does tootik contain a gemini server, and other questions regarding running it and configuration.
Closed this issue · 5 comments
hello, it's me again.
i don't really understand how to setup tootik.
do i need to not have an existing gemini server on 1965?
does tootik includes a gemini server or i can use it together with gemini server?
i decided to build and run it to answer the questions myself by let's say using netstat or strace.
i built it by
cd cmd/tootik
go build
tootik binary is generated. if i run it from the same directory, it creates
db.sqlite3 db.sqlite3-shm db.sqlite3-wal
files, and then it doesn't run with message:Failed to remove invisible posts: no such table: notes.
maybe i missed if there is documentation. or maybe i just cannot figure out how to use it.
so i'll appreciate hints on how the layout should be, where the binary should be put, how to configure it, and if the gemini server is needed for tootik to run.
do i need to not have an existing gemini server on 1965?
does tootik includes a gemini server or i can use it together with gemini server?
No, tootik listens on port 8965 (that's the default, you can change to 1965) and implements a Gemini server.
and then it doesn't run with message:Failed to remove invisible posts: no such table: notes.
Fixed in 1047bcd. Thanks!
so i'll appreciate hints on how the layout should be, where the binary should be put, how to configure it, and if the gemini server is needed for tootik to run.
Start with tootik -help. By default, it listens on port 8965, so you'll need to change to 1965 or set up port forwarding from 8965 to 1965, and the same for 8443->443.
Regarding certificates, you'll need to supply two of them: a valid HTTPS certificate (Let's Encrypt is OK) via -cert and -key, and a Gemini certificate (self-signed is OK) via -gemcert and -gemkey. You'll need to specify -domain as well, and it must match the HTTPS certificate.
For example, in my instance, I configured Let's Encrypt certbot and wrote /usr/local/bin/run-tootik:
#!/bin/sh
echo 1 | tee /proc/sys/net/ipv*/conf/all/forwarding
ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 1965 -m state --state NEW -j DNAT --to-destination :8965
ip6tables -t nat -I PREROUTING -i eth0 -p tcp --dport 1965 -m state --state NEW -j DNAT --to-destination :8965
(same for 8443->443, etc')
tootik -domain hd.206267.xyz -cert /etc/letsencrypt/live/hd.206267.xyz/fullchain.pem -key /etc/letsencrypt/live/hd.206267.xyz/privkey.pem -gemcert /data/gemcert.pem -gemkey /data/gemkey.pem -loglevel 4 -db /data/db.sqlite3
(plus some secret sauce for security - the script drops privileges and restricts file permissions)
A systemd unit takes care of starting tootik and keeping it running:
[Unit]
Description=tootik
After=network.target
[Service]
ExecStart=run-tootik
Restart=always
[Install]
WantedBy=multi-user.target
so, i understand, i can run tootik on 8443 (for https) and proxypass requests to it via apache onr nginx depending on the domain, from 443.
do you aware of any gemini server that can proxypass requests from 1965 to 8965 for one domain, and serve maybe static pages for the other?
otherwise i'll need a dedicated machine for tootik. or perhaps a container.
so, i understand, i can run tootik on 8443 (for https) and proxypass requests to it via apache onr nginx depending on the domain, from 443.
You don't have to use a proxy, you can use port forwarding or just run tootik with -addr :443 to make it listen on 443 instead.
do you aware of any gemini server that can proxypass requests from 1965 to 8965 for one domain, and serve maybe static pages for the other?
Nope.
do you aware of any gemini server that can proxypass requests from 1965 to 8965 for one domain, and serve maybe static pages for the other?
Since gemini requests do include the domains, the technology you're asking about ("vhost" or "virtual host") would technically be possible to implement and maybe there are some gemini servers that do implement that.