~moody/rc-gemd

f20fa4e014b29f293169bdacf99af0d372bbd71b — Moody 10 months ago 28f8522
Add tlsshim for handling running as 'none'
Set index file if $location is /
Handle no trailing slash and ports in url
Mention tlsshim in readme
4 files changed, 22 insertions(+), 4 deletions(-)

M README
M rc-gemd
M select-handler
A tlsshim
M README => README +13 -3
@@ 10,7 10,17 @@ bind -b /tmp /rc/bin

or one can change the rc_gemd_dir setting in the script.

The server can be started with a combination of listen(8) and tlssrv(8):
aux/listen1 tcp!*!1965 tlssrv -c /lib/ssl/gem.pem /rc/bin/rc-gemd/rc-gemd
The serve can be started with a combination of listen(8) and tlssrv(8),
however the requirments of tlssrv to have the tls key be in factotum can be
a bit tricky to deal when running as 'none'. To fix this there is an example
start script, tlsshim, which starts factotum and populates it with the private
key on each listen1 connection.

The instructions for generating TLS certificates can be found in rsa(8).
Using the tlsshim and assuming the tls files are /lib/ssl^(gem.key gem.cert):
aux/listen1 tcp!*!1965 /rc/bin/rc-gemd/tlsshim

The tls files can be generated by running the following commands:
mkdir -p /lib/ssl
auth/rsagen -t 'service=tls owner=*' >/lib/ssl/gem.key
auth/rsa2x509 'C=US CN=your.domain.here' gem.key |
	auth/pemencode CERTIFICATE >/lib/ssl/gem.cert

M rc-gemd => rc-gemd +3 -1
@@ 12,6 12,8 @@ if not
	scheme='gemini://'

server_name=`{echo $url | sed 's,/.*,,'}
location=`{echo $url | sed 's,[a-zA-Z0-9.]+/,/,'}
location=`{echo $url | sed 's,[a-zA-Z0-9.:]+/?,/,'}

echo request from `{sed 's/!.*//' $net/remote} to $url >[1=2]

. $rc_gemd_dir/select-handler

M select-handler => select-handler +2 -0
@@ 1,3 1,5 @@
#!/bin/rc
if(~ $location /)
	location=/index.gem
fs_root=/lib/gem
exec serve-static

A tlsshim => tlsshim +4 -0
@@ 0,0 1,4 @@
#!/bin/rc
auth/factotum -n
cat /lib/ssl/gemini.key > /mnt/factotum/ctl
exec tlssrv -c /lib/ssl/gemini.cert /rc/bin/rc-gemd/rc-gemd