/geminim

Gemini server made in Nim

Primary LanguageNimBSD 2-Clause "Simplified" LicenseBSD-2-Clause

GemiNim

GemiNim is a simple Nim server for the Gemini protocol.

gemini://gemi.nim.town

https://gemi.nim.town/index.gemini

Features

  • Fast
  • Simple
  • Domain-based vhosting
  • CGI
  • Per-user directories
  • Directory listing
  • Support for uploading files via Titan
  • Client-side authentication with authority files (see below)

Authority files

This implementation is experimental and subject to change! GemiNim supports restricting access to configured resources using a system similar to ssh authorization files.

First, restricted zones are configured in GemiNim’s configuration file as follows:

[localhost.localdomain/restrictedZones]
/path/to/resource: "path/to/authority_file"

Afterwards, GemiNim will restrict access to the configured paths by first requiring a certificate if one is not provided, then verifying if the provided certificate is authorised as per the declared authority file.

The syntax for an authority file is as follow:

# Comment line
<digest_type>:<digest>
...

Where <digest_type> is one of:

  • md5
  • sha1
  • sha256
  • sha512

And <digest> is the hash of the certificate to be authorised. The certificate must be hashed from it’s DER format. For example, to obtain the SHA256 of a certificate:

openssl x509 -in certs/cert.pem -outform der | openssl dgst -sha256

Developing

You can build GemiNim by running:

nimble build

I also provide a Nix package. To get into the build shell environment, just run:

nix-shell

Planned features [1/3]

  1. [X] Client certificate authentication (is implemented but highly experimental)
  2. [ ] HTTP(S) mirroring
  3. [ ] Reverse proxying support