Documentation rewording

This commit is contained in:
Solene Rapenne 2021-02-05 21:28:41 +01:00
parent 349e56c28c
commit ff78ea5049
2 changed files with 8 additions and 5 deletions

View file

@ -1,7 +1,7 @@
# A simplistic and secure Gemini server # A simplistic and secure Gemini server
**Vger** is a gemini server supporting chroot, virtualhosts, default **Vger** is a gemini server supporting chroot, virtualhosts, CGI,
language choice, redirections and MIME types detection. default language choice, redirections and MIME types detection.
**Vger** design is relying on inetd and a daemon to take care of **Vger** design is relying on inetd and a daemon to take care of
TLS. The idea is to delegate TLS and network to daemons which TLS. The idea is to delegate TLS and network to daemons which
@ -22,7 +22,9 @@ The average setup should look like:
**Vger** is perfectly secure if run on **OpenBSD**, using `unveil()` **Vger** is perfectly secure if run on **OpenBSD**, using `unveil()`
the filesystem access is restricted to one directory (default to the filesystem access is restricted to one directory (default to
`/var/gemini/`) and with `pledge()` only systems calls related to `/var/gemini/`) and with `pledge()` only systems calls related to
reading files and reading input/output are allowed. reading files and reading input/output are allowed. More explanations
about Vger security can be found
[on this link](https://dataswamp.org/~solene/2021-01-14-vger-security.html).
For all supported OS, it's possible to run **Vger** in a chroot For all supported OS, it's possible to run **Vger** in a chroot
and drop privileges to a dedicated user. and drop privileges to a dedicated user.
@ -57,7 +59,7 @@ without a `-d` parameter.
- `-u username`: enable chroot to the data directory and drop privileges to `username`. - `-u username`: enable chroot to the data directory and drop privileges to `username`.
- `-m MIME` : use MIME as default instead of "application/octet-stream". - `-m MIME` : use MIME as default instead of "application/octet-stream".
- `-i` : Enable auto index if no "index.gmi" file is found in a directory. - `-i` : Enable auto index if no "index.gmi" file is found in a directory.
- `-c CGI_PATH` : Exec CGI_PATH instead of serving it. - `-c CGI_PATH` : files in CGI_PATH are executed and their output is returned to the client.
# How to configure Vger using relayd and inetd # How to configure Vger using relayd and inetd

3
vger.8
View file

@ -44,7 +44,8 @@ will read the file /var/gemini/hostname.example/file.gmi
.It Op Fl c .It Op Fl c
Enable CGI support. Enable CGI support.
.Ar cgi_path .Ar cgi_path
will be executed as a cgi script. This path is relative to the directory set with will be executed as a cgi script instead of returning its content.
This path is relative to the directory set with
.Fl d .Fl d
flag. If using virtualhost, you must insert the virtualhost directory in the cgi path. flag. If using virtualhost, you must insert the virtualhost directory in the cgi path.
As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set: As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set: