💾 Archived View for freeside.wntrmute.net › boot.gmi captured on 2022-04-29 at 11:43:16. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
There's not much on the intertubes about how to get started running your own gemini site, so this is a quick guide on how to boot up your own capsule.
I used gemserv.
Download and install this (see the README). You'll need to set up a config file, and make sure the server is running. My server runs Ubuntu, which means I have systemd. The gemserv source contains a systemd unit file, so set that up and make sure you have the right path to the binary - I installed it in /usr/local/bin, not /usr/bin, and I set up the config stuff in /etc/gemserv.
root@freeside:/etc/gemserv# cat config.toml port = 1965 host = "::" log = "info" [[server]] hostname = "freeside.wntrmute.net" dir = "/home/kyle/gemini/root" key = "/etc/gemserv/key.pem" cert = "/etc/gemserv/cert.pem" index = "index.gmi" lang = "en" cgi = true cgipath = "/home/kyle/gemini/cgi" usrdir = true
I'm not using cgi or usrdirs yet, but I might in the future. They're enabled because I don't really know what I'm doing yet.
One of the things that really messed with my head at first was the TLS certs. I've got a lot of experience with them, including adding support for CSRs to the Go programming language's standard library. I figured I'd tap into my existing letsencrypt certs, but it turns out the right thing to do is to create a self-signed cert. Make sure your CN matches your server name; this got me.
openssl req -x509 -newkey ed25519 -keyout key.pem -nodes -out cert.pem -days 365 chown -R gemini:gemini /etc/gemini/*.pem
As a follow up, I wrote a tool to make that easier:
go get hg.sr.ht/~kisom/gemini/cmd/gemcertgen cd /etc/gemserv/ && gemcertgen freeside.wntrmute.net chown -R gemini:gemini /etc/gemini/*.pem
The resulting OpenSSL-generated keypair was kind of a mess; my standard tooling that is battle tested from when I was building and running an internal PKI system couldn't make out the signature algorithm or anything. I also got some reports from people that they had SSL errors, but those cleared up once I swapped out `gemcertgen`-generated keypairs. So if possible, gemcertgen is the best choice. If not, caveat emptor. Also make sure to set the permissions appropriately and whatnot.
Now invoke the service startup incantation (e.g. systemctl start gemini.service) and it *should* be working. It took me a few iterations to get things running, mostly due to permissions on the TLS stuff.
Now make your root directory real quick and create a quick gemtext home page:
$ cat /home/kyle/gemini/root/index.gmi # Hello, world It worked!
Back in the day, before I moved to California, I used to have a phlog (hosted on an O2 in my closet!) It's long gone and I've lost the site, but one of the things I wanted to do with gemini is start a gemlog. My first pass was just mimicking the layout, but I saw some people had sites that kept a proper page with chrono-sorted links to posts. I found gloggery, and decided to give it a spin.
The thing about gloggery is that it expects to output to a subdirectory of a site; that is,
gloggery would output your /log/ directory. I wanted to integrate everything into a top-level repo (makes it harder, but not impossible, to lose). The repo for this site is on sr.ht; you can check out my current latest layout, but as of writing this, I've settled for
~/sites/gemhome (0) <heidrun:kyle> $ tree . ├── log │ ├── posts │ │ └── 2020-11-24-2258-cyberdeck-born │ └── templates │ ├── atom.tmpl │ ├── index.tmpl │ └── post.tmpl ├── Makefile ├── README.rst └── site ├── boot.gmi ├── index.gmi └── log ├── 2020-11-24-cyberdeck-born.gmi ├── atom.xml └── index.gmi
What I did was create 'site' to hold, well, my site. Autogenerated stuff will go outside and write to the inside. I moved the contents of ~/.gloggery to log, wrote a quick Makefile, and setup .hgignore to ignore the autogenerated stuff (e.g. site/log/).
That's what I wish I would have known getting started.