-- Leo's gemini proxy

-- Connecting to gemini.omarpolo.com:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini;lang=en

↩ back to the index

gmid “Interstellar Overdrive” v1.5 update

Written while listening to “Interstellar Overdrive” by Pink Floyd.

Published: 2021-01-30

Tagged with:



These last twenty days were pretty productive on the gmid front: I ended up doing way more things that I had planned for this v1.5 release.

The headlines are the automatic sandboxing on OpenBSD, FreeBSD and linux and the introduction of the configuration file, but you’ll find the whole change log at the end of this entry.

On OpenBSD pledge and unveil were already in place, but their usage has been improved during this release cycle: the daemon was split into two processes that run with different pledges. This enabled also the usage of capsicum on FreeBSD and seccomp on linux. Always in the same spirit, support for chroot and privilege dropping has been added, so it’s safe to start the daemon with root privileges.

Read “Comparing sandboxing techniques” for more information.

With this release gmid has two modes: a daemon mode and a config-less mode. The config-less mode is similar to how gmid operated until now (i.e. running from the command line) and has been improved with an automatic certificate generation, while the daemon more is more akin to “normal” network daemons and needs a configuration file.

The configuration file syntax has been inspired from OpenBSD’ httpd and is quite flexible. It supports a wide range of customizable parameters and location blocks to alter the behaviour per matching path.

v1.5 “Interstellar Overdrive” Changelog

New features

vhost support

configuration file

sandboxed by default on OpenBSD, FreeBSD and linux

customize the accepted TLS version

customizable default type

customizable mime mappings

provide a dockerfile

provide a lang parameter when serving text/gemini files

added a ‘configure’ script

customizable directory index

directory listings (disabled by default)

[config] location blocks support

chroot support

punycode support


log ip, port, full request and response code (even for CGI scripts)

host name matching with globbing rules

automatically generate TLS certificates when running in config-less mode and no certificate was found


[IRI] normalize scheme

[IRI] normalize hostnames

[IRI] accept a wider range of codepoints in hostnames

set SERVER_NAME when executing CGI scripts

Breaking changes

removed -C, -K flags

-d changed meaning: the directory to serve is now given as positional parameter and -d is used to specify the directory for the TLS certificates (either autogenerated or not.)

-- text: CC-BY-SA-4.0; code: public domain unless specified otherwise

For comments, write at < blog at omarpolo dot com > or @op@bsd.network in the fediverse.

Capsule proudly assembled with Clojure

-- Response ended

-- Page fetched on Wed Jan 26 17:50:58 2022