/gneto

Gneto is a personal HTTP proxy for the Gemini protocol

Primary LanguageGoGNU General Public License v3.0GPL-3.0

Gneto

Gneto is a personal proxy server to make content from the Gemini Protocol available over HTTP.

Binaries of the latest Gneto release for Linux, macOS ("darwin"), OpenBSD, and Windows are available at https://paulgorman.org/software/gneto/.

Gneto screenshot

Features

  • Gento makes Gemini content accessible on platforms that do not yet have mature Gemini clients.
  • If you want a Gemini to HTTP proxy, Gneto improves your privacy by not replying on a proxy hosted by someone else.
  • No JavaScript. Browse from Lynx if you want.
  • Gneto supports client certificates.
  • Customize Gneto's look with standard CSS. Example light and dark themes are provided.
  • Gneto works well running on your workstation's loopback interface, a server on your home LAN, or (with a password enabled) on your public server.

Running Gneto From A Binary

Start Gneto like:

$ cd gneto/
$ ./gneto

…then point your web browser at your new local Gemini proxy server.

Run gneto --help to see all Gneto's command-line options.

Building Gneto

Gneto has no dependencies apart from the standard Go library.

$ git clone https://github.com/pgorman/gneto
$ cd gneto
$ go build
$ ./gneto

Limitations and Known Bugs

Limitations:

  • Handling of sensitive input submission needs testing. Don't use it for super-secret stuff yet!

Security Considerations

Gneto is designed as a single-user proxy, typically running on the loopback interface of the same machine running your web browser.

There are two security considerations:

  1. Unless you set the environment variable password, Gneto operates as an open proxy. If you run Gneto on an IP address accessible to someone besides you, set a strong value for password.
  2. If client certificates are turned on, Gneto maintains a single pool of client certificates. Therefore, everyone with access to Gneto presents the same identity to Gemini servers. This may be undesirable, even if you only share Gneto with other members of your household. If you share Gneto, set --hours 0 to turn off transient client certificates.

If you must run a public, open proxy with Gneto, please set these options:

$ gneto --textonly --hours 0

If you run Gneto on your own public server, for your own private use, set the password environment variable, like:

$ password='myv3ry-Strongpassssword' gneto

FAQ

How can Gneto run as a service?

On a Linux system running systemd, run Gneto as a user service by copying the gneto.service file to $HOME/.config/systemd/user/. The unit file assumes Gneto is installed in $HOME/bin/gneto/, so edit gneto.service if you've installed it elsewhere. Then, activate the unit:

$ systemctl --user daemon-reload
$ systemctl --user enable gneto
$ systemctl --user start gneto
$ systemctl --user status gneto

How do I customize the way Gneto looks?

When running Gneto, the --css command-line option allows specifies a custom cascading style sheet, like:

$ gneto --css $HOME/.gneto/custom.css

A light style sheets is provided in web/light.css.

How do I change the links shown on the home/start page.

Specify a local Gemini file, like:

$ gneto --home ~/myhomepage.gmi

What command-line options does Gneto accept?

$ gneto --help

Firefox gives a "connection timed out" error sometimes!

In Firefox's preferences, search for "proxy". Select "Auto-detect proxy settings for this network".

Can Gneto use my persistent client certificates to identify me to servers?

Yes. Put your certificates in a JSON file, and use --clientcerts, like:

$ gneto --clientcerts ~/my-client-certs.json

Note that the PEM values for the public certificate and the private key must be joined into single lines by \n literals in the JSON file. The JSON url value tells Gneto at which addresses the certificate should be used. See sample-client-certs.json.

Copyright

Gneto copyright 2020 Paul Gorman.

Licensed under the GPL. See LICENSE.txt for details.