💾 Archived View for babiak.duckdns.org › migration.gmi captured on 2024-05-10 at 10:45:36. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

I migrated to molly-brown

I have had this capsule for a long time now. Looking at the file timestamps,

over two and a half years. In that time, I have done several years of

university, including having to retake a partial differential equations course

several times (and I will need to take it again next year). I have also had an

idea or two for projects that could be hosted on gemini. Like, CGI games and

similar.

However, for that to work, I need a gemini server that actually supports CGI

stuff. Until today, I was using agate [1] to serve all this stuff. It is

certainly not difficult to set up, with me just needing to run the following

command every time I restarted the server to keep it running:

agate --hostname babiak.duckdns.org >>logs/agate.log 2>&1 &

[1] agate

And frankly, even that is not needed. Over the years, I have gathered 17

thousand lines of logging info in that file. I have never needed to look at it.

My current plans include getting rid of all the IP addresses from it, and maybe

looking at some statistics on which pages were visited the most. I expect my

gemlog index got the most hits, given I at least set up my browser to subscribe

to it to make sure it was working. So that should be a hit every time I launched

Lagrange, compared to me looking at some of my other stuff maybe once or twice a

year…

Anyway, that's not what I wanted to talk about. What I wanted to talk about, was

my moving over to the one and only Unsinkable Molly Brown.

The migration process

Migrating was surprisingly easy. Sure, there's a few rough edges left here and

there (for instance, gemlog_two.sh now reports a mime type of

application/x-shellscript instead of text/x-shellscript), but for half an hour's

work, including documentation lookup, that's pretty good, in my opinion.

The first step, of course, was finding out where agate kept all its stuff, so

that molly could use it. After finding it's github page, I found it:

~
|--content
|  |--index.gmi
|  `--etc.gmi
`--.certificates
   `-- babiak.duckdns.org
       |-- cert.der 
       `-- key.der  

As I always ran agate in my home directory, as the default user ubuntu on my

vps, this structure was in said home directory. Configuring molly brown to use

these files was in theory, as simple as making the following config file:

# Molly Brown localhost server config using snakeoil certificates

CertPath = "/home/ubuntu/.certificates/babiak.duckdns.org/cert.pem"
KeyPath = "/home/ubuntu/.certificates/babiak.duckdns.org/key.pem"
DocBase = "/home/ubuntu/content"
AccessLog = "-"
ErrorLog = "-"
HostName = "babiak.duckdns.org"

You may notice that the cert and key files have different extensions. This is

because they have different formats. Cert.der is an x509 certificate in DER

format (at least, I think that those are the correct words), while key.der is an

elliptic curve key in the same format. I have no idea what these words mean, but

I did manage to find the right command to convert the certificate into PEM

format quite easily:

openssl x509 -inform DER -in ~/.certificates/babiak.duckdns.org/cert.der -out \
	~/.certificates/babiak.duckdns.org/cert.pem

However, regarding the key, file(1) said the following:

$ file ~/.certificates/babiak.duckdns.org/key.der
/home/ubuntu/.certificates/babiak.duckdns.org/key.der: data

I tried the same command as earlier, but got a strange error message. As I have

already explained, the key is not using x509, but some kind of elliptic curve,

or maybe RSA. I found this out by digging around in agate's github issues. Which

algorithm was used by default was not specified, but neither ones mentioned

matched the tab-completion of the openssl command, so I tried both of the

options openssl listed that started with ec after trying RSA. In the end, the

correct command was the following:

openssl ec -inform DER -in ~/.certificates/babiak.duckdns.org/key.der -out \
	~/.certificates/babiak.duckdns.org/key.pem

After running these two commands, molly-brown started perfectly happily, and was

serving everything fine… except for my gemlog. After digging around a bit, I

found that my shell script that generated it was copying a chmod 600 file, which

agate, running as my user had no issues serving, but which molly opted not to,

as it was not set to world-readable. A simple enough issue to fix. Also, given

molly doesn't use agate's .meta files, I still need to add a bit more data to

the .molly file, but I have already told it that stuff under hu/ should be

labelled as being in Hungarian. I… haven't tested whether that works yet.

But yeah, overall, it took a lot longer to write this all up than it took to

actually do it all. Hopefully, I'll have a minimal CGI proof of concept up and

running next week!