💾 Archived View for perso.pw › blog › articles › gemini-vger-server.gmi captured on 2023-07-22 at 16:38:13. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-05-24)
-=-=-=-=-=-=-
In this article I will explain how to install and configure Vger, a gemini server.
Short introduction about Gemini: it's a very recent protocol that is being simplistic and limited. Keys features are: pages are written in markdown like, mandatory TLS, no header, UTF-8 encoding only.
I wrote Vger to discover the protocol and the Gemini space. I had a lot of fun with it, it was the opportunity for me to rediscover the C language with a better approach. The sources include a full test suite. This test suite was unvaluable for the development process.
Vger was really built with security in mind from the first lines of code, now it offers the following features:
The name Vger is a reference to the 1979 first Star Trek movie.
Compile vger.c using clang or gcc
$ make # install -o root -g bin -m 755 vger /usr/local/bin/vger
Vger receives requests on stdin and gives the result on stdout. It doesn't take account of the hostname given but a request MUST start with `gemini://`.
Create directory /var/gemini/, files will be served from there.
Create the `_gemini` user:
useradd -s /sbin/nologin _gemini
Configure vger in /etc/inetd.conf
11965 stream tcp nowait _gemini /usr/local/bin/vger vger
Inetd will run vger` with the _gemini user. You need to take care that /var/gemini/ is readable by this user.
inetd is a wonderful daemon listening on ports and running commands upon connections. This mean when someone connects on the port 11965, inetd will run vger as _gemini and pass the network data to its standard input, vger will send the result to the standard output captured by inetd that will transmit it back to the TCP client.
Tell relayd to forward connections in relayd.conf
log connection relay "gemini" { listen on 163.172.223.238 port 1965 tls forward to 127.0.0.1 port 11965 }
Make links to the certificates and key files according to relayd.conf documentation. You can use acme / certbot / dehydrate or any "Let's Encrypt" client to get certificates. You can also generate your own certificates but it's beyond the scope of this article.
# ln -s /etc/ssl/acme/cert.pem /etc/ssl/163.172.223.238\:1965.crt # ln -s /etc/ssl/acme/private/privkey.pem /etc/ssl/private/163.172.223.238\:1965.key
Enable inetd and relayd at boot and start them
# rcctl enable relayd inetd # rcctl start relayd inetd
From here, what's left is populating /var/gemini/ with the files you want to publish, the `index.md` file is special because it will be the default file if no file are requests.