tjp
/
sr-71
1
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases 1 Wiki Activity
sr-71/example.conf

115 lines
6.9 KiB
Plaintext
Raw Permalink Blame History

# "auth" is a global directive that defines a named authentication strategy.
# The "auth" keyword is followed by a name, and then the strategy.
# "clienttlsfile" is a strategy which takes a path to a file which contains line-delimited SHA256 fingerprints of client certificates.
# Tildes (~) are allowed in the file path, in which case the strategy is only usable in a ~user-scoped directive.
auth private_gemini clienttlsfile ~/.private_gemini
# The "clienttls" strategy takes comma-separated SHA256 fingerprints of client certificates.
auth is_tony clienttls 0284bcb38d7c98548df4a67587163276373ea8f9a8cc931a89f475557bd9f3a3
# The "hasclienttls" strategy requires only that the request be made with a client certificate.
auth is_named hasclienttls
# "systemuser" is a global directive which controls privilege dropping.
# After performing some root-only actions (binding to gopher and finger ports, reading server key and certificate files),
# sr-71 will attempt to change its effective user to the named user (which may be a numeric user id).
# Alternatively, sr-71 can work when started as a non-root user but the "systemuser" directive shouldn't be used, and it won't be able to serve any protocol on privileged ports.
systemuser nobody
# "loglevel" defines the minimum log level that will be sent to stdout.
# Allowed values are "debug", "info", "warn", "error".
# Omitting the "loglevel" directive allows all logs through, equivalent to "loglevel debug".
loglevel debug
# define a gopher server
# This IP/port is the default, both components are optional.
# To specify a port without changing the IP default, write it like ":70".
gopher 0.0.0.0:70 {
# A gopher server MUST include a single "host" directive with a single hostname.
# It will be used for internal links, such as in directory listings.
host tjp.lol
# A gopher server may include a single "servertls" directive like gemini (example below).
# In that case the gopher server will host encrypted gopher with TLS.
# The "static" directive exposes a filesystem directory at a given path prefix.
# It will only serve files which are world-readable.
# "with" introduces comma-separated modifiers to a directive.
# - "exec" causes world-executable files to be executed as if they were in a cgi directory.
# - "extendedgophermap" allows the sliderule extended form for gophermap files.
# - "dirdefault <name>" uses a given filename for requests made for the directory.
# - "dirlist" builds listings of requested directories, at a lower priority than "dirdefault".
static /var/gopher/docs at / with dirdefault gophermap, dirlist, exec, extendedgophermap
# The "cgi" directive exposes a filesystem directory at a path prefix as well but executes requested files.
# It will only execute world-executable files.
# It supports only the "extendedgophermap" modifier.
# Executed files are assumed to produce gophermap, although the "extendedgophermap" modifier can make this more friendly.
cgi /var/gopher/cgi at /cgi-bin with extendedgophermap
# Directives which result in exposing a filesystem directory may include tilde (~) characters.
# It must be present in both the path prefix and the filesystem path, or neither (not one without the other).
# In the path prefix it will match a "~username" path segment and the user name will be captured.
# If the filesystem path begins with "~/", it represents the user's home directory.
# Otherwise, the tilde will be replaced by the user's name.
# So on a system where users' home directories are at /home, "/home/~" and "~" are the same (though the latter is more general).
static ~/public_gopher at /~ with dirdefault gophermap, dirlist, exec, extendedgophermap
cgi ~/public_gopher/cgi-bin at /~/cgi-bin
# The "git" directive exposes git repos under a filesystem directory.
# Only git repositories in the given filesystem directory (not its children) are exposed.
git ~/code at /~/code
}
# define a finger server
# This is the default host and port, and both or either may be omitted.
# Only a single "static" or "cgi" directive is allowed in a finger server.
# In either case a ~ must be present in the path, and there is no "at <prefix>" clause.
# "static ... with exec" differs from "cgi" in that if the file is not executable, "static" will serve the file's contents instead.
# There is no support for /W extended form, user listings, or serving as a jump host.
finger 0.0.0.0:79 {
static ~/.finger with exec
}
# define a gemini server
# This is the default host and port, and both or either may be omitted.
gemini 0.0.0.0:1965 {
# "host" directives are allowed in gemini servers.
# "host" is followed by one or more comma-separated hostnames that will be used to match this server.
# Multiple gemini servers may be defined on the same IP/port, in which case the hosts will delineate
# which server's behavior is triggered by a given request.
host tjp.lol
# A gemini server MUST have a single "servertls" directive with "key <keyfile>" and "cert <certfile>" clauses.
servertls key /var/gemini/tls/server.key cert /var/gemini/tls/server.crt
# "static" and "cgi" directives work much like in gopher servers.
# There is no "extendedgophermap" modifier in gemini, however.
static /var/gemini/docs at / with dirdefault index.gmi, dirlist, exec
# The "cmd" directive modifier can apply to any "cgi" or "static ... with exec" directives.
# It specifies a filesystem path to an executable file, which will be executed in place of the CGI script.
# Even with "cmd" in use, it will only be invoked if the request path points to a world-executable file
# and with the working directory and environment variables of the requested script.
# So generally "cmd" scripts can end with something like "exec $SCRIPT_PATH", perhaps after imposing
# resource limits or some other security sandbox around it first.
cgi /var/gemini/cgi at /cgi-bin with cmd /var/runcgi
# The "autoatom" modifier is allowed on directives in a gemini server.
# It causes any text/gemini responses to be available as atom at <path>.atom.
# It uses the "Subscribing to Gemini pages" spec (gemini://geminiprotocol.net/docs/companion/subscription.gmi)
# to convert the text/gemini to Atom.
# The "titan" modifier allows uploads to world-writable directories.
# It can only be used on "static" directives in gemini servers.
# It takes a required auth name which will guard just titan requests.
static ~/public_gemini at /~ with dirdefault index.gmi, dirlist, exec, autoatom, titan private_gemini
cgi ~/public_gemini/cgi-bin at /~/cgi-bin
# "static", "cgi", and "git" directives support an "auth <name>" modifier which requires an authentication to pass.
cgi ~/public_gemini/cgi-bin/private at /~/cgi-bin/private with auth private_gemini
# The "templates" modifier can be used on "git" directives and provide a directory with template files in it.
# These can be used to customize the presentation of git repositories.
git ~/code at /~/code with templates /var/syw_templates
}
Reference in New Issue View Git Blame Copy Permalink