126 lines
3.1 KiB

.Dd $Mdocdate: December 03 2020 $
.Dt VGER 8
.Nm vger
.Nd inetd gemini server
.Nm vger
.Op Fl l Ar lang
.Op Fl v
.Op Fl i
.Op Fl c Ar cgi_path
.Op Fl d Ar path
.Op Fl u Ar username
.Op Fl m Ar mimetype
is a secure gemini server that is meant to be run on
.Xr inetd 8
behind a relay daemon offering TLS capabilities like
.Xr relayd 8 .
If an incoming gemini query doesn't explicitly request a file,
will serves a default "index.gmi" file if present.
It is possible to create redirections by creating a symbolic link
containing the new file location.
.Bl -tag -width Ds
.It Op Fl l Ar lang
Set the lang in the return code to
.Ar lang .
A list can be specified, i.e "-l en,fr" will send "lang=en,fr".
Default is no lang metadata.
.It Op Fl i
Enable auto index if no index.gmi is found in a directory.
The index is a file that will contain a link to every file within the current directory.
.It Op Fl v
Enable virtualhost support, the hostname in the query will be considered as a directory name.
As example, for request gemini://hostname.example/file.gmi
will read the file /var/gemini/hostname.example/file.gmi
.It Op Fl c
Enable CGI support.
.Ar cgi_path
files will be executed as a cgi script instead of returning their content.
.Ar cgi_path must not end with '/'.
If using virtualhost, you must insert the virtualhost directory in the cgi path.
As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set:
.Bd -literal -offset indent
vger -c /var/gemini/hostname.example/cgi-bin/hello.cgi
In this case,
.Xr pledge 2
promises and unveil permission are set to enable cgi execution.
Be very careful on how you write your CGI, it can read outside the chroot.
.It Op Fl m Ar mimetype
.Ar mimetype
instead of the "application/octet-stream" as content type for which
is unable to find the type.
.It Op Fl d Ar path
.Ar path
instead of the default "/var/gemini/" path to look for files.
will use
.Xr unveil 2
on this path to only allow read-only file access within this directory.
.It Op Fl u Ar username
.Xr chroot 2
on the data directory and then drop privileges to
.Ar username .
This requires
to be run as root user.
is meant to be run by
.Xr inetd 8 .
can be used on any port because it won't be public.
/etc/inetd.conf example using a dedicated gemini_user:
.Bd -literal -offset indent stream tcp nowait gemini_user /usr/local/bin/vger vger
The public port TCP/1965 must be served by a daemon like
.Xr relayd 8
which negociate TLS connections and forward them
to the inetd daemon on the
Do not forget to open the TCP/1965 port in your firewall.
.Xr relayd.conf 5
configuration example:
.Bd -literal -offset indent
log connection
relay "gemini" {
listen on hostname.example port 1965 tls
forward to port 11965
.Ex -std vger
.Xr chroot 2 ,
.Xr unveil 2 ,
.Xr relayd.conf 5 ,
.Xr inetd 8 ,
.Xr relayd 8
.An See the LICENSE file for the authors .
See the LICENSE file for the terms of redistribution.