-d` parameter.
|
||||
|
||||
|
||||
# Command line parameters
|
||||
|
@ -64,8 +53,7 @@ without a `-d` parameter.
|
|||
|
||||
# How to configure Vger using relayd and inetd
|
||||
|
||||
Create directory `/var/gemini/` (I'd allow this to be configured
|
||||
later), files will be served from there.
|
||||
Create directory `/var/gemini/` (I'd allow this to be configured later), files will be served from there.
|
||||
|
||||
Create an user `gemini_user`.
|
||||
|
||||
|
@ -101,6 +89,4 @@ On OpenBSD, enable inetd and relayd and start them:
|
|||
|
||||
Don't forget to open the TCP port 1965 in your firewall.
|
||||
|
||||
Vger will serve files named `index.gmi` if no explicit filename is given.
|
||||
If this file doesn't exist and auto index is enabled, an index file
|
||||
with a link to every file in the directory will be served.
|
||||
Vger will serve files named `index.gmi` if no explicit filename is given. If this file doesn't exist and auto index is enabled, an index file with a link to every file in the directory will be served.
|
||||
|
|
2
vger.8
2
vger.8
|
@ -75,7 +75,7 @@ On
|
|||
.Nm
|
||||
will use
|
||||
.Xr unveil 2
|
||||
on this path in read-only to prevent file access outside this directory.
|
||||
on this path to only allow read-only file access within this directory.
|
||||
.It Op Fl u Ar username
|
||||
Enable
|
||||
.Xr chroot 2
|
||||
|
|
Loading…
Reference in a new issue