πΎ Archived View for sashanoraa.gay βΊ stargazer.ini.5.txt captured on 2023-07-22 at 16:15:13.
β¬ οΈ Previous capture (2022-06-03)
-=-=-=-=-=-=-
stargazer.ini(5) File Formats Manual stargazer.ini(5) NAME stargazer.ini - configuration file for stargazer(1) EXAMPLE CONFIG listen = 0.0.0.0 [:tls] store = /var/lib/gemini/certs organiztion = example org [example.com] root = /srv/gemini/example.com [example.com~(.*).cgi(.*)] root = /srv/gemini/example.com/cgi-bin cgi = on An default config file should also be installed at /etc/stargazer.ini SYNTAX stargazer.ini is an INI file. Each line is either a key/value pair, or a section heading. Key/value pairs are specified as key=value, and sections as [section]. Extra white space in genβ erally ignored. Boolean values can be written as true/false, on/off, yes/no, and are case insensitive. CONFIGURATION KEYS The meaning of the key depends on the section. Anonymous keys (prior to the first [section] directive) are used to specify parameters for the daemon itself. Sections whose name is preβ fixed with ":", e.g. [:tls], are sub-categories of the daemon configuration. Otherwise, section names refer to the hostnames of domains serviced by the stargazer daemon. Each of these secβ tions is a route that stargazer will server requests to. At least one route must be specified. ANONYMOUS KEYS listen A space-separated list of addresses that the daemon shall bind to. Each address shall take the format address:port. If :port is omitted, 1965 (the default Gemini port) is preβ sumed. To specify an IPv6 address, enclose it in [], e.g. [::]. Note that IPv6 listener always have IPV6_V6ONLY set, so they will only listen on the IPv6 interface and not also IPv4. If you wish to listen on both, specify both. Stargazer supports listening on multiple interfaces/ports but does not support serving different content on different interfaces/ports. It does support serving different content on different domains and paths. connection-logging Whether or not to log connections to stdout. Disabling this may increase performance. On by default. Always on if the debug cli flag is on. ip-log Log client IP addresses in the connection log. Mutually exβ clusive with ip-log-partial. Off by default. ip-log-partial Log partial client IP addresses in the connection log. For IPv4 addresses only the first 2 octets are logged, the rest are zeroed. For IPv6 addresses only the first 3 16bit segβ ments are logged, the rest are zeroed. May be preferable to ip-log to help maintain user privacy. Mutually exclusive with ip-log-partial. Off by default. request-timeout Number of seconds to wait for the client to send a complete request. If the timeout is exceeded the timeout, stargazer will send `59 Request timeout` and close the connection. 5 seconds by default. Set to 0 to disable. response-timeout Number of seconds to wait for the client to send a complete request and for stargazer to finish sending the response. If the timeout is exceeded the timeout, stargazer will send and close the connection. Disabled by default default. Warning, if this is set, large files and cgi scripts may be cut off before their response finishes. TLS KEYS The following keys are accepted under the [:tls] section: store Path to the certificate store on disk. This should be a persistent directory writable by the daemon. The daemon manages its own certificates - no user intervention is reβ quired, except in the case of moving the daemon to another host, in which case the certificate store must be copied to the new host. organization An optional key used during certificate generation. Fill this in with the name of the organization responsible for the host and it will be filled in as the X.509 /O name. gen-certs Set to false to turn off automatic certificate generation. regen-certs Set to false to turn off automatic regeneration of expired certificates. cert-lifetime Set how long auto-generated certs last before expiring. Specified as a number followed by y for a number of years, m for a number of months (a month being 30 days), or d for a number days. Ex. 5y for 5 years or 30d for 30 days. ROUTING KEYS To configure stargazer to service requests, routing keys must be defined. The name of the configuration section is used to determine what kinds of requests it configures. The format of the section name is the hostname to be serviced, followed by a token which defines the routing strategy, and a string whose format is specific to each routing strategy. The token and match string may be omitted (i.e. [hostname] alone), which implies path routing against "/". A port may not be specβ ified along with the hostname. Stargazer does not support servβ ing different content on different ports. : Route by path prefix. The URL path is compared to "string/". = Exact match. The URL path must exactly match the string. ~ Regular expression routing. The string is a Rust-compatible regular expression which is tested against the URL path. See the docs for the syntax section of the docs for the regex rust crate for a definition of the regular expression syntax and features: https://docs.rs/regex/1.4.2/regex/#syntax Some example section names and examples of matching paths: [example.org:/foo] /foo, /foo/bar, /foo/bar/baz [example.org=/foo.txt] /foo.txt [example.org~/[a- /foo.png, /bar.webp z]+\.(png|jpg|webp)] Routes should be ordered from least to most specific. The matching algorithm attempts to match the URL against each route in reverse order, and chooses the first route which matches. Within each routing section, the following keys are used to configure how stargazer will respond to matching requests: root Configures the path on disk from which files shall be served for this host. The path component of the URL will be appended to this value to form the path to files on disk to serve. If example.org/foo/bar.txt is requested, and a route is configured for [example.org:/foo] with the root set to /srv/gemini, /srv/gemini/foo/bar.txt will be served. rewrite If regular expression routing is used, the rewrite direcβ tive may be used to rewrite the URL path component before proceeding. The URL will be set to the value of the rewrite expression. If \N appears in the rewrite value, where N is a number, that capture group will be substituted for \N. If \{name} appears, where name is a named capture group, it will be substituted. Capture group 0 refers to the entire matched path. Example: [localhost~^/([a-zA-Z]+)\.(?P<extension>png|jpg)$] root=./root rewrite=/images/\1.\{extension} This will rewrite a request for /example.png to /images/exβ ample.png. This directive will also modify the path of a redirect URL if used in a redirect route. index Configures the name of the index file which shall be served in the event that a request for this host does not include the filename part. Defaults to "index.gmi". auto-index "on" to enable the auto-index feature, which presents clients with a list of files in the requested directory when an index file cannot be found. Off by default. Only availible for static file routes. lang Set this value as the lang parameter for gemini files served under this route. The lang param will only be set for text/gemini responses. The Gemini Specification says that the lang parameter should contain a comma separated list of language identifier from RFC 4646. Stargazer will use the lang parameter as given in this config. It is up to the user to provid a valid list of languages. Currently, this parameter is only used when serving static files. charset Set this value as the charset parameter for text files served under this route. The lang param will only be set for text/* responses. If the lang parameter is also set, then lang will be set instead of charset for text/gemini responses. The Gemini Specification says that the charset parameter should be a character set specified in RFC 2046. Stargazer will use the charset parameter as given in this config. It is up to the user to provid a valid charset value. Currently, this parameter is only used when serving static files. redirect Send a redirect to this URI instead of serving other conβ tent. The URI exactly as written will be sent to the client. Mutually exclusive with most other settings. permanent Send a permanent redirect instead of a temporary redirect. Requires redirect to be set. cgi "on" to enable CGI support. root must also be configured. See "CGI Support" for details. Mutually exclusive with auto-index. cgi-user Run CGI process as this user and their primary group. Set to the name of the user. Otherwise process is run as same user as stargazer, which can be a security issue if the CGI process is untrusted (not that running untrusted CGI proβ cesses is a good idea to begin with). The user stargazer is run as must be able to setuid the child process to the user specified. scgi "on" to enable SCGI support. scg-address must also be set.See "SCI Support" for details. root, index, and auto- index not allowed when scgi is on. scgi-address The address of the SCGI server to connect to. If this is a valid file system path that exists, stargazer will connect to a Unix domain socket at that path to send requests. Othβ erwise the address value will be treated as a socket adβ dress and requests will be made over TCP. cgi-timeout Maximum amount of time a CGI/SCGI process on this route is allowed to run. If the timeout is exceeded, stargazer will send a CGI error to the client and either kill the CGI process or close the SCGI connection. Values is a whole number of seconds. By default CGI processes have no timeout and stargazer will wait indefinitely for them to finish. cert-path Path to this certificate for this route, overrides the deβ fault store path. This is intended to be used for certs not managed by stargazer. As such stargazer will not attempt to generate or regenerate these certs. If this is set, key- path must also be set. key-path Path to the key that goes with the cert set by the cert- path. If this is set, cert-path must also be set. client-cert Path to a client certificate that the client must use to access this route. Only one client certificate may be specβ ified per route. Client certificate must be in the PEM forβ mat. CGI Support stargazer supports a limited version of CGI, compatible with the Jetforce server. It is not a faithful implementation of RFC 3875, but is sufficient for most of the needs of Gemini servers. Set cgi=on for a route configuration to enable CGI for that route and set root to the path where the CGI scripts are found. If a client requests a script, it will be executed, and must print a Gemini response (including status code and meta) to stdout. If a CGI process exceeded the timeout set by cgi-timeout or if connection to client is lost and the CGI process is still runβ ning it will be killed. On *nix systems, the CGI process will receive a SIGTERM. If it is still running after 3 seconds it will receive a SIGKILL. On other systems (i.e. Windows) the CGI process will just be killed. If cgi-timeout is exceeded, stargazer will send a CGI error message to the gemini client before closing the connection. When stargazer exits, any CGI processes that are currently runβ ning will receive a SIGHUP. The following environment variables will be set: βββββββββββββββββββββ¬βββββββββββββββββββββββ¬ββββββββββββββββββββ βVariable β Example β Description β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βGATEWAY_INTERFACE β CGI/1.1 β CGI version β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βSERVER_PROTOCOL β GEMINI β The server protoβ β β β β col β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βSERVER_SOFTWARE β stargazer/0.1.0 β The stargazer β β β β server name and β β β β version β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βGEMINI_URL β See [1] β The URL requested β β β β by the client β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βSCRIPT_NAME β /cgi-bin/foo.sh β The portion of β β β β the URL referring β β β β to the script β β β β name. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βPATH_INFO β /bar β The remainder of β β β β the path followβ β β β β ing SCRIPT_NAME. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βQUERY_STRING β hello=world β The query string β β β β portion of the β β β β URL. [3] β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βSERVER_NAME, β example.org β The server host β βHOSTNAME β β name. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βSERVER_PORT β 1965 β The server port β β β β number. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βREMOTE_HOST, REβ β 10.10.0.2 β The clients IP β βMOTE_ADDR β β address. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βTLS_CLIENT_HASH β See [2] β A fingerprint β β β β that can be used β β β β to uniquely idenβ β β β β tify the cert. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βTLS_CLIENT_NOT_BEβ β 2020-10-22T04:31:40Z β The date the β βFORE β β client's cert is β β β β not valid before. β β β β See [4]. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βTLS_CLIENT_NOT_AFβ β 2021-10-22T04:31:59Z β The date the β βTER β β client's cert is β β β β not valid after. β β β β See [4]. β βββββββββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββ€ βREMOTE_USER β "My cert" β The client cert's β β β β issuer field. β βββββββββββββββββββββ΄βββββββββββββββββββββββ΄ββββββββββββββββββββ [1]: gemini://example.org/cgi-bin/foo.sh/bar?hello=world [2]: 1flC87yanv8KQ027TrvOOP/kA5yTWn3xLPJ+GxgaNB4= [3]: stargazer will attempt to percent decode the query string as UTF-8. If this fails the string will be provided as is, unβ decoded. [4]: Timestamps are rfc3339 complaint, exact format is unspecified. The exit status of the script is ignored. SCGI Support stargazer has SCGI support similar to its CGI support. Set scgi=on for a route configuration to enable SCGI for that route and set scgi-address to the address of the SCGI server. The adβ dress can either be a path to an Unix Domain Socket or the TCP Socket address. The headers included in the SCGI request match the CGI parameters list above with a few exceptions. If the SCGI server doesn't finish responding before cgi-timeout is exceeded (assuming one is set) stargazer will close the conβ nection to the SCGI server and send a CGI error to the gemini client. If the connection to the gemini client is lost stargazer will close the connection to the SCGI server. New headers: βββββββββββββββββ¬ββββββββββ¬βββββββββββββββββββββββββββββββββββββ βVariable β Example β Description β βββββββββββββββββΌββββββββββΌβββββββββββββββββββββββββββββββββββββ€ βCONTENT_LENGTH β 0 β Length in bytes of the request β β β β body. See [1]. β βββββββββββββββββΌββββββββββΌβββββββββββββββββββββββββββββββββββββ€ βSCGI β 1 β SCGI Version β βββββββββββββββββ΄ββββββββββ΄βββββββββββββββββββββββββββββββββββββ [1]: Aways 0 since gemini doesn't have request bodies but inβ cluded as it's required by the SCGI protocol. CGI header that are omitted from SCGI: β’ GATEWAY_INTERFACE AUTHORS Maintained by Ben Aaron Goldberg <ben@benaaron.dev>. Up-to-date sources can be found at https://sr.ht/~zethra/stargazer/ and bugs/patches can be submitted by email to ~zethra/stargazer@lists.sr.ht. 2022-05-05 stargazer.ini(5)