💾 Archived View for gemi.dev › gemini-mailing-list › 000134.gmi captured on 2023-11-04 at 12:27:46. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Hi everyone Can anyone suggest or recommend a server or host where I can make a simple Gemini capsule serving static gmi files, but also CGI scripts? I'm interested to see what kind of simple applications can be written and delivered over Gemini space. I'd rather not get into setting up my own server at this stage, if I can avoid it. Feel free to reply or send a personal message. Many thanks Luke
Luke, I'm looking in to this on tilde.pink. So far, the only way I could get a cgi script located in a user directory to work was to create a symbolic link directly to /var/gemini/cgi-bin/. So far, no one has implemented a server that acts like gophernicus or geomyidae, allowing for scripts to be run from any served directory. I don't know how this is handled by webservers that support ~user accounts. -Tiwesdaeg On Sat, 23 May 2020, Luke Emmet wrote: > Hi everyone > > Can anyone suggest or recommend a server or host where I can make a simple Gemini capsule serving static gmi files, but also CGI scripts? > > I'm interested to see what kind of simple applications can be written and delivered over Gemini space. > > I'd rather not get into setting up my own server at this stage, if I can avoid it. > > Feel free to reply or send a personal message. > > Many thanks > > Luke
I'd love for Molly Brown and hence gemini.circumlunar.space to support this, but until Go gets properly setuid support I just can't do it securely, unfortunately. Or until the FastGCI / SCGI idea gets polished a bit more. I know 80h has done some work on that front and I've been meaning to ask for details. Cheers, Solderpunk On Sat, May 23, 2020 at 01:33:04PM +0000, tiwesdaeg at tilde.pink wrote: > Luke, > > I'm looking in to this on tilde.pink. So far, the only way I could get a cgi > script located in a user directory to work was to create a symbolic link > directly to /var/gemini/cgi-bin/. So far, no one has implemented a server > that acts like gophernicus or geomyidae, allowing for scripts to be run from > any served directory. > > I don't know how this is handled by webservers that support ~user accounts. > > -Tiwesdaeg > > On Sat, 23 May 2020, Luke Emmet wrote: > > > Hi everyone > > > > Can anyone suggest or recommend a server or host where I can make a simple Gemini capsule serving static gmi files, but also CGI scripts? > > > > I'm interested to see what kind of simple applications can be written and delivered over Gemini space. > > > > I'd rather not get into setting up my own server at this stage, if I can avoid it. > > > > Feel free to reply or send a personal message. > > > > Many thanks > > > > Luke
On Sat May 23, 2020 at 9:35 AM EDT, solderpunk wrote: > I'd love for Molly Brown and hence gemini.circumlunar.space to support > this, but until Go gets properly setuid support I just can't do it > securely, unfortunately. Or until the FastGCI / SCGI idea gets polished > a bit more. I know 80h has done some work on that front and I've been > meaning to ask for details. I still haven't got around to FastCGI but SCGI is pretty easy. SCGI is basically a netstring with null terminated environmental variables sent to the server(cgi script) int 80h
Thanks (and to others who responded). I would be interested in something like this if and when it proves feasible for user based scripting. At the moment I'm just looking at the old fashioned plain CGI - due to its simplicity from the script author's point of view - even though as we know it is harder to secure and the performance is not great. I've made some progress and managed to get Molly Brown installed on a local raspberrypi, so at least I have somewhere to experiment for now. Thanks - Luke On 23-May-2020 14:33, tiwesdaeg at tilde.pink wrote: > Luke, > > I'm looking in to this on tilde.pink. So far, the only way I could get > a cgi script located in a user directory to work was to create a > symbolic link directly to /var/gemini/cgi-bin/. So far, no one has > implemented a server that acts like gophernicus or geomyidae, allowing > for scripts to be run from any served directory. > > I don't know how this is handled by webservers that support ~user > accounts. > > -Tiwesdaeg > > On Sat, 23 May 2020, Luke Emmet wrote: > >> Hi everyone >> >> Can anyone suggest or recommend a server or host where I can make a >> simple Gemini capsule serving static gmi files, but also CGI scripts? >> >> I'm interested to see what kind of simple applications can be written >> and delivered over Gemini space. >> >> I'd rather not get into setting up my own server at this stage, if I >> can avoid it. >> >> Feel free to reply or send a personal message. >> >> Many thanks >> >> Luke
On Sat, May 23, 2020 at 12:32:32PM -0400, int 80h wrote: > I still haven't got around to FastCGI but SCGI is pretty easy. SCGI is > basically a netstring with null terminated environmental variables sent > to the server(cgi script) Just read https://en.wikipedia.org/wiki/Simple_Common_Gateway_Interface and, yeah, this looks pretty straightforward. Are you using Sean's adaptation of CGI variables to Gemini in conjunction with this? Maybe I'll try to get this into Molly Brown if I ever find the time. I really want to be able to start experimenting with dynamic content. Cheers, Solderpunk
On Sat May 23, 2020 at 12:55 PM EDT, solderpunk wrote: > Just read https://en.wikipedia.org/wiki/Simple_Common_Gateway_Interface > and, yeah, this looks pretty straightforward. Are you using Sean's > adaptation of CGI variables to Gemini in conjunction with this? Maybe > I'll try to get this into Molly Brown if I ever find the time. I really > want to be able to start experimenting with dynamic content. No but I should... right now it's only a small subset of the variables. int 80h
Hello Luke, Somehow, no one has answered your question yet. Hopefully I can do that. The server that I have the most experience with is Jetforce[1] which can do all that you're asking, it will serve static files and do CGI too. 1: https://github.com/michael-lazar/jetforce makeworld ??????? Original Message ??????? On Saturday, May 23, 2020 2:49 AM, Luke Emmet <luke.emmet at gmail.com> wrote: > Hi everyone > > Can anyone suggest or recommend a server or host where I can make a simple Gemini capsule serving static gmi files, but also CGI scripts? > > I'm interested to see what kind of simple applications can be written and delivered over Gemini space. > > I'd rather not get into setting up my own server at this stage, if I can avoid it. > > Feel free to reply or send a personal message. > > Many thanks > > Luke
On Sat May 23, 2020 at 1:15 PM EDT, colecmac wrote: > Somehow, no one has answered your question yet. Hopefully I can do that. > The server that I have the most experience with is Jetforce[1] which > can do all that you're asking, it will serve static files and do CGI > too. > > 1: https://github.com/michael-lazar/jetforce > Oh my apologies! There's also Molly Brown, GLV-1.12556 and gemserv. Sorry, if I missed any others. int 80h [1] https://tildegit.org/solderpunk/molly-brown [2] https://github.com/spc476/GLV-1.12556 [3] gemini://80h.dev/projects/gemserv/
On Sat, May 23, 2020 at 01:26:42PM -0400, int 80h wrote: > On Sat May 23, 2020 at 1:15 PM EDT, colecmac wrote: > > Somehow, no one has answered your question yet. Hopefully I can do that. > > The server that I have the most experience with is Jetforce[1] which > > can do all that you're asking, it will serve static files and do CGI > > too. > > > > 1: https://github.com/michael-lazar/jetforce > > > > Oh my apologies! > > There's also Molly Brown, GLV-1.12556 and gemserv. Sorry, if I missed > any others. > I think Luke was asking for servers (i.e. machines) offering hosting for people who aren't running their own, rather than servers as in software. Cheers, Solderpunk
> I think Luke was asking for servers (i.e. machines) offering hosting for > people who aren't running their own, rather than servers as in software. Oh you're completely right, my bad. Sorry Luke! makeworld
It was thus said that the Great tiwesdaeg at tilde.pink once stated: > Luke, > > I'm looking in to this on tilde.pink. So far, the only way I could get a > cgi script located in a user directory to work was to create a symbolic > link directly to /var/gemini/cgi-bin/. So far, no one has implemented a > server that acts like gophernicus or geomyidae, allowing for scripts to be > run from any served directory. Ahem. GLV-1.12556 will run a CGI script from any directory. This is accomplished by treating any file with execute permissions as a CGI script. If CGI is NOT enabled, then any reference to a script with executable permissions returns a "Temporary Error" (40). > I don't know how this is handled by webservers that support ~user > accounts. I handle it the same as above---any file that has execute permissions is treated as a CGI script. -spc
It was thus said that the Great solderpunk once stated: > On Sat, May 23, 2020 at 12:32:32PM -0400, int 80h wrote: > > > I still haven't got around to FastCGI but SCGI is pretty easy. SCGI is > > basically a netstring with null terminated environmental variables sent > > to the server(cgi script) > > Just read https://en.wikipedia.org/wiki/Simple_Common_Gateway_Interface > and, yeah, this looks pretty straightforward. Are you using Sean's > adaptation of CGI variables to Gemini in conjunction with this? I don't know about 80h, but I know I am. I'm following the spec (what there is of it) at https://web.archive.org/web/20020403050958/http://python.ca/nas/scgi/protocol.txt (taken from the Wikipedia article about SCGI). From what I can determine (checking Wikipedia, the above article and the Apache documentation) it appears that the Gemini server (or web server in the case of Apache) is expecting the SCGI program to be running already, and all that happens is the Gemini (Apache) server connects to it, sends the request and awaits a response. The *only* example lists the following meta-variables (to use RFC-3875 terminology): CONTENT_LENGTH (mandatory for SCGI) SCGI (mandatory for SCGI) REQUEST_METHOD (mandatory for CGI) REQUEST_URI (not part of RFC-3875) I'm keeping *most* of the RFC-3875 meta-variables except for those that don't really make sense, like GATEWAY_INTERFACE (since it's not), SCRIPT_NAME (since it's not a script), PATH_INFO and PATH_TRANSLATED (again, becuase it's not a script). I am keeping REQUEST_METHOD, and for REQUEST_URI I have GEMINI_URL and GEMINI_URL_PATH (these are now available in my CGI interface as well). I haven't added REQUEST_URI because it's underspecced in my opinion---the example only shows the path portion, and I have a workaround in place anyway. I was going to make SCGI support a handler (like all of my dynamic content generators in GLV-1.12556) but that requires support in the config file and thus leaves users out [1]. I then had an inspired thought (or evil, take your pick) to use symbolic links in the filesystem pointing to the server lrwxrwxrwx 1 spc spc 16 May 24 00:03 foo -> scgi:////tmp/log lrwxrwxrwx 1 spc spc 22 May 23 23:57 here -> scgi://localhost:33333 lrwxrwxrwx 1 spc spc 22 May 23 23:58 there -> scgi://[fc00::1]:3333/ The first points to a Unix domain socket, the other two to TCP sockets. This will give users a way to use SCGI without having access to the config files for the Gemini server. I'm not saying everybody has to use this symbolic hack for SCGI---it's just that I'm using this hack for SCGI support in GLV-1.12556. I'll report more on this when I have it finished. -spc [1] The CGI support in GLV-1.12556 is not a handler, but is a module used by the filesystem handler when it sees a file that is executable. The userdirectory handler uses the filesystem handler, so the use of CGI is transfered to userdirectories as well.
On Sun, May 24, 2020 at 12:58:48AM -0400, Sean Conner wrote: > > From what I can determine > (checking Wikipedia, the above article and the Apache documentation) it > appears that the Gemini server (or web server in the case of Apache) is > expecting the SCGI program to be running already, and all that happens is > the Gemini (Apache) server connects to it, sends the request and awaits a > response. This is precisely what excites me about SCGI. Until Go gets non-broken from the perspective of traditional unix user-based permissions, there's no way for Molly Brown to securely kick off a CGI process via fork(). If something else (a helper program, or the admin) starts the process, they can presumably start it as a `nobody` user and chroot it somewhere safe. It's clunky, but I can live with it for now. > I'm keeping *most* of the RFC-3875 meta-variables except for those that > don't really make sense, like GATEWAY_INTERFACE (since it's not), > SCRIPT_NAME (since it's not a script), PATH_INFO and PATH_TRANSLATED (again, > becuase it's not a script). I am keeping REQUEST_METHOD, and for > REQUEST_URI I have GEMINI_URL and GEMINI_URL_PATH (these are now available > in my CGI interface as well). I haven't added REQUEST_URI because it's > underspecced in my opinion---the example only shows the path portion, and I > have a workaround in place anyway. We really need to get the adaptation of RFC-3875 documented somewhere. Not in the Gemini-spec, but in some kind of side-spec thing, with it's own name or ID and file in gemini.circumlunar.space/docs/, or a sub directory thereof. Not just CGI, but our proposed adaptation of robots.txt, and other stuff like that. I dunno what these should be called, I'm not sure how they should be managed. I might end up delegating most responsibility for these "side specs" to interested people who I trust to do a good job. I have a bunch of ill-formed ideas for side specs that it would be good to bring to life. > I was going to make SCGI support a handler (like all of my dynamic content > generators in GLV-1.12556) but that requires support in the config file and > thus leaves users out [1]. I then had an inspired thought (or evil, take > your pick) to use symbolic links in the filesystem pointing to the server > > lrwxrwxrwx 1 spc spc 16 May 24 00:03 foo -> scgi:////tmp/log > lrwxrwxrwx 1 spc spc 22 May 23 23:57 here -> scgi://localhost:33333 > lrwxrwxrwx 1 spc spc 22 May 23 23:58 there -> scgi://[fc00::1]:3333/ > > The first points to a Unix domain socket, the other two to TCP sockets. > This will give users a way to use SCGI without having access to the config > files for the Gemini server. I'm not saying everybody has to use this > symbolic hack for SCGI---it's just that I'm using this hack for SCGI support > in GLV-1.12556. Nice hack! Cheers, Solderpunk
So, in my head I've been noodling on the idea of writing a server. I don't understand at all the 10 response, I assume it's supposed to be this cgi business, because i don't see anywhere where a .gmi page can prompt the user. Is that true? Either way, could someone point me to a simple example? (I am running jetforce right now, if that helps) -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
It was thus said that the Great peteyboy at sdf.org once stated: > So, in my head I've been noodling on the idea of writing a server. I don't > understand at all the 10 response, I assume it's supposed to be this cgi > business, because i don't see anywhere where a .gmi page can prompt the > user. Is that true? Either way, could someone point me to a simple > example? (I am running jetforce right now, if that helps) Sure, go to gemini://gemini.conman.org/hilo/ It's a simple "Guess the Number" game. -spc
On Sun, May 24, 2020 at 01:04:42PM -0700, peteyboy at sdf.org wrote: > So, in my head I've been noodling on the idea of writing a server. I don't understand at all the 10 response, I assume it's supposed to be this cgi business, because i don't see anywhere where a .gmi page can prompt the user. Is that true? Either way, could someone point me to a simple example? (I am running jetforce right now, if that helps) > -- There's no way to prompt the user from within a static text/gemini document. You'll need a server with some kind of support for dynamic content to send the 10 status in response to a request. This is perhaps one of the the biggest conceptual differences between Gopher and Gemini. I don't see it as a big limitation in practice - a static document couldn't *do* anything with the user's response anyway, so there's going to need to be a CGI app or something similar involved anyway. Cheers, Solderpunk
Cool, i will check that out. But is that a custom app, then? There's no .cgi file or anything you're pointing to. How'd you implement it? >Date: Sun, 24 May 2020 16:33:47 -0400 >From: Sean Conner <sean at conman.org> >To: "A protocol that is slightly more complex than gopher, but > significantly simpler than HTTP" <gemini at lists.orbitalfox.eu> >Subject: Re: Gemini and CGI hosting >Message-ID: <20200524203347.GJ23998 at brevard.conman.org> >Content-Type: text/plain; charset=us-ascii > >It was thus said that the Great peteyboy at sdf.org once stated: >> So, in my head I've been noodling on the idea of writing a server. I >don't >> understand at all the 10 response, I assume it's supposed to be this >cgi >> business, because i don't see anywhere where a .gmi page can prompt >the >> user. Is that true? Either way, could someone point me to a simple >> example? (I am running jetforce right now, if that helps) > > Sure, go to > > gemini://gemini.conman.org/hilo/ > > It's a simple "Guess the Number" game. > > -spc > > > >------------------------------ -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
It was thus said that the Great peteyboy at sdf.org once stated:
> Cool, i will check that out. But is that a custom app, then? There's no
> .cgi file or anything you're pointing to. How'd you implement it?
You are right it's not a CGI script [1]. It's a custom module I added to
the server [2]. The source code is here:
gemini://gemini.conman.org/extensions/GLV-1/handlers/hilo.lua
and most of it is just error checking, I can still walk you through the code
though.
function handler(_,_,loc,match)
The handler gets four parameters, but I don't care about the first two
(the first is the configuration paremeters for the handler, which for this
handler I don't care about, and the second is the client certificate info,
again, there is none). The third one is the broken down URL, for example:
{
scheme = "gemini",
path = "/hilo/1082",
query = "33",
host = "gemini.conman.org",
port = 1965.000000,
}
The last parameter is the path portion of the URL broken up into two
components (it's specified in the configuration portion how to split the
path up) and for the example above, it would be:
{ "/hilo/" , "1082" }
When you first enter the game, the second element of the match paramter
will be "", so that starts a game, which generates a random number and
generates a link that contains the encoded number (I wanted something simple
to demonstrate the 10 status codes, I didn't want to make this bulletproof).
If there's no query portion to the URL, then I return a status code of 10
with a prompt. If there *is* a query portion, I decode the query string and
do some error checking (making sure it's formatted properly and a number).
I then convert the second portion of the match paramter to a value to
recover the original number, compare it to the guess and return a 10 status
code if it's not right, or a 20 if you guessed it.
It could very well be a CGI script, and I could make it look exactly the
same with the same URLs and everything [3], but I went this route because I
could, and it was a bit easier to implement.
-spc
[1] The server it's running on does support CGI.
[2] Because its' easy enough to write a custom module (or handler) for
GLV-1.12556.
[3] In my server, when it comes across a file that is marked executable,
and CGI is enabled, will then treat the file as a CGI script. No
special extensions required. For example:
gemini://gemini.conman.org/cgi/test
gemini://gemini.conman.org/cgi/test/1082
gemini://gemini.conman.org/cgi/test/1082?33
Here, the CGI script is called "test".
---