f20fa4e014b29f293169bdacf99af0d372bbd71b — Moody 10 months ago 28f8522
Add tlsshim for handling running as 'none'
Set index file if $location is /
Handle no trailing slash and ports in url
Mention tlsshim in readme
4 files changed, 22 insertions(+), 4 deletions(-)

M rc-gemd
M select-handler
A tlsshim
@@ 10,7 10,17 @@ bind -b /tmp /rc/bin

or one can change the rc_gemd_dir setting in the script.

The server can be started with a combination of listen(8) and tlssrv(8):
aux/listen1 tcp!*!1965 tlssrv -c /lib/ssl/gem.pem /rc/bin/rc-gemd/rc-gemd
The serve can be started with a combination of listen(8) and tlssrv(8),
however the requirments of tlssrv to have the tls key be in factotum can be
a bit tricky to deal when running as 'none'. To fix this there is an example
start script, tlsshim, which starts factotum and populates it with the private
key on each listen1 connection.

The instructions for generating TLS certificates can be found in rsa(8).
Using the tlsshim and assuming the tls files are /lib/ssl^(gem.key gem.cert):
aux/listen1 tcp!*!1965 /rc/bin/rc-gemd/tlsshim

The tls files can be generated by running the following commands:
mkdir -p /lib/ssl
auth/rsagen -t 'service=tls owner=*' >/lib/ssl/gem.key
auth/rsa2x509 'C=US CN=your.domain.here' gem.key |
	auth/pemencode CERTIFICATE >/lib/ssl/gem.cert

M rc-gemd => rc-gemd +3 -1
@@ 12,6 12,8 @@ if not

server_name=`{echo $url | sed 's,/.*,,'}
location=`{echo $url | sed 's,[a-zA-Z0-9.]+/,/,'}
location=`{echo $url | sed 's,[a-zA-Z0-9.:]+/?,/,'}

echo request from `{sed 's/!.*//' $net/remote} to $url >[1=2]

. $rc_gemd_dir/select-handler

M select-handler => select-handler +2 -0
@@ 1,3 1,5 @@
if(~ $location /)
exec serve-static

A tlsshim => tlsshim +4 -0
@@ 0,0 1,4 @@
auth/factotum -n
cat /lib/ssl/gemini.key > /mnt/factotum/ctl
exec tlssrv -c /lib/ssl/gemini.cert /rc/bin/rc-gemd/rc-gemd