-- Leo's gemini proxy
-- Connecting to gemini.omarpolo.com:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en
> 20 days of work = whole bunch of new features
Written while listening to “Interstellar Overdrive” by Pink Floyd.
Published: 2021-01-30
Tagged with:
These last twenty days were pretty productive on the gmid front: I ended up doing way more things that I had planned for this v1.5 release.
The headlines are the automatic sandboxing on OpenBSD, FreeBSD and linux and the introduction of the configuration file, but you’ll find the whole change log at the end of this entry.
On OpenBSD pledge and unveil were already in place, but their usage has been improved during this release cycle: the daemon was split into two processes that run with different pledges. This enabled also the usage of capsicum on FreeBSD and seccomp on linux. Always in the same spirit, support for chroot and privilege dropping has been added, so it’s safe to start the daemon with root privileges.
With this release gmid has two modes: a daemon mode and a config-less mode. The config-less mode is similar to how gmid operated until now (i.e. running from the command line) and has been improved with an automatic certificate generation, while the daemon more is more akin to “normal” network daemons and needs a configuration file.
The configuration file syntax has been inspired from OpenBSD’ httpd and is quite flexible. It supports a wide range of customizable parameters and location blocks to alter the behaviour per matching path.
vhost support
configuration file
sandboxed by default on OpenBSD, FreeBSD and linux
customize the accepted TLS version
customizable default type
customizable mime mappings
provide a dockerfile
provide a lang parameter when serving text/gemini files
added a ‘configure’ script
customizable directory index
directory listings (disabled by default)
[config] location blocks support
chroot support
punycode support
log ip, port, full request and response code (even for CGI scripts)
host name matching with globbing rules
automatically generate TLS certificates when running in config-less mode and no certificate was found
[IRI] normalize scheme
[IRI] normalize hostnames
[IRI] accept a wider range of codepoints in hostnames
set SERVER_NAME when executing CGI scripts
removed -C, -K flags
-d changed meaning: the directory to serve is now given as positional parameter and -d is used to specify the directory for the TLS certificates (either autogenerated or not.)
-- text: CC0 1.0; code: public domain (unless specified otherwise). No copyright here.
-- Response ended
-- Page fetched on Thu Apr 25 12:06:48 2024