added to readme
This commit is contained in:
parent
3aa36ef051
commit
46bf9d66e8
44
readme.md
44
readme.md
|
@ -3,7 +3,10 @@
|
||||||
An extensible, general purpose http-\>gemini mirror with full
|
An extensible, general purpose http-\>gemini mirror with full
|
||||||
javascript support
|
javascript support
|
||||||
|
|
||||||
## Requirements
|
## Requirements - If you are using Docker
|
||||||
|
- docker
|
||||||
|
|
||||||
|
## Requirements - If you are not using Docker
|
||||||
- nodejs
|
- nodejs
|
||||||
- npm
|
- npm
|
||||||
- electron
|
- electron
|
||||||
|
@ -20,8 +23,17 @@ javascript support
|
||||||
- libasound2
|
- libasound2
|
||||||
- xvfb (if you're running it headless)
|
- xvfb (if you're running it headless)
|
||||||
|
|
||||||
## Setup
|
## Setup - If you are using Docker
|
||||||
- `sudo apt install libgtk2.0-0 libgconf-2-4 libxshmfence1 libnss3 libatk-bridge2.0-0 libdrm2 libgtk-3-0 libgbm1 libasound2` (if you're on debian, other
|
- `docker pull sose/hellgate`
|
||||||
|
- `docker run -p 1965:1965 sose/hellgate`
|
||||||
|
- the server will listen on `localhost:1965`
|
||||||
|
- If you are using port 1965 on the host machine, you can bind a different port
|
||||||
|
by running `docker run -p {PORT}:1965 sose/hellgate` instead
|
||||||
|
|
||||||
|
## Setup - If you are not using Docker
|
||||||
|
- `sudo apt install npm nodejs libgtk2.0-0 libgconf-2-4 libxshmfence1 libnss3
|
||||||
|
libatk-bridge2.0-0 libdrm2 libgtk-3-0 libgbm1 libasound2` (if you're on
|
||||||
|
debian, other
|
||||||
distros idk)
|
distros idk)
|
||||||
- `sudo apt install xvfb` (again, on debian)
|
- `sudo apt install xvfb` (again, on debian)
|
||||||
- `git clone https://tildegit.org/sose/hellgate`
|
- `git clone https://tildegit.org/sose/hellgate`
|
||||||
|
@ -44,6 +56,28 @@ javascript support
|
||||||
- If you write a new sigil for a specific website, don't hesitate to send it as
|
- If you write a new sigil for a specific website, don't hesitate to send it as
|
||||||
a pull request to this repo
|
a pull request to this repo
|
||||||
|
|
||||||
## Notes
|
## Security
|
||||||
|
- Obviously executing arbitrary Javascript from around the web is never going
|
||||||
|
to be completely safe, however the following steps have been taken to ensure
|
||||||
|
the saftey of the host machine:
|
||||||
|
- All websites have a maximum time in which they have to load their
|
||||||
|
content (default 2s) and execute any scripts (default 2s)
|
||||||
|
- When running outside of a Docker container, all renderer processes
|
||||||
|
will be run inside the Chromium sandbox
|
||||||
|
(https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md)
|
||||||
|
- When running inside of a Docker container, the entire program is
|
||||||
|
running inside a Docker container (as an unprivileged user).
|
||||||
|
- Nodejs integration is disabled in all renderer processes
|
||||||
|
- Context isolation is enabled in all reneder processes
|
||||||
|
- Any request for browser permissions is automatically denied
|
||||||
|
- Any request to create a new window is automatically denied
|
||||||
|
- Essentially, in theory, the machine hosting hellgate should not be at any
|
||||||
|
more risk than a regular web broser. However, security vulnerabilities
|
||||||
|
exists, and no software is perfect, not Docker, not Chromium, not Linux not
|
||||||
|
Electron and *certainly* not Hellgate. If you have valuable things on your
|
||||||
|
server I would suggest running all of this in a VM, just in case.
|
||||||
|
|
||||||
|
## Other Notes
|
||||||
- As of right now the npm version of gemini-server is broken, use the version
|
- As of right now the npm version of gemini-server is broken, use the version
|
||||||
from github or this will not work
|
from github or this will not work.
|
||||||
|
- If you are using the docker container this is already done for you.
|
||||||
|
|
Loading…
Reference in New Issue