| src | ||
| .envrc | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| geminim.ini | ||
| geminim.nimble | ||
| LICENSE | ||
| README.org | ||
GemiNim
GemiNim is a simple Nim server for the Gemini protocol.
https://gemi.nim.town/index.gemini
Features
- Fast
- Simple
- Domain-based vhosting
- CGI
- Per-user directories
- Directory listing
- Support for uploading files via Titan
- Client-side authentication with authority files (see below)
Authority files
This implementation is experimental and subject to change! GemiNim supports restricting access to configured resources using a system similar to ssh authorization files.
First, restricted zones are configured in GemiNim's configuration file as follows:
[localhost.localdomain/restrictedZones] /path/to/resource: "path/to/authority_file"
Afterwards, GemiNim will restrict access to the configured paths by first requiring a certificate if one is not provided, then verifying if the provided certificate is authorised as per the declared authority file.
The syntax for an authority file is as follow:
# Comment line <digest_type>:<digest> ...
Where <digest_type> is one of:
- md5
- sha1
- sha256
- sha512
And <digest> is the hash of the certificate to be authorised. The certificate must be hashed from it's DER format. For example, to obtain the SHA256 of a certificate:
openssl x509 -in certs/cert.pem -outform der | openssl dgst -sha256
Developing
You can build GemiNim by running:
nimble build
I also provide a Nix package. To get into the build shell environment, just run:
nix-shell
TODO
Planned features [1/3]
- Client certificate authentication (is implemented but highly experimental)
- HTTP(S) mirroring
- Reverse proxying support