Gophernicus

This release: Version DEVEL NOTE: The master branch is rolling Development! DO NOT USE unless you want fiery dragons! (you probably want to git checkout 3.1.1)

Copyright (c) 2009-2018 Kim Holviala

Copyright (c) 2019 Gophernicus Developers

Gophernicus is a modern full-featured (and hopefully) secure gopher daemon. It is licensed under the BSD license.

(If you are looking for installation documentation, please see INSTALL.md).

Support/Contact

Developers can be reached at gophernicus AT gophernicus DOT org.

Our IRC channel is on irc.libera.chat #gophernicus.

You most likely want to subscribe to the gophernicus mailing list at https://lists.tildeverse.org/postorius/lists/gophernicus.lists.tildeverse.org/, especially if you maintain a server. This is where all important announcements are made.

Command line options

-h hostname   Change server hostname (FQDN)      [$HOSTNAME]
-p port       Change server port                 [70]
-T port       Change TLS/SSL port                [0 = disabled]
-r root       Change gopher root                 [/var/gopher]
-t type       Change default gopher filetype     [0]
-g mapfile    Change gophermap file              [gophermap]
-a tagfile    Change gophertag file              [gophertag]
-c cgidir     Change CGI script directory        [/cgi-bin/]
-u userdir    Change users personal gopherspace  [public_gopher]
-l logfile    Log to Apache-compatible combined format logfile

-w width      Change default page width          [67]
-o charset    Change default output charset      [UTF-8]

-s seconds    Session timeout in seconds         [1800]
-i hits       Maximum hits until throttling      [4096]
-k kbytes     Maximum transfer until throttling  [4194304]

-f filterdir  Specify directory for output filters
-e ext=type   Map file extension to gopher filetype
-R old=new    Rewrite the beginning of a selector

-D text|file  Set or load server description for caps.txt
-L text|file  Set or load server location for caps.txt
-A admin      Set admin email for caps.txt

-U paths      Specify a colon-separated list of extra unveil(2) paths
              (OpenBSD only).

-nv           Disable virtual hosting
-nl           Disable parent directory links
-nh           Disable menu header (title)
-nf           Disable menu footer
-nd           Disable dates and filesizes in menus
-nc           Disable file content detection
-no           Disable charset conversion for output
-nq           Disable HTTP-style query strings (?query)
-ns           Disable logging to syslog
-na           Disable autogenerated caps.txt
-nt           Disable /server-status
-nm           Disable shared memory use (for debugging)
-nr           Disable root user checking (for debugging)
-np           Disable HAproxy proxy protocol
-nx           Disable execution of gophermaps and scripts
-nu           Disable personal gopherspaces

-d            Debug output in syslog and /server-status
-v            Display version number and build date
-b            Display the BSD license
-?            Display this help

(end of option list) -- keep this line for automatic extraction!

Setting up a gopher site

After succesfully installing Gophernicus (see INSTALL) you need to set up the gopher root directory. By default Gophernicus serves documents from /var/gopher so start by creating that directory and making sure it's world-readable. Then, simply add files and directories under your root, fire up a gopher browser (Firefox with the OverbiteFF extension, Lynx) and open up gopher://HOSTNAME/ (where HOSTNAME is your server hostname).

That's it, your first gopher site is now up and running. If the links on the root menu don't work make sure you are using the -h HOSTNAME parameter in your configuration (with a valid resolveable hostname instead of HOSTNAME - see INSTALL).

Security

Gophernicus has been written with high security in mind. There should be no buffer overflows or memory allocation problems so it should be safe to run a publicly available gopher server with Gophernicus.

However, the security settings (which are non-changeable) are so strict that you need to keep one thing in mind. Gophernicus will only serve world-readable content. Being readable by the server process is not enough, all files and directories MUST be world-readable or they are simply hidden from all listings and denied if a client asks for them.

The -nx option prevents execution of any script or external file, and the -nu option suppresses scanning for and serving of ~user directories (which are normally at ~/public_html/ for each user).

OpenBSD-specific Security

If you are running Gophernicus on OpenBSD, you may (depending on what features you want to use) be able to take advantage of unveil(2) and pledge(2).

If you run without executable map support (i.e. you run with -nx) then unveil(2) will be enabled and the server root will automatically be unveiled. If run with personal gopherspaces enabled (i.e. you run without -nu), then the password database (/etc/pwd.db) will automatically be unveiled, but you will have to manually unveil the filesystem path(s) from which to serve personal gopherspaces (see -U).

Running with -nm -nu -nx results in the strictest set of pledge(2) promises. If you have executable maps enabled (i.e. you run without -nx), then the promises are relaxed to allow exec. If you have personal gopherspaces enabled (i.e. you run without -nu), then the promises are relaxed to allow getpw. If you have shared memory enabled (i.e. you run without -nm), then pledge(2) support cannot be used at all.

In short, you probably want to run Gophernicus with -nm -nu -nx and then remove the flags that would otherwise disable the features you want.

To see what is going on with regards to pledge(2) and unveil(2), run Gophernicus with -d (to turn on debug logging) and look in your system logs.

Gophermaps

By default all gopher menus are automatically generated from the content of the directory being viewed. If you want to have informational text along with the files, or if you want to completely replace the generated menu with your own you need to take a look at gophermaps. See the README.gophermap for more information.

Gophertags

A gophertag file can be used to virtually rename a directory. Let's assume that you have a directory called "foo" somewhere - it will be listed as "foo" in all automatically generated menus. Now if you create a file foo/gophertag and put the text "bar" into it the menus will show "bar" but the links will still point to "foo". This is useful for creating descriptive names for directories without littering the file system with spaces and weird characters.

Personal gopherspaces

Gophernicus supports users personal gopherspaces. If a user has world-readable directory called public_gopher under his home, a request for gopher://HOSTNAME/1/~user/ will serve documents from that directory.

This is suppressed if the -nu option is given. In this case, any ~ entry which otherwise initiates listing of user directories will be displayed literally.

Virtual hosting

Gophernicus supports virtual hosting, or serving more than one logical domain using the same IP address. Since gopher (RFC1436) doesn't support virtual hosting this requires some hacks.

To enable virtual hosting create one or more directories under your gopher root which are named after your domain names. The primary vhost directory (set with the -h HOSTNAME option) must exist or virtual hosting will be disabled. Then simply add content to the hostname directories and you're (kind of) up and running.

There is a serious issue with virtual hosting.

As stated previously, RFC1436 doesn't support virtual hosting. Clients won't like it.

How the virtual hosting works, is that it loops through the vhosts looking for the selector. As you might think, the root gophermap exists on all of the vhosts, meaning it might not use the correct vhost. There is currently no easy way to fix this.

It is recommended to add '%' on a line by itself to the bottom of your root gophermaps. This will add "special" links of the format example.com/;example.com which forces the correct vhost.

CGI support

Gophernicus supports most parts of the CGI/1.1 standard. Most standard CGI variables are set, and some non-standard ones are added.

By default all scripts and binaries under any directory called /cgi-bin/ are executed as CGI scripts (this includes cgi-bin directories under users personal gopherspaces). Also, if a gophermap is marked executable it is also processed as an CGI script.

As with regular files, CGI scripts must be world-executable (and readable) or they will be ignored. Make sure your CGI script is safe with ANY user input as poorly coded CGI scripts are the number 1 security problem with publicly open Unix/Linux/BSD servers.

The -nx option prevents execution of any script or external file. In this case, they will be simply ignored and no output is given.

Output filtering and PHP support

In addition to CGI scripts Gophernicus supports output filtering scripts. By default output filtering is turned off, but you can turn it on by using the -f FILTERDIR option, creating that directory and creating one or more scripts in there named by either the file suffix, or by the gopher filetype char.

If a file is to be served out which matches either the file suffix script, or the filetype script then instead of simply sending the file to client the output filter script is executed with the original file as the first parameter and the output of the script is then sent to client.

For PHP support install the CLI version of the PHP interpreter and then symlink (or copy) that binary to the directory specified with -f option using the destination name "php".

$ ln -s /usr/bin/php5-cli /usr/lib/gophernicus/filters/php

After that all files with the php suffix will be "filtered" through the PHP command line interpreter. In other words, PHP starts working. And don't use the CGI version of PHP as it outputs HTTP headers the gopher protocol doesn't have.

Charset support and conversions

Gophernicus supports three charsets: US-ASCII, ISO-8859-1 and UTF-8. All textual input is internally upconverted to UTF-8 and then downconverted to whatever charset the client is asking for. The conversion is input autosensing which means that you don't have to specify your filesystem charset, or the charset of your text files - it's all detected automatically.

With standard gopher clients this is a bit of a problem as your text files WILL be converted to 7-bit US-ASCII. This means that all 8-bit charaters WILL BE LOST. This decision was made because no gopher client that I tested was reliably cabable of decoding anything else than pure US-ASCII. If you want to disable the conversion use the -no option, or if you'd like to change the default output charset to something else than US-ASCII just use for example the -o ISO-8859-1 option.

Selector rewriting

Selector rewriting lets you rewrite parts of the selector on the fly. Well, not parts, but really just the start of it. And the rewrite enging here is nothing like Apache's mod_rewrite as I was too lazy to integrate any regex libraries... So, all it does is rewrite a fixed string at the start of the selector to something else. This will let you move your directories around while making sure that existing deeplinks still work.

Examples:

-R "/~user=/~luser"
-R "/old-dir=/new-dir"

Session tracking and statistics

To enable virtual hosting with gopher (RFC1436) clients Gophernicus tracks users and their session. As a side effect of that session tracking, Gophernicus has simple throttling controls to keep nasty users from killing your precious 120MHz PPC 604e server from dying under the load. The throttling defaults are high enough that normal human users will never hit the limits, but it's possible (and mostly preferrable) that a badly behaving crawling agent will be throttled.

The current sessions and other real-time status data can be viewed by opening the URL gopher://HOSTNAME/0/server-status . This status view has been modeled after the Apache server-status which means that it's possible to integrate Gophernicus into existing server monitoring systems. To ease up such integrations, Gophernicus supports HTTP requests of the server-status page using an URL like http://HOSTNAME:70/server-status?auto .

TLS/SSL and proxy support

As of version 2.3 Gophernicus supports the HAproxy proxy protocol version 1. This makes it possible to build a cluster of gopher servers and use HAproxy in front of them all handling client routing to different backend servers.

More useful is putting Gophernicus behind Stunnel4 for TLS/SSL support and use the same proxy protocol to tell Gophernicus the correct remote IP address. The below sample stunnel configuration is all you need to TLS-enable your gopher server. Well, you'll need a certificate too and for that I recommend Let's Encrypt.

In addition to configuring Stunnel for TLS you should add -T TLSPORT to Gophernicus options so that it knows which connetions are coming in encrypted and which are not. Using proper -T also makes it possible for CGI programs to use the $TLS environment variable to know whether the current request was encrypted or not.

Example:

;
; Gophernicus behind Stunnel4 for gopher over TLS
;

; User/group for stunnel daemon
setuid = stunnel4
setgid = stunnel4

; PID file location
pid = /var/run/stunnel4/gophernicus.pid

; Log to file, not syslog
output = /var/log/stunnel4/gophernicus.log
syslog = no

; Certificate in pem format is needed for TLS
cert = /etc/ssl/private/gophernicus.pem

; Enable TCP wrappers
libwrap = yes
service = gophernicus-tls

; Gopher over TLS service
[gophernicus]
accept  = :::7070
connect = 127.0.0.1:70
protocol = proxy