.Dd $Mdocdate: December 03 2020 $
.Dt VGER 8
.Os
.Sh NAME
.Nm vger
.Nd inetd gemini server
.Sh SYNOPSIS
.Nm vger
.Op Fl l Ar lang
.Op Fl v
.Op Fl i
.Op Fl c Ar cgi_path
.Op Fl d Ar path
.Op Fl u Ar username
.Op Fl m Ar mimetype
.Sh DESCRIPTION
.Nm
is a secure gemini server that is meant to be run on
.Xr inetd 8
behind a relay daemon offering TLS capabilities like
.Xr relayd 8 .
.Pp
If an incoming gemini query doesn't explicitly request a file,
.Nm
will serves a default "index.gmi" file if present.
.Pp
It is possible to create redirections by creating a symbolic link
containing the new file location.
.Sh OPTIONS
.Bl -tag -width Ds
.It Op Fl l Ar lang
Set the lang in the return code to
.Ar lang .
A list can be specified, i.e "-l en,fr" will send "lang=en,fr".
Default is no lang metadata.
.It Op Fl i
Enable auto index if no index.gmi is found in a directory.
The index is a file that will contain a link to every file within the current directory.
.It Op Fl v
Enable virtualhost support, the hostname in the query will be considered as a directory name.
As example, for request gemini://hostname.example/file.gmi
.Nm
will read the file /var/gemini/hostname.example/file.gmi
.It Op Fl c
Enable CGI support.
.Ar cgi_path
files will be executed as a cgi script instead of returning their content.
.Ar cgi_path should be relative to chroot so cgi can be called for different virtualhosts.
As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set:
.Bd -literal -offset indent
vger -c cgi-bin
.Ed
.Pp
In this case,
.Xr pledge 2
promises and unveil permission are set to enable cgi execution.
.Pp
Be very careful on how you write your CGI, it can read outside the chroot.
.It Op Fl m Ar mimetype
Use
.Ar mimetype
instead of the "application/octet-stream" as content type for which
.Nm
is unable to find the type.
.It Op Fl d Ar path
Use
.Ar path
instead of the default "/var/gemini/" path to look for files.
On
.Ox
.Nm
will use
.Xr unveil 2
on this path to only allow read-only file access within this directory.
.It Op Fl u Ar username
Enable
.Xr chroot 2
on the data directory and then drop privileges to
.Ar username .
This requires
.Nm
to be run as root user.
.El
.Sh DEPLOYMENT
.Nm
is meant to be run by
.Xr inetd 8 .
.Nm
can be used on any port because it won't be public.
.Pp
/etc/inetd.conf example using a dedicated gemini_user:
.Bd -literal -offset indent
127.0.0.1:11965 stream tcp nowait gemini_user /usr/local/bin/vger vger
.Ed
.Pp
The public port TCP/1965 must be served by a daemon like
.Xr relayd 8
which negociate TLS connections and forward them
to the inetd daemon on the
.Nm
port.
Do not forget to open the TCP/1965 port in your firewall.
.Pp
.Xr relayd.conf 5
configuration example:
.Bd -literal -offset indent
log connection
relay "gemini" {
    listen on hostname.example port 1965 tls
    forward to 127.0.0.1 port 11965
}
.Ed
.Sh EXIT STATUS
.Ex -std vger
.Sh SEE ALSO
.Xr chroot 2 ,
.Xr unveil 2 ,
.Xr relayd.conf 5 ,
.Xr inetd 8 ,
.Xr relayd 8
.Sh AUTHORS
.An See the LICENSE file for the authors .
.Sh LICENSE
See the LICENSE file for the terms of redistribution.