I have had this capsule for a long time now. Looking at the file timestamps,
over two and a half years. In that time, I have done several years of
university, including having to retake a partial differential equations course
several times (and I will need to take it again next year). I have also had an
idea or two for projects that could be hosted on gemini. Like, CGI games and
similar.
However, for that to work, I need a gemini server that actually supports CGI
stuff. Until today, I was using agate [1] to serve all this stuff. It is
certainly not difficult to set up, with me just needing to run the following
command every time I restarted the server to keep it running:
agate --hostname babiak.duckdns.org >>logs/agate.log 2>&1 &
And frankly, even that is not needed. Over the years, I have gathered 17
thousand lines of logging info in that file. I have never needed to look at it.
My current plans include getting rid of all the IP addresses from it, and maybe
looking at some statistics on which pages were visited the most. I expect my
gemlog index got the most hits, given I at least set up my browser to subscribe
to it to make sure it was working. So that should be a hit every time I launched
Lagrange, compared to me looking at some of my other stuff maybe once or twice a
year…
Anyway, that's not what I wanted to talk about. What I wanted to talk about, was
my moving over to the one and only Unsinkable Molly Brown.
Migrating was surprisingly easy. Sure, there's a few rough edges left here and
there (for instance, gemlog_two.sh now reports a mime type of
application/x-shellscript instead of text/x-shellscript), but for half an hour's
work, including documentation lookup, that's pretty good, in my opinion.
The first step, of course, was finding out where agate kept all its stuff, so
that molly could use it. After finding it's github page, I found it:
~
|--content
| |--index.gmi
| `--etc.gmi
`--.certificates
`-- babiak.duckdns.org
|-- cert.der
`-- key.der
As I always ran agate in my home directory, as the default user ubuntu on my
vps, this structure was in said home directory. Configuring molly brown to use
these files was in theory, as simple as making the following config file:
# Molly Brown localhost server config using snakeoil certificates CertPath = "/home/ubuntu/.certificates/babiak.duckdns.org/cert.pem" KeyPath = "/home/ubuntu/.certificates/babiak.duckdns.org/key.pem" DocBase = "/home/ubuntu/content" AccessLog = "-" ErrorLog = "-" HostName = "babiak.duckdns.org"
You may notice that the cert and key files have different extensions. This is
because they have different formats. Cert.der is an x509 certificate in DER
format (at least, I think that those are the correct words), while key.der is an
elliptic curve key in the same format. I have no idea what these words mean, but
I did manage to find the right command to convert the certificate into PEM
format quite easily:
openssl x509 -inform DER -in ~/.certificates/babiak.duckdns.org/cert.der -out \ ~/.certificates/babiak.duckdns.org/cert.pem
However, regarding the key, file(1) said the following:
$ file ~/.certificates/babiak.duckdns.org/key.der /home/ubuntu/.certificates/babiak.duckdns.org/key.der: data
I tried the same command as earlier, but got a strange error message. As I have
already explained, the key is not using x509, but some kind of elliptic curve,
or maybe RSA. I found this out by digging around in agate's github issues. Which
algorithm was used by default was not specified, but neither ones mentioned
matched the tab-completion of the openssl command, so I tried both of the
options openssl listed that started with ec after trying RSA. In the end, the
correct command was the following:
openssl ec -inform DER -in ~/.certificates/babiak.duckdns.org/key.der -out \ ~/.certificates/babiak.duckdns.org/key.pem
After running these two commands, molly-brown started perfectly happily, and was
serving everything fine… except for my gemlog. After digging around a bit, I
found that my shell script that generated it was copying a chmod 600 file, which
agate, running as my user had no issues serving, but which molly opted not to,
as it was not set to world-readable. A simple enough issue to fix. Also, given
molly doesn't use agate's .meta files, I still need to add a bit more data to
the .molly file, but I have already told it that stuff under hu/ should be
labelled as being in Hungarian. I… haven't tested whether that works yet.
But yeah, overall, it took a lot longer to write this all up than it took to
actually do it all. Hopefully, I'll have a minimal CGI proof of concept up and
running next week!