💾 Archived View for gemlog.blue › users › Sw4mp_Sl0th › 1725147117.gmi captured on 2024-08-31 at 21:44:06. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
For family, for friends, for freedom, for fun, for grins and giggles or just because. It does not matter the reason, you just want to own and operate a Gemini server, but after reading the beautiful Project Gemini FAQ page(s) and diving into the various capsules, which are chuck full of information, you discover that you will have to spend money (argent, деньги, dinero, Geld, penger, rahaa, soldi, ... you get the point). You are on a super tight budget and are barely able to afford your home's internet connection (maybe you're a student in middle school, high school or college), so paying for a domain name's registration fee is out of the question (for some people it's not much, but for a poor college student that registration fee can buy a few boxes of fake Pop-Tarts). "Sl0th, is there any hope?" Perhaps there is. You and those who will use your server will have to break with tradition, walk on the wild side and endure a bit of "hackyness" though.
Two words, you exuberantly motivated capsuleer... onion address. Yes, I am talking about acquiring a free .onion domain for your Gemini capsule. That ancient laptop that has been sitting under your bed for the last decade will serve you well (after some IT "necromancing" of course... 'Arise! Arise from the beyond ye old laptop'). Just install a light-weight GNU/Linux server on it (search "normal space," there are loads of tutorials out there on how to do it). Then install a Gemini server and setup a Tor Onion Service (hidden service). Those who wish to access your Gemini capsule will have to install the Tor service (not the Tor Browser) and then route the Gemini client through the Tor service.
Note: I have only tested client connection under GNU/Linux and Android, but it could also work under Windows by using Proxychains or Resistal along with Tor Expert Bundle. Also, this worked with Orbot and the deedum client on Android (by far the easiest way to connect to your .onion Gemini capsule).
For the server hardware I used an old Z83-F mini computer and for the OS I installed Ubuntu Server 22.04.4 LTS. The Gemini server is Agate version 3.3.8 (Hoek has a nice guide that can help you install Agate [link below]) and the Tor version is 0.4.8.12 (available on the Ubuntu repository at the time of the experiment).
For the clients I used the Lagrange-1.17.6-x86_64.AppImage and the Kristall-nightly-linux-x86_64.AppImage running on a Linux Mint 22 virtual machine (VirtualBox) with Tor version 0.4.8.10 and Torsocks 2.3.0 (Tor and Torsocks were available on the Mint 22 repository). I also used Orbot 17.2.1-RC-1-tor-0.4.8.7 and deedum 2022.0406.0502 client on Android 8.1.0.
"Hoek's Agate Tutorial" (link below) helps you setup a Gemini server for your capsule using a registered domain (we substitute this with the .onion domain), while the "Set up Your Onion Service" guide (link below), written by the lovely people at the Tor Project, helps you setup a "normal space" (HTTP[S]) web server (we replace this with Agate) as a hidden Tor service. I took both Hoek's guide and the Onion Service guide and mashed them together (hence the "hackyness").
First, I started on the Ubuntu server with Hoek's guide and followed it until I reached the "Certificate" section, where I stopped. I then switched to the Onion Service guide and followed Step 0, skipped Step 1 and continued with Step 2 (use port 1965 instead of 80 for HiddenServicePort and your public/LAN IP instead of localhost), Steps 3 and 4 (don't do the testing yet in 4). Now that I had my ".onion" address (from Step 4) I went back to Hoek's guide and continued with the "Certificate" section (use the .onion address instead of "capsule.example.com"), skipped the "Nginx configuration" section and followed the "Firewall" section (don't forget about the firewall on your router) and the "Service" section (use the .onion address here as well). I went back to Step 4 of the Onion guide and instead of using the Tor Browser I used the Lagrange client with torsocks to perform the test by typing in "torsocks ./Lagrange-1.17.6-x86_64.AppImage" in the Linux Mint 22 terminal and using the .onion address (you can use Kristall AppImage instead if you prefer). After a few seconds (the Tor network can be very slow at times)... voila! There was my Gemini capsule index page, being hosted by my humble mini computer (using my home internet connection), with the address "gemini://2bnaqayplmzyqgdrvmdvquau4a3e62zpn6ipmn3zelybxiqx3b4yroqd.onion" being displayed by the Lagrange client (that onion address is what I used for early testing and is no longer active... I might replace it in the future with a working .onion domain after some more testing).
When using the Tor service, not only do you get a free .onion address, but you also get to obfuscate/hide your home server's IP address, as well as the IP address of the clients connecting to it. Granted, I am not a penetration testing expert, so I am not entirely sure if this experimental setup is leaking like an old faucet or not. At least the Agate logs show the server's IP when a client makes a connection and not the client's IP (like it does when not using the Tor service). Maybe a pen-testing enthusiast can take a closer look and determine if this experimental method can truly add "anonymity" to Gemini servers.
I tried that and discovered I was NOT very good at it, so no thanks. I rather keep what's left of my sanity. 😅
More importantly, you now (hopefully) have a less expensive way to host your very own Gemini capsule from your very own hardware using your home's internet connection, while maybe (great emphasis on maybe) keeping your home IP address hidden from potential bad actors roaming Gemini space.
Agate server for the Gemini network protocol
Creator's (xq) Kristall GUI Client/Browser Website
deedum Client/Browser for Smartphones
Discussion about using unix sockets instead of localhost for Tor Hidden Services
How does Tor resolve .onion domains?
Question re: tor/torify/torsocks and Windows OS