diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/example.sr71 | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/config/example.sr71 b/config/example.sr71 new file mode 100644 index 0000000..6c1a977 --- /dev/null +++ b/config/example.sr71 @@ -0,0 +1,88 @@ +# define a gopher server +# This IP/port is the default, both components are optional. +# To specify a port without changing the IP default, write it like ":70". +gopher 0.0.0.0:70 { + # A gopher server MUST include a single "host" directive with a single hostname. + # It will be used for internal links, such as in directory listings. + host tjp.lol + + # The "static" directive exposes a filesystem directory at a given path prefix. + # It will only serve files which are world-readable. + # "with" introduces comma-separated modifiers to a directive. + # - "exec" causes world-executable files to be executed as if they were in a cgi directory. + # - "extendedgophermap" allows the sliderule extended form for gophermap files. + # - "dirdefault <name>" uses a given filename for requests made for the directory. + # - "dirlist" builds listings of requested directories, at a lower priority than "dirdefault". + static /var/gopher/docs at / with dirdefault gophermap, dirlist, exec, extendedgophermap + + # The "cgi" directive exposes a filesystem directory at a path prefix as well but executes requested files. + # It will only execute world-executable files. + # It supports the "extendedgophermap" and "dirdefault" modifiers. + # Executed files are assumed to produce gophermap, although the "extendedgophermap" modifier can make this more friendly. + cgi /var/gopher/cgi at /cgi-bin with extendedgophermap + + # Directives which result in exposing a filesystem directory may include tilde (~) characters. + # It must be present in both the path prefix and the filesystem path, or neither. + # In the path prefix it will match a "~username" path segment and the user name will be captured. + # If the filesystem path begins with the ~ character it represents the user's home directory. + # Otherwise, it will be replaced by the user's name. + # So on a system where users' home directories are at /home, "/home/~" and "~" are the same (though the latter is more general). + static ~/public_gopher at /~ with dirdefault gophermap, dirlist, exec, extendedgophermap + cgi ~/public_gopher/cgi-bin at /~/cgi-bin + + # The "git" directive exposes git repos under a filesystem directory. + # Only git repositories in the given filesystem directory (not its children) are exposed. + git ~/code at /~/code +} + +# define a finger server +# This is the default host and port, and both or either may be omitted. +# Only a single "static" or "cgi" directive is allowed in a finger server. +# In either case a ~ must be present in the path, and there is no "at <prefix>" clause. +# "static ... with exec" differs from "cgi" in that if the file is not executable, "static" will serve the file's contents instead. +# There is no support for /W extended form, user listings, or serving as a jump host. +finger 0.0.0.0:79 { + static ~/.finger with exec +} + +# define a gemini server +# This is the default host and port, and both or either may be omitted. +gemini 0.0.0.0:1965 { + # "host" directives are allowed in gemini servers. + # "host" is followed by one or more comma-separated hostnames that will be used to match this server. + # Multiple gemini servers may be defined on the same IP/port, in which case the hosts will delineate + # which server's behavior is triggered by a given request. + host tjp.lol + + # A gemini server MUST have a single "servertls" directive with "key <keyfile>" and "cert <certfile>" clauses. + servertls key /var/gemini/tls/server.key cert /var/gemini/tls/server.crt + + # "static" and "cgi" directives work much like in gopher servers. + # There is no "extendedgophermap" modifier in gemini, however. + static /var/gemini/docs at / with dirdefault index.gmi, dirlist, exec + cgi /var/gemini/cgi at /cgi-bin + + static ~/public_gemini at /~ with dirdefault index.gmi, dirlist, exec + cgi ~/public_gemini/cgi-bin at /~/cgi-bin + + # "titan" enables uploads into to (over-)write into world-writable directories. + # It REQUIRES an "auth" clause that references an auth directive. + titan ~/public_gemini at /~ auth private_gemini + + # "static" and "cgi" directives support an "auth <name>" clause which requires that an authentication pass. + cgi ~/public_gemini/cgi-bin/private at /~/cgi-bin/private auth private_gemini + + git ~/code at /~/code +} + +# "auth" is a global directive that defines a named authentication strategy. +# The "auth" keyword is followed by a name, and then the strategy. +# "clienttlsfile" is a strategy which takes a path to a file which contains line-delimited SHA256 fingerprints of client certificates. +# Tildes (~) are allowed in the file path, in which case the strategy is only usable in a ~user-scoped directive. +auth private_gemini clienttlsfile ~/.private_gemini + +# The "clienttls" strategy takes comma-separated SHA256 fingerprints of client certificates. +auth is_tony clienttls 0284bcb38d7c98548df4a67587163276373ea8f9a8cc931a89f475557bd9f3a3 + +# The "hasclienttls" strategy requires only that the request be made with a client certificate. +auth is_named hasclienttls |