Fork 0

336 lines
14 KiB

# Gophernicus
This release: Version DEVEL
NOTE: The master branch is rolling Development! DO NOT USE unless you want fiery dragons! (you probably want to `git checkout 3.1.1`)
*Copyright (c) 2009-2018 Kim Holviala*
*Copyright (c) 2019 Gophernicus Developers*
Gophernicus is a modern full-featured (and hopefully) secure gopher
daemon. It is licensed under the BSD license.
(If you are looking for installation documentation, please see INSTALL.md).
## Support/Contact
Developers can be reached at gophernicus AT gophernicus DOT org.
Our IRC channel is on irc.libera.chat #gophernicus.
You most likely want to subscribe to the gophernicus mailing list at
especially if you maintain a server. This is where all important announcements
are made.
## Command line options
-h hostname Change server hostname (FQDN) [$HOSTNAME]
-p port Change server port [70]
-T port Change TLS/SSL port [0 = disabled]
-r root Change gopher root [/var/gopher]
-t type Change default gopher filetype [0]
-g mapfile Change gophermap file [gophermap]
-a tagfile Change gophertag file [gophertag]
-c cgidir Change CGI script directory [/cgi-bin/]
-u userdir Change users personal gopherspace [public_gopher]
-l logfile Log to Apache-compatible combined format logfile
-w width Change default page width [67]
-o charset Change default output charset [UTF-8]
-s seconds Session timeout in seconds [1800]
-i hits Maximum hits until throttling [4096]
-k kbytes Maximum transfer until throttling [4194304]
-f filterdir Specify directory for output filters
-e ext=type Map file extension to gopher filetype
-R old=new Rewrite the beginning of a selector
-D text|file Set or load server description for caps.txt
-L text|file Set or load server location for caps.txt
-A admin Set admin email for caps.txt
-U paths Specify a colon-separated list of extra unveil(2) paths
(OpenBSD only).
-nv Disable virtual hosting
-nl Disable parent directory links
-nh Disable menu header (title)
-nf Disable menu footer
-nd Disable dates and filesizes in menus
-nc Disable file content detection
-no Disable charset conversion for output
-nq Disable HTTP-style query strings (?query)
-ns Disable logging to syslog
-na Disable autogenerated caps.txt
-nt Disable /server-status
-nm Disable shared memory use (for debugging)
-nr Disable root user checking (for debugging)
-np Disable HAproxy proxy protocol
-nx Disable execution of gophermaps and scripts
-nu Disable personal gopherspaces
-d Debug output in syslog and /server-status
-v Display version number and build date
-b Display the BSD license
-? Display this help
(end of option list) -- keep this line for automatic extraction!
## Setting up a gopher site
After succesfully installing Gophernicus (see [INSTALL](./INSTALL.md)) you need to set
up the gopher root directory. By default Gophernicus serves documents
from /var/gopher so start by creating that directory and making sure
it's world-readable. Then, simply add files and directories under your
root, fire up a gopher browser (Firefox with the OverbiteFF extension,
Lynx) and open up `gopher://HOSTNAME/`
(where `HOSTNAME` is your server hostname).
That's it, your first gopher site is now up and running. If the links
on the root menu don't work make sure you are using the `-h HOSTNAME`
parameter in your configuration (with a valid resolveable hostname
instead of `HOSTNAME` - see INSTALL).
## Security
Gophernicus has been written with high security in mind. There should
be no buffer overflows or memory allocation problems so it should be
safe to run a publicly available gopher server with Gophernicus.
However, the security settings (which are non-changeable) are so strict
that you need to keep one thing in mind. Gophernicus will only serve
world-readable content. Being readable by the server process is not
enough, all files and directories MUST be world-readable or they are
simply hidden from all listings and denied if a client asks for them.
The `-nx` option prevents execution of any script or external file,
and the `-nu` option suppresses scanning for and serving of `~user`
directories (which are normally at `~/public_html/` for each user).
### OpenBSD-specific Security
If you are running Gophernicus on OpenBSD, you may (depending on what features
you want to use) be able to take advantage of unveil(2) and pledge(2).
If you run without executable map support (i.e. you run with `-nx`) then
unveil(2) will be enabled and the server root will automatically be unveiled.
If run with personal gopherspaces enabled (i.e. you run without `-nu`), then
the password database (`/etc/pwd.db`) will automatically be unveiled, but you
will have to manually unveil the filesystem path(s) from which to serve
personal gopherspaces (see `-U`).
Running with `-nm -nu -nx` results in the strictest set of pledge(2) promises.
If you have executable maps enabled (i.e. you run without `-nx`), then the
promises are relaxed to allow `exec`. If you have personal gopherspaces enabled
(i.e. you run without `-nu`), then the promises are relaxed to allow `getpw`.
If you have shared memory enabled (i.e. you run without `-nm`), then pledge(2)
support cannot be used at all.
In short, you probably want to run Gophernicus with `-nm -nu -nx` and then
remove the flags that would otherwise disable the features you want.
To see what is going on with regards to pledge(2) and unveil(2), run
Gophernicus with `-d` (to turn on debug logging) and look in your system logs.
## Gophermaps
By default all gopher menus are automatically generated from the
content of the directory being viewed. If you want to have
informational text along with the files, or if you want to completely
replace the generated menu with your own you need to take a look at
gophermaps. See the [README.gophermap](./README.gophermap) for more information.
## Gophertags
A gophertag file can be used to virtually rename a directory. Let's
assume that you have a directory called "foo" somewhere - it will
be listed as "foo" in all automatically generated menus. Now if you
create a file foo/gophertag and put the text "bar" into it the menus
will show "bar" but the links will still point to "foo". This is
useful for creating descriptive names for directories without
littering the file system with spaces and weird characters.
## Personal gopherspaces
Gophernicus supports users personal gopherspaces. If a user has
world-readable directory called `public_gopher` under his home, a
request for `gopher://HOSTNAME/1/~user/` will serve documents from
that directory.
This is suppressed if the `-nu` option is given.
In this case, any `~` entry which otherwise initiates listing
of user directories will be displayed literally.
## Virtual hosting
Gophernicus supports virtual hosting, or serving more than one logical
domain using the same IP address. Since gopher (RFC1436) doesn't
support virtual hosting this requires some hacks.
To enable virtual hosting create one or more directories under your
gopher root which are named after your domain names. The primary vhost
directory (set with the `-h HOSTNAME` option) must exist or virtual
hosting will be disabled. Then simply add content to the hostname
directories and you're (kind of) up and running.
There is a serious issue with virtual hosting.
As stated previously, RFC1436 doesn't support virtual hosting. Clients won't
like it.
How the virtual hosting works, is that it loops through the vhosts looking for
the selector. As you might think, the root gophermap exists on all of the
vhosts, meaning it might not use the correct vhost. There is currently no easy
way to fix this.
It is recommended to add '%' on a line by itself to the bottom of your root
gophermaps. This will add "special" links of the format example.com/;example.com
which forces the correct vhost.
## CGI support
Gophernicus supports most parts of the CGI/1.1 standard. Most standard
CGI variables are set, and some non-standard ones are added.
By default all scripts and binaries under any directory called
`/cgi-bin/` are executed as CGI scripts (this includes cgi-bin
directories under users personal gopherspaces). Also, if a gophermap
is marked executable it is also processed as an CGI script.
As with regular files, CGI scripts must be world-executable (and
readable) or they will be ignored. Make sure your CGI script is safe
with ANY user input as poorly coded CGI scripts are the number 1
security problem with publicly open Unix/Linux/BSD servers.
The `-nx` option prevents execution of any script or external file.
In this case, they will be simply ignored and no output is given.
## Output filtering and PHP support
In addition to CGI scripts Gophernicus supports output filtering
scripts. By default output filtering is turned off, but you can turn
it on by using the `-f FILTERDIR` option, creating that directory
and creating one or more scripts in there named by either the file
suffix, or by the gopher filetype char.
If a file is to be served out which matches either the file suffix
script, or the filetype script then instead of simply sending the
file to client the output filter script is executed with the
original file as the first parameter and the output of the script
is then sent to client.
For PHP support install the CLI version of the PHP interpreter and
then symlink (or copy) that binary to the directory specified with
-f option using the destination name "php".
$ ln -s /usr/bin/php5-cli /usr/lib/gophernicus/filters/php
After that all files with the php suffix will be "filtered" through
the PHP command line interpreter. In other words, PHP starts working.
And don't use the CGI version of PHP as it outputs HTTP headers the
gopher protocol doesn't have.
## Charset support and conversions
Gophernicus supports three charsets: US-ASCII, ISO-8859-1 and UTF-8.
All textual input is internally upconverted to UTF-8 and then
downconverted to whatever charset the client is asking for. The
conversion is input autosensing which means that you don't have to
specify your filesystem charset, or the charset of your text files -
it's all detected automatically.
With standard gopher clients this is a bit of a problem as your text
files WILL be converted to 7-bit US-ASCII. This means that all 8-bit
charaters WILL BE LOST. This decision was made because no gopher
client that I tested was reliably cabable of decoding anything else
than pure US-ASCII. If you want to disable the conversion use the
`-no` option, or if you'd like to change the default output charset to
something else than US-ASCII just use for example the `-o ISO-8859-1`
## Selector rewriting
Selector rewriting lets you rewrite parts of the selector on the fly.
Well, not parts, but really just the start of it. And the rewrite
enging here is nothing like Apache's mod_rewrite as I was too lazy
to integrate any regex libraries... So, all it does is rewrite a
fixed string at the start of the selector to something else. This
will let you move your directories around while making sure that
existing deeplinks still work.
-R "/~user=/~luser"
-R "/old-dir=/new-dir"
## Session tracking and statistics
To enable virtual hosting with gopher (RFC1436) clients Gophernicus
tracks users and their session. As a side effect of that session
tracking, Gophernicus has simple throttling controls to keep nasty
users from killing your precious 120MHz PPC 604e server from dying
under the load. The throttling defaults are high enough that normal
human users will never hit the limits, but it's possible (and mostly
preferrable) that a badly behaving crawling agent will be throttled.
The current sessions and other real-time status data can be viewed
by opening the URL `gopher://HOSTNAME/0/server-status` . This status
view has been modeled after the Apache server-status which means
that it's possible to integrate Gophernicus into existing server
monitoring systems. To ease up such integrations, Gophernicus
supports HTTP requests of the server-status page using an URL like
`http://HOSTNAME:70/server-status?auto` .
## TLS/SSL and proxy support
As of version 2.3 Gophernicus supports the HAproxy proxy protocol
version 1. This makes it possible to build a cluster of gopher servers
and use HAproxy in front of them all handling client routing to different
backend servers.
More useful is putting Gophernicus behind Stunnel4 for TLS/SSL support
and use the same proxy protocol to tell Gophernicus the correct remote IP
address. The below sample stunnel configuration is all you need to
TLS-enable your gopher server. Well, you'll need a certificate too and for
that I recommend Let's Encrypt.
In addition to configuring Stunnel for TLS you should add `-T TLSPORT`
to Gophernicus options so that it knows which connetions are coming in
encrypted and which are not. Using proper `-T` also makes it possible for
CGI programs to use the `$TLS` environment variable to know whether the
current request was encrypted or not.
; Gophernicus behind Stunnel4 for gopher over TLS
; User/group for stunnel daemon
setuid = stunnel4
setgid = stunnel4
; PID file location
pid = /var/run/stunnel4/gophernicus.pid
; Log to file, not syslog
output = /var/log/stunnel4/gophernicus.log
syslog = no
; Certificate in pem format is needed for TLS
cert = /etc/ssl/private/gophernicus.pem
; Enable TCP wrappers
libwrap = yes
service = gophernicus-tls
; Gopher over TLS service
accept = :::7070
connect =
protocol = proxy