2.9 KiB
Sheldon Director
A Gemini Server written in Rust.
Features
This can't do much right now besides hosting some static files. In fact, the feature set happens to be limited to what I need to host my own Gemini page. Coincidence?
More is to come however. Specifically I'd want to add CGI support. And maybe reverse proxy support as well, depending on how much stuff I'll be hosting over Gemini.
Platform Support
This currently only works on Unix platforms as setuid
and setgid
system
calls are used to drop the privilege level after initialization. Currently
there is no way to disable this. Of course, Gemini's default port (1965) can be
opened in user-mode, but not changing the user after startup would retain read
permissions to the private key.
Building
Set up a Cargo build environment, then simply run
cargo build
to create a debug build or
cargo build --release
to create a release build.
Starting
Sheldon Director looks for a config file in /etc/sheldond.conf
. If you want
to change this, pass an alternative path on startup using the -c
parameter.
Use -h
to get a list of all supported command line arguments.
You'll need a TLS certificate, I've chosen not to include an example in this repository. Use OpenSSL to quickly generate one:
openssl req -x509 -newkey rsa:4096 -keyout doc/key.pem -out doc/cert.pem -days 365 -nodes
An example config file can be found in this repository in doc/sheldond.conf
.
Use it to serve the content of the doc/
directory on localhost:
sudo ./target/debug/sheldond -c ./doc/sheldond.conf
Try connecting to gemini://localhost
via your favorite Gemini client!
Note: This sets the user to nobody
and the group to nobody
as well. This
naming scheme is not consistent for all Unix systems... Try changing the group
name to nogroup
if the software fails to start.
Testing
As you may have spotted, I did not get around to write a test suite for this. The server's behavior can be tested using the gemini-diagnostics suite by michael-lazar. It passes all "important" tests (some malformed requests are still handled). Most importantly: the URLDotEscape tests fails. This does not mean you can successfully a URL escape attack against this, rather the URL library I use already parses out any superfluous ..'s. e.g. "localhost/../../../etc/passwd" already became "localhost/etc/passwd" once I receive the parsed URL from the library.
Why "Sheldon Director"?
Because it is the real name of that villain in Kim Possible who went by the pseudonym "Gemini". (https://kimpossible.fandom.com/wiki/Gemini)
Though you are free to imagine the shortened name stands for Sheldon Daemon. But in that case you'll have to come up with your own explanation.