added to readme
This commit is contained in:
parent
3aa36ef051
commit
46bf9d66e8
44
readme.md
44
readme.md
|
@ -3,7 +3,10 @@
|
|||
An extensible, general purpose http-\>gemini mirror with full
|
||||
javascript support
|
||||
|
||||
## Requirements
|
||||
## Requirements - If you are using Docker
|
||||
- docker
|
||||
|
||||
## Requirements - If you are not using Docker
|
||||
- nodejs
|
||||
- npm
|
||||
- electron
|
||||
|
@ -20,8 +23,17 @@ javascript support
|
|||
- libasound2
|
||||
- xvfb (if you're running it headless)
|
||||
|
||||
## Setup
|
||||
- `sudo apt install libgtk2.0-0 libgconf-2-4 libxshmfence1 libnss3 libatk-bridge2.0-0 libdrm2 libgtk-3-0 libgbm1 libasound2` (if you're on debian, other
|
||||
## Setup - If you are using Docker
|
||||
- `docker pull sose/hellgate`
|
||||
- `docker run -p 1965:1965 sose/hellgate`
|
||||
- the server will listen on `localhost:1965`
|
||||
- If you are using port 1965 on the host machine, you can bind a different port
|
||||
by running `docker run -p {PORT}:1965 sose/hellgate` instead
|
||||
|
||||
## Setup - If you are not using Docker
|
||||
- `sudo apt install npm nodejs libgtk2.0-0 libgconf-2-4 libxshmfence1 libnss3
|
||||
libatk-bridge2.0-0 libdrm2 libgtk-3-0 libgbm1 libasound2` (if you're on
|
||||
debian, other
|
||||
distros idk)
|
||||
- `sudo apt install xvfb` (again, on debian)
|
||||
- `git clone https://tildegit.org/sose/hellgate`
|
||||
|
@ -44,6 +56,28 @@ javascript support
|
|||
- If you write a new sigil for a specific website, don't hesitate to send it as
|
||||
a pull request to this repo
|
||||
|
||||
## Notes
|
||||
## Security
|
||||
- Obviously executing arbitrary Javascript from around the web is never going
|
||||
to be completely safe, however the following steps have been taken to ensure
|
||||
the saftey of the host machine:
|
||||
- All websites have a maximum time in which they have to load their
|
||||
content (default 2s) and execute any scripts (default 2s)
|
||||
- When running outside of a Docker container, all renderer processes
|
||||
will be run inside the Chromium sandbox
|
||||
(https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md)
|
||||
- When running inside of a Docker container, the entire program is
|
||||
running inside a Docker container (as an unprivileged user).
|
||||
- Nodejs integration is disabled in all renderer processes
|
||||
- Context isolation is enabled in all reneder processes
|
||||
- Any request for browser permissions is automatically denied
|
||||
- Any request to create a new window is automatically denied
|
||||
- Essentially, in theory, the machine hosting hellgate should not be at any
|
||||
more risk than a regular web broser. However, security vulnerabilities
|
||||
exists, and no software is perfect, not Docker, not Chromium, not Linux not
|
||||
Electron and *certainly* not Hellgate. If you have valuable things on your
|
||||
server I would suggest running all of this in a VM, just in case.
|
||||
|
||||
## Other Notes
|
||||
- As of right now the npm version of gemini-server is broken, use the version
|
||||
from github or this will not work
|
||||
from github or this will not work.
|
||||
- If you are using the docker container this is already done for you.
|
||||
|
|
Loading…
Reference in New Issue