sheldond/README.md

Sheldon Director
================

A [Gemini](https://gemini.circumlunar.space/) Server written in Rust.

Features
--------

This can't do much right now besides hosting some static files. In fact, the
feature set happens to be limited to what I need to host my own Gemini page.
Coincidence?

More is to come however. Specifically I'd want to add CGI support. And maybe
reverse proxy support as well, depending on how much stuff I'll be hosting over
Gemini.

Platform Support
----------------

This currently only works on Unix platforms as `setuid` and `setgid` system
calls are used to drop the privilege level after initialization. Currently
there is no way to disable this. Of course, Gemini's default port (1965) can be
opened in user-mode, but not changing the user after startup would retain read
permissions to the private key.

Building
--------

Set up a Cargo build environment, then simply run
```sh
cargo build
```
to create a debug build or
```sh
cargo build --release
```
to create a release build.

Starting
--------

Sheldon Director looks for a config file in `/etc/sheldond.conf`. If you want
to change this, pass an alternative path on startup using the `-c` parameter.
Use `-h` to get a list of all supported command line arguments.

You'll need a TLS certificate, I've chosen not to include an example in this
repository. Use OpenSSL to quickly generate one:

```sh
openssl req -x509 -newkey rsa:4096 -keyout doc/key.pem -out doc/cert.pem -days 365 -nodes
```

An example config file can be found in this repository in `doc/sheldond.conf`.
Use it to serve the content of the `doc/` directory on localhost:

```sh
sudo ./target/debug/sheldond -c ./doc/sheldond.conf
```

Try connecting to `gemini://localhost` via your favorite Gemini client!

Note: This sets the user to `nobody` and the group to `nobody` as well. This
naming scheme is not consistent for all Unix systems... Try changing the group
name to `nogroup` if the software fails to start.

Testing
-------

As you may have spotted, I did not get around to write a test suite for this.
The server's behavior can be tested using the
[gemini-diagnostics](https://github.com/michael-lazar/gemini-diagnostics) suite
by michael-lazar. It passes all "important" tests (some malformed requests
are still handled). Most importantly: the URLDotEscape tests fails. This does
not mean you can successfully a URL escape attack against this, rather the URL
library I use already parses out any superfluous ..'s.
e.g. "localhost/../../../etc/passwd" already became "localhost/etc/passwd" once
I receive the parsed URL from the library.

Why "Sheldon Director"?
-----------------------

Because it is the real name of that villain in _Kim Possible_ who went by the
pseudonym "Gemini". (https://kimpossible.fandom.com/wiki/Gemini)

Though you are free to imagine the shortened name stands for Sheldon Daemon.
But in that case you'll have to come up with your own explanation.
initial commit 2020-05-14 19:45:59 +00:00			`Sheldon Director`
			`================`

move to a modular design 2020-05-15 08:57:15 +00:00			`A [Gemini](https://gemini.circumlunar.space/) Server written in Rust.`
initial commit 2020-05-14 19:45:59 +00:00
update readme 2020-05-17 11:03:27 +00:00			`Features`
			`--------`

			`This can't do much right now besides hosting some static files. In fact, the`
update readme, default configuration path 2020-05-17 17:46:48 +00:00			`feature set happens to be limited to what I need to host my own Gemini page.`
update readme 2020-05-17 11:03:27 +00:00			`Coincidence?`

			`More is to come however. Specifically I'd want to add CGI support. And maybe`
			`reverse proxy support as well, depending on how much stuff I'll be hosting over`
			`Gemini.`

update readme, default configuration path 2020-05-17 17:46:48 +00:00			`Platform Support`
			`----------------`

some logging 2020-05-17 18:25:59 +00:00			This currently only works on Unix platforms as `setuid` and `setgid` system
update readme, default configuration path 2020-05-17 17:46:48 +00:00			`calls are used to drop the privilege level after initialization. Currently`
			`there is no way to disable this. Of course, Gemini's default port (1965) can be`
			`opened in user-mode, but not changing the user after startup would retain read`
			`permissions to the private key.`

more documentation 2020-05-19 05:25:03 +00:00			`Building`
			`--------`

			`Set up a Cargo build environment, then simply run`
			```sh
			`cargo build`
			```
			`to create a debug build or`
			```sh
			`cargo build --release`
			```
			`to create a release build.`

update readme 2020-05-17 11:03:27 +00:00			`Starting`
			`--------`

handle empty paths in request 2020-05-24 17:08:07 +00:00			Sheldon Director looks for a config file in `/etc/sheldond.conf`. If you want
			to change this, pass an alternative path on startup using the `-c` parameter.
more documentation 2020-05-19 05:25:03 +00:00			Use `-h` to get a list of all supported command line arguments.
update readme 2020-05-17 11:03:27 +00:00
handle empty paths in request 2020-05-24 17:08:07 +00:00			`You'll need a TLS certificate, I've chosen not to include an example in this`
			`repository. Use OpenSSL to quickly generate one:`

			```sh
			`openssl req -x509 -newkey rsa:4096 -keyout doc/key.pem -out doc/cert.pem -days 365 -nodes`
			```

more documentation 2020-05-19 05:25:03 +00:00			An example config file can be found in this repository in `doc/sheldond.conf`.
			Use it to serve the content of the `doc/` directory on localhost:
handle empty paths in request 2020-05-24 17:08:07 +00:00
			```sh
more documentation 2020-05-19 05:25:03 +00:00			`sudo ./target/debug/sheldond -c ./doc/sheldond.conf`
			```
handle empty paths in request 2020-05-24 17:08:07 +00:00
more documentation 2020-05-19 05:25:03 +00:00			Try connecting to `gemini://localhost` via your favorite Gemini client!
update readme 2020-05-17 11:03:27 +00:00
more documentation 2020-05-19 05:25:03 +00:00			Note: This sets the user to `nobody` and the group to `nobody` as well. This
			`naming scheme is not consistent for all Unix systems... Try changing the group`
			name to `nogroup` if the software fails to start.
update readme 2020-05-17 11:03:27 +00:00
correctly adhere to spec in most request cases 2020-05-26 04:49:20 +00:00			`Testing`
			`-------`

			`As you may have spotted, I did not get around to write a test suite for this.`
			`The server's behavior can be tested using the`
			`[gemini-diagnostics](https://github.com/michael-lazar/gemini-diagnostics) suite`
			`by michael-lazar. It passes all "important" tests (some malformed requests`
			`are still handled). Most importantly: the URLDotEscape tests fails. This does`
			`not mean you can successfully a URL escape attack against this, rather the URL`
			`library I use already parses out any superfluous ..'s.`
			`e.g. "localhost/../../../etc/passwd" already became "localhost/etc/passwd" once`
			`I receive the parsed URL from the library.`

initial commit 2020-05-14 19:45:59 +00:00			`Why "Sheldon Director"?`
			`-----------------------`

			`Because it is the real name of that villain in _Kim Possible_ who went by the`
			`pseudonym "Gemini". (https://kimpossible.fandom.com/wiki/Gemini)`
architecture changes 2020-05-16 09:03:48 +00:00
			`Though you are free to imagine the shortened name stands for Sheldon Daemon.`
			`But in that case you'll have to come up with your own explanation.`