💾 Archived View for rulmer.xyz › vger.gmi captured on 2024-05-26 at 14:21:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

Go back

Serving a capsule with vger on Debian

Here are some brief notes on how to set up the vger gemini server on Debian using inetd and stunnel. For security, vger is run with it's own user. You can find vger here:

https://tildegit.org/solene/vger (HTTPS)

Execute the following steps to create a simple gemini capsule, which serves a hello world page. Change 'rulmer.xyz' to your domain. Make sure to open port 1965 in your firewall. You might also want to make sure, that the created user cannot read other users files by executing `chmod 750 /home/*`.

adduser --system vger
mkdir /home/vger/my_capsule
echo "Hello world!" > /home/vger/my_capsule/index.gmi
chown vger:nogroup -R /home/vger/my_capsule

apt install git clang make libbsd-dev openbsd-inetd stunnel4 openssl
git clone https://tildegit.org/solene/vger.git && cd vger
./configure
make
mkdir /home/vger/bin
cp vger /home/vger/bin/

cat << EOF >> /etc/inetd.conf
127.0.0.1:11965 stream tcp nowait vger /home/vger/bin/vger vger -d /home/vger/my_capsule
EOF
systemctl enable inetd
systemctl restart inetd

mkdir /root/gemini_cert && cd /root/gemini_cert
openssl req -nodes -x509 -newkey rsa:4096 -sha256 \
	-keyout key.pem -out cert.pem -subj '/CN=rulmer.xyz'

cat << EOF >> /etc/stunnel/stunnel.conf
[gemini]
accept  = 1965
connect = 11965
cert = /root/gemini_cert/cert.pem
key  = /root/gemini_cert/key.pem
EOF
systemctl enable stunnel4
systemctl restart stunnel4

Viewing server logs

Log into your server as root (other users cannot view the syslog of the vger user) and run `journalctl -t vger` to view logs.

Articles about vger by Solène

Solène, the author of vger, has a few posts about it:

2021-01-14 Vger security analysis

2021-01-02 Vger gemini server can now redirect

2020-11-30 How to deploy Vger gemini server on OpenBSD