1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# define a gopher server
# This IP/port is the default, both components are optional.
# To specify a port without changing the IP default, write it like ":70".
gopher 0.0.0.0:70 {
# A gopher server MUST include a single "host" directive with a single hostname.
# It will be used for internal links, such as in directory listings.
host tjp.lol
# The "static" directive exposes a filesystem directory at a given path prefix.
# It will only serve files which are world-readable.
# "with" introduces comma-separated modifiers to a directive.
# - "exec" causes world-executable files to be executed as if they were in a cgi directory.
# - "extendedgophermap" allows the sliderule extended form for gophermap files.
# - "dirdefault <name>" uses a given filename for requests made for the directory.
# - "dirlist" builds listings of requested directories, at a lower priority than "dirdefault".
static /var/gopher/docs at / with dirdefault gophermap, dirlist, exec, extendedgophermap
# The "cgi" directive exposes a filesystem directory at a path prefix as well but executes requested files.
# It will only execute world-executable files.
# It supports the "extendedgophermap" and "dirdefault" modifiers.
# Executed files are assumed to produce gophermap, although the "extendedgophermap" modifier can make this more friendly.
cgi /var/gopher/cgi at /cgi-bin with extendedgophermap
# Directives which result in exposing a filesystem directory may include tilde (~) characters.
# It must be present in both the path prefix and the filesystem path, or neither.
# In the path prefix it will match a "~username" path segment and the user name will be captured.
# If the filesystem path begins with the ~ character it represents the user's home directory.
# Otherwise, it will be replaced by the user's name.
# So on a system where users' home directories are at /home, "/home/~" and "~" are the same (though the latter is more general).
static ~/public_gopher at /~ with dirdefault gophermap, dirlist, exec, extendedgophermap
cgi ~/public_gopher/cgi-bin at /~/cgi-bin
# The "git" directive exposes git repos under a filesystem directory.
# Only git repositories in the given filesystem directory (not its children) are exposed.
git ~/code at /~/code
}
# define a finger server
# This is the default host and port, and both or either may be omitted.
# Only a single "static" or "cgi" directive is allowed in a finger server.
# In either case a ~ must be present in the path, and there is no "at <prefix>" clause.
# "static ... with exec" differs from "cgi" in that if the file is not executable, "static" will serve the file's contents instead.
# There is no support for /W extended form, user listings, or serving as a jump host.
finger 0.0.0.0:79 {
static ~/.finger with exec
}
# define a gemini server
# This is the default host and port, and both or either may be omitted.
gemini 0.0.0.0:1965 {
# "host" directives are allowed in gemini servers.
# "host" is followed by one or more comma-separated hostnames that will be used to match this server.
# Multiple gemini servers may be defined on the same IP/port, in which case the hosts will delineate
# which server's behavior is triggered by a given request.
host tjp.lol
# A gemini server MUST have a single "servertls" directive with "key <keyfile>" and "cert <certfile>" clauses.
servertls key /var/gemini/tls/server.key cert /var/gemini/tls/server.crt
# "static" and "cgi" directives work much like in gopher servers.
# There is no "extendedgophermap" modifier in gemini, however.
static /var/gemini/docs at / with dirdefault index.gmi, dirlist, exec
cgi /var/gemini/cgi at /cgi-bin
static ~/public_gemini at /~ with dirdefault index.gmi, dirlist, exec
cgi ~/public_gemini/cgi-bin at /~/cgi-bin
# "titan" enables uploads into to (over-)write into world-writable directories.
# It REQUIRES an "auth" clause that references an auth directive.
titan ~/public_gemini at /~ auth private_gemini
# "static" and "cgi" directives support an "auth <name>" clause which requires that an authentication pass.
cgi ~/public_gemini/cgi-bin/private at /~/cgi-bin/private auth private_gemini
git ~/code at /~/code
}
# "auth" is a global directive that defines a named authentication strategy.
# The "auth" keyword is followed by a name, and then the strategy.
# "clienttlsfile" is a strategy which takes a path to a file which contains line-delimited SHA256 fingerprints of client certificates.
# Tildes (~) are allowed in the file path, in which case the strategy is only usable in a ~user-scoped directive.
auth private_gemini clienttlsfile ~/.private_gemini
# The "clienttls" strategy takes comma-separated SHA256 fingerprints of client certificates.
auth is_tony clienttls 0284bcb38d7c98548df4a67587163276373ea8f9a8cc931a89f475557bd9f3a3
# The "hasclienttls" strategy requires only that the request be made with a client certificate.
auth is_named hasclienttls
|
