From 46bf9d66e85bf3cc5b1568906c4cdaa87f7838d0 Mon Sep 17 00:00:00 2001 From: sose Date: Wed, 28 Apr 2021 07:12:58 +0000 Subject: [PATCH] added to readme --- readme.md | 44 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/readme.md b/readme.md index f46f8b8..df9d13f 100644 --- a/readme.md +++ b/readme.md @@ -3,7 +3,10 @@ An extensible, general purpose http-\>gemini mirror with full javascript support -## Requirements +## Requirements - If you are using Docker +- docker + +## Requirements - If you are not using Docker - nodejs - npm - electron @@ -20,8 +23,17 @@ javascript support - libasound2 - xvfb (if you're running it headless) -## Setup -- `sudo apt install libgtk2.0-0 libgconf-2-4 libxshmfence1 libnss3 libatk-bridge2.0-0 libdrm2 libgtk-3-0 libgbm1 libasound2` (if you're on debian, other +## Setup - If you are using Docker +- `docker pull sose/hellgate` +- `docker run -p 1965:1965 sose/hellgate` +- the server will listen on `localhost:1965` +- If you are using port 1965 on the host machine, you can bind a different port + by running `docker run -p {PORT}:1965 sose/hellgate` instead + +## Setup - If you are not using Docker +- `sudo apt install npm nodejs libgtk2.0-0 libgconf-2-4 libxshmfence1 libnss3 + libatk-bridge2.0-0 libdrm2 libgtk-3-0 libgbm1 libasound2` (if you're on +debian, other distros idk) - `sudo apt install xvfb` (again, on debian) - `git clone https://tildegit.org/sose/hellgate` @@ -44,6 +56,28 @@ javascript support - If you write a new sigil for a specific website, don't hesitate to send it as a pull request to this repo -## Notes +## Security +- Obviously executing arbitrary Javascript from around the web is never going + to be completely safe, however the following steps have been taken to ensure + the saftey of the host machine: + - All websites have a maximum time in which they have to load their + content (default 2s) and execute any scripts (default 2s) + - When running outside of a Docker container, all renderer processes + will be run inside the Chromium sandbox +(https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md) + - When running inside of a Docker container, the entire program is + running inside a Docker container (as an unprivileged user). + - Nodejs integration is disabled in all renderer processes + - Context isolation is enabled in all reneder processes + - Any request for browser permissions is automatically denied + - Any request to create a new window is automatically denied +- Essentially, in theory, the machine hosting hellgate should not be at any + more risk than a regular web broser. However, security vulnerabilities +exists, and no software is perfect, not Docker, not Chromium, not Linux not +Electron and *certainly* not Hellgate. If you have valuable things on your +server I would suggest running all of this in a VM, just in case. + +## Other Notes - As of right now the npm version of gemini-server is broken, use the version - from github or this will not work + from github or this will not work. +- If you are using the docker container this is already done for you.