More installation process in the readme
This commit is contained in:
Miraty
parent
07b68301c3
commit
1b10e05fef
1 changed files with 123 additions and 11 deletions
134
README.md
134
README.md
|
|
@ -33,10 +33,9 @@ To provide all features:
|
|||
|
||||
`# pacman -S tor knot openssh sudo nginx nginx-mod-headers-more certbot certbot-nginx php-fpm php-sqlite`
|
||||
|
||||
To limit users storage:
|
||||
|
||||
`# pacman -S quota-tool`
|
||||
Some tools you might find usefull to manage a server:
|
||||
|
||||
`# pacman -S vnstat htop nload ufw vim man-db curl`
|
||||
|
||||
### maniver installation
|
||||
|
||||
|
|
@ -46,6 +45,7 @@ $ rustup default stable
|
|||
$ git clone https://code.antopie.org/miraty/maniver-dev
|
||||
$ cd maniver-dev
|
||||
$ cargo build --release
|
||||
# cp ./target/release/maniver /usr/local/bin/
|
||||
```
|
||||
|
||||
### gmnisrv installation
|
||||
|
|
@ -58,24 +58,95 @@ $ cd gmnisrv/build
|
|||
$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
|
||||
$ make # Build gmnisrv
|
||||
# make install # Install gmnisrv binary and manpages on the system
|
||||
# useradd -U -r -s /usr/bin/nologin gmnisrv # Add the gmnisrv system user and group
|
||||
# vim /etc/systemd/system/gmnisrv.service
|
||||
```
|
||||
|
||||
`# useradd -U -r -s /usr/bin/nologin gmnisrv`
|
||||
```
|
||||
[Unit]
|
||||
Description=A Gemini server
|
||||
After=network.target
|
||||
Wants=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/local/bin/gmnisrv
|
||||
ExecStop=
|
||||
#Restart=on-failure
|
||||
User=gmnisrv
|
||||
Group=gmnisrv
|
||||
WorkingDirectory=/srv/ht
|
||||
|
||||
Some tools you might find usefull to manage a server:
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
```
|
||||
# systemctl daemon-reload
|
||||
# mkdir -p /srv/gemini/niver.atope.art
|
||||
# echo "This is a testing Gemini capsule" > /srv/gemini/niver.atope.art/index.gmi
|
||||
# mkdir /var/local/gmnisrv
|
||||
# chmod -R 700 /var/local/gmnisrv
|
||||
# chown -R gmnisrv:gmnisrv /var/local/gmnisrv
|
||||
# vim /usr/local/etc/gmnisrv.ini
|
||||
```
|
||||
|
||||
`# pacman -S vnstat htop nload ufw vim man-db curl`
|
||||
```
|
||||
# Space-separated list of hosts
|
||||
listen=0.0.0.0:1965 [::]:1965
|
||||
|
||||
[:tls]
|
||||
# Path to store certificates on disk
|
||||
store=/var/local/gmnisrv
|
||||
|
||||
[niver.atope.art]
|
||||
root=/srv/gemini/niver.atope.art
|
||||
```
|
||||
|
||||
To add knot as an additional group for user php-niver:
|
||||
`usermod -aG knot php-niver`
|
||||
|
||||
To generate a key/certificate pair with ed25519 expiring in 10 years
|
||||
`openssl req -subj '/CN=domain' -new -newkey ED25519 -days 3650 -nodes -x509 -keyout domain.key -out domain.crt`
|
||||
|
||||
### SFTP setup
|
||||
|
||||
```
|
||||
# groupadd ht
|
||||
# echo "Ce compe n'est accessible qu'en SFTP, pas en SSH.
|
||||
This account is only available over SFTP, not over SSH." > /etc/nologin.txt
|
||||
```
|
||||
|
||||
### Quota setup
|
||||
|
||||
```
|
||||
# pacman -S quota-tool
|
||||
# dd if=/dev/zero of=/srv/ht.img count=4194304 # count is the size in octet
|
||||
# mkfs.ext4 /srv/ht.img
|
||||
# mkdir /srv/ht
|
||||
# mount /srv/ht.img /srv/ht
|
||||
```
|
||||
|
||||
### PHP setup
|
||||
|
||||
In php.ini :
|
||||
expose_php = Off
|
||||
|
||||
### Niver PHP setup
|
||||
|
||||
```
|
||||
EDITOR=vim visudo
|
||||
php-niver ALL=(root) NOPASSWD: /usr/local/bin/maniver
|
||||
```
|
||||
|
||||
## Features
|
||||
|
||||
### Web interface
|
||||
|
||||
* Anonymous: you only need a pseudo/password set
|
||||
* Page lower than 10 KiB, without cache
|
||||
* No JavaScript, no images, and HTML is semantic so you could even block CSS
|
||||
* Page lower than 10 KiB
|
||||
* No JavaScript, no images, and CSS are optionnal
|
||||
* Dark and light themes
|
||||
* Free service running libre software (AGPLv3+)
|
||||
* Free service running libre software
|
||||
|
||||
### Hypertext
|
||||
|
||||
|
|
@ -85,7 +156,7 @@ Some tools you might find usefull to manage a server:
|
|||
* TLS 1.2 & 1.3 or TLS 1.3 only
|
||||
* DNS (ICANN, OpenNIC or anything) and Onion v3 (through Tor)
|
||||
* HTTP/1.1 and HTTP/2
|
||||
* Let's Encrypt certificate
|
||||
* Let's Encrypt certificates
|
||||
* All HTTP security headers
|
||||
|
||||
### Nameserver
|
||||
|
|
@ -100,7 +171,48 @@ Some tools you might find usefull to manage a server:
|
|||
|
||||
## Anti-features
|
||||
|
||||
* No internationalized domain support (you can only use ASCII in your domain)
|
||||
* No internationalized domain name support (you can only use ASCII in your domain name)
|
||||
* No BIND-style plaintext configuration (you need to fill a form for every record you add or remove)
|
||||
|
||||
## Nginx mimetypes association
|
||||
|
||||
```
|
||||
text/plain txt;
|
||||
text/gemini gmi;
|
||||
text/markdown md;
|
||||
text/html html;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
text/csv csv;
|
||||
text/javascript js;
|
||||
|
||||
application/xhtml+xml xhtml;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
application/json json;
|
||||
application/gzip gz;
|
||||
application/zip zip;
|
||||
application/epub+zip epub;
|
||||
application/pdf pdf;
|
||||
|
||||
font/woff woff;
|
||||
font/woff2 woff2;
|
||||
|
||||
image/png png;
|
||||
image/tiff tif tiff;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
image/svg+xml svg svgz;
|
||||
image/webp webp;
|
||||
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg oga opus spx;
|
||||
audio/webm weba;
|
||||
audio/flac flac;
|
||||
|
||||
video/webm webm;
|
||||
video/mp4 mp4;
|
||||
video/ogg ogv;
|
||||
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue