-- Leo's gemini proxy

-- Connecting to capsule.usebox.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini; charset=utf-8; lang=en

Deploying SpaceBeans on Debian


This is simple "how to" to deploy the service on a stock Debian installation.


All commands need to be run as root user.


(tip: "sudo -i" if you're using sudo)


0. Install OpenJDK JRE headless:


apt install openjdk-11-jre-headless

1. Create a system user:


groupadd spacebeans

adduser --quiet \
        --system \
        --shell /usr/sbin/nologin \
        --home /nonexistent \
        --ingroup spacebeans \
        --no-create-home \
        --disabled-password \
        spacebeans

2. Copy the server's binary to /opt/spacebeans/:


mkdir -p /opt/spacebeans
cd /opt/spacebeans
# get the URL to the latest JAR from https://www.usebox.net/jjm/spacebeans/releases
wget URL/spacebeans-VERSION.jar

3. Create a certificate (optional, only if you don't have one already).


When entering the certificate details, use the domain name as CN.


cd /opt/spacebeans
keytool -genkey -keyalg RSA -alias ALIAS -keystore keystore.jks -storepass SECRET -noprompt -validity 36500 -keysize 2048
chown spacebeans:spacebeans keystore.jks
chmod 0400 keystore.jks

In the configuration file provide the path to the keystore, the alias and the secret used when generating the certificate.


4. Prepare your spacebeans.conf file.


Put it in /opt/spacebeans/, with at least one virtual host.


For example:


virtual-hosts = [
    {
        host = "*your domain*"
        root = "/var/gemini/*your domain*"
        index-file = "index.gmi"

        directory-listing = true

        key-store {
            path = "/opt/spacebeans/keystore.jks"
            alias = "*your alias*"
            password = "*your secret*"
        }
    }
]

Ensure that the file has the right permissions:


cd /opt/spacebeans
chown spacebeans:spacebeans spacebeans.conf
chmod 0400 spacebeans.conf

5. Create `/etc/systemd/system/spacebeans.service`:


[Unit]
Description=SpaceBeans Gemini Server
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=5
User=spacebeans
ExecStart=/usr/bin/java -jar /opt/spacebeans/spacebeans-VERSION.jar -c /opt/spacebeans/spacebeans.conf

[Install]
WantedBy=multi-user.target

Then start the service:


systemctl start spacebeans.service

Check that it is up and running:


systemctl status spacebeans.service

(should say "Active: active (running)")


Then enable it so it starts after a reboot:


systemctl enable spacebeans.service

And you're probably done!


6. Optionally, tidy up your logs.


The logs have redundant information when collected by systemd.


Create this file in /opt/spacebeans/logback.xml:


<configuration>
  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
        <pattern>[%level] %message%n%xException{10}</pattern>
    </encoder>
  </appender>
  <logger name="net.usebox.gemini.server" level="INFO" />
  <root level="WARN">
    <appender-ref ref="STDOUT" />
  </root>
</configuration>

Change the `ExecStart` command in your service file to:


ExecStart=/usr/bin/java -Dlogback.configurationFile=/opt/spacebeans/logback.xml -jar /opt/spacebeans/spacebeans-VERSION.jar -c /opt/spacebeans/spacebeans.conf

Then restart the service:


systemctl restart spacebeans.service

This should make the logs nicer.


Go back


-- Response ended

-- Page fetched on Thu May 2 00:11:12 2024