Differences

This shows you the differences between two versions of the page.

Link to this comparison view

public:geminitoaster [2021/02/21 19:24] – created Nicopublic:geminitoaster [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-====== Installing vger on FreeBSD, using inetd and nginx  ====== 
  
-===== Get the sources and compile 'em ===== 
- 
-<code bash> 
-$ git clone https://tildegit.org/solene/vger.git 
-$ cd vger 
-$ make 
-$ sudo make install 
-</code> 
- 
-===== Create a dedicated user ===== 
- 
-Create a user with no shell and no password 
-<code bash> 
-# adduser 
-Username: gemini 
-Full name: gemini 
-Uid (Leave empty for default): 
-Login group [gemini]: 
-Login group is gemini. Invite gemini into other groups? []: 
-Login class [default]: 
-Shell (sh csh tcsh bash rbash zsh rzsh git-shell nologin) [sh]: nologin 
-Home directory [/home/gemini]: 
-Home directory permissions (Leave empty for default): 
-Use password-based authentication? [yes]: no 
-Lock out the account after creation? [no]: 
-Username   : gemini 
-Password   : <disabled> 
-Full Name  : gemini 
-Uid        : 1015 
-Class      : 
-Groups     : gemini 
-Home       : /home/gemini 
-Home Mode  : 
-Shell      : /usr/sbin/nologin 
-Locked     : no 
-OK? (yes/no): yes 
-adduser: INFO: Successfully added (gemini) to the user database. 
-Add another user? (yes/no): no 
-Goodbye! 
-</code> 
- 
-===== Add a service ===== 
- 
-inetd requires a defined service in /etc/services, so let's add it 
-<code> 
-echo "gemini          11965/tcp">>/etc/services 
-</code> 
- 
-===== Activate and launch inetd ===== 
- 
-  * Add the following lines to /etc/inetd.conf. Adjust -d parameter to previously created user's home directory, don't forget the last slash: 
-<code> 
-gemini  stream  tcp     nowait          gemini  /usr/local/bin/vger     vger -v -i -d /home/gemini/ 
-gemini  stream  tcp6    nowait          gemini  /usr/local/bin/vger     vger -v -i -d /home/gemini/ 
-</code> 
- 
-  * Activate inetd either by issuing 
-<code> 
-# sysrc inetd_enable="YES" 
-</code> 
- 
-or, if you use separate files: 
-<code> 
-# echo "inetd_enable=\"YES\"">/usr/local/etc/rc.conf.d/inetd 
-</code> 
- 
-  * Finaly, launch inetd: 
-<code> 
-# service inetd start 
-</code> 
- 
-===== Use nginx as a "TLS Proxy" ===== 
- 
-  * Compile the port with the stream module 
-  * Activate it in configuration file, and create a stream section at the same level as the http section used for your virtualhosts: 
- 
-<code nginx> 
-load_module /usr/local/libexec/nginx/ngx_stream_module.so; 
- 
-stream { 
-        server { 
-                listen 1965 ssl; 
- 
-                ssl_certificate     /path/to/cert.pem; 
-                ssl_certificate_key /path/to/privkey.pem; 
-                ssl_trusted_certificate /path/to/fullchain.pem; 
- 
-                proxy_pass 127.0.0.1:11965; 
-        } 
-} 
-</code> 
- 
-===== Usage ===== 
- 
-vger's vhost parameter is set (-v), so we'll have to create one or more directories within gemini's home directory, -i (directory index) is also set, so creating an index.gmi is not mandatory. 
- 
-===== Basic monitoring ===== 
- 
-The following miniamlistic script can be used to check for capsule availability in Nagios/Icinga/Shinken/Etc., assuming gnutls is installed: 
- 
-<code bash> 
-#!/bin/sh 
-TLS_CLIENT="/usr/local/bin/gnutls-cli -p 1965" 
- 
-errorOutput=$(echo -n  "gemini://$1/\r\n" | ${TLS_CLIENT} $1 2>&1 > /dev/null) 
-errorCode=$? 
-if [ $errorCode -gt 0 ] 
-then 
-  echo "ERROR: ${errorOutput}" 
-  return 2 
-else 
-  echo "OK: capsule responding" 
-  return 0 
-fi 
-</code> 
- 
-===== Greetings ===== 
- 
-Many many thanks to [[https://bsd.network/@solene|@solene@bsd.network]] for writing that wonderful little piece of software thas is vger, and [[https://framapiaf.org/@hucste|@hucste@framapiaf.org]] for pointing it to me.