💾 Archived View for rulmer.xyz › vger.gmi captured on 2024-03-21 at 14:47:10. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
Here are some brief notes on how to set up the vger gemini server on Debian using inetd and stunnel. For security, vger is run with it's own user. You can find vger here:
https://tildegit.org/solene/vger (HTTPS)
Execute the following steps to create a simple gemini capsule, which serves a hello world page. Change 'rulmer.xyz' to your domain. Make sure to open port 1965 in your firewall. You might also want to make sure, that the created user cannot read other users files by executing `chmod 750 /home/*`.
adduser --system vger mkdir /home/vger/my_capsule echo "Hello world!" > /home/vger/my_capsule/index.gmi chown vger:nogroup -R /home/vger/my_capsule apt install git clang make libbsd-dev openbsd-inetd stunnel4 openssl git clone https://tildegit.org/solene/vger.git && cd vger ./configure make mkdir /home/vger/bin cp vger /home/vger/bin/ cat << EOF >> /etc/inetd.conf 127.0.0.1:11965 stream tcp nowait vger /home/vger/bin/vger vger -d /home/vger/my_capsule EOF systemctl enable inetd systemctl restart inetd mkdir /root/gemini_cert && cd /root/gemini_cert openssl req -nodes -x509 -newkey rsa:4096 -sha256 \ -keyout key.pem -out cert.pem -subj '/CN=rulmer.xyz' cat << EOF >> /etc/stunnel/stunnel.conf [gemini] accept = 1965 connect = 11965 cert = /root/gemini_cert/cert.pem key = /root/gemini_cert/key.pem EOF systemctl enable stunnel4 systemctl restart stunnel4
Log into your server as root (other users cannot view the syslog of the vger user) and run `journalctl -t vger` to view logs.
Solène, the author of vger, has a few posts about it:
2021-01-14 Vger security analysis