Which Gemini Server?
I am looking to run a Gemini server with CGI (and in the future something better that CGI) on an Amazon EC2 instance.
GMID - unable to start. When started with -n, says configuration is ok. When started proper, just comes right back and does not seem to daemonize -- grepping for gmid yields nothing in processes. When doing 'make test', fails on almost everything -- localhost port 10965 seems not accessible -- even though I opened it.
gmisrv -- cannot compile -- uses deprecated opnessl crap.
I am not sure if there is some kind of firewall running I am not aware of, but even if not gmid seems to act weird...
Any suggestions for fixing this or alternate servers with CGI that are not impossibly complicated to install are appreciated.
I was hoping for one written in C, but will settle for anything that works to start with.
Aug 29 ยท 6 weeks ago
32 Comments โ
๐ jsreed5 ยท Aug 30 at 04:02:
What OS are you using in your EC2 instance? I run Jetforce using Amazon Linux AMI (which is a fairly old system, to be honest), and I can provide an outline of how I set it up.
Your firewall is most likely managed by EC2 security groups and by VPC Network ACLs, not on the instance itself. If you can't reach services on your instance from the outside, you may not have opened the right ports to the right address block.
๐ฐ bronzie94 ยท Aug 30 at 05:05:
Probably not much help, but on Linode/Akami I needed to open the port on the VM/server, and put that server in a virtual (account level) firewall group, and open/route the port throgh to that server...
๐ silica ยท Aug 30 at 06:30:
I have the same problem with last version of gmid. Try to run it with -fv, if it has some IMSG error, then use version 2.1.1.
๐ก jlxip ยท Aug 30 at 09:12:
A few years ago I wrote zodiac, a nginx for gemini.
๐ stack [OP] ยท Aug 30 at 12:47:
I opted for Ubuntu 24.04 on a T3.micro. Next time I'll work with something smaller, but for now wanted something I know since there are many other new things to figure out.
I opened 1965.
Molly Brown works with static content and simple CGI, but my stuff crashes out. I will fix it.
nginx sounds really interesting, and I will investigate.
๐ stack [OP] ยท Aug 30 at 15:04:
CGI crashes on opening a perfectly good file, with all permissions set reasonably. Something about how CGI is called from Molly Brown -- maybe not enough file handles or something like that. Really hard to debug.
That is why I was hoping for a C server that I could examine the code of. This smells of some kind of a safety measure, safety being the #1 word of go people.
๐ stack [OP] ยท Aug 30 at 15:13:
@silica -- I am in fact getting a fatal error: missing socket in IMSG_RECONF_SOCK.
However I am running 2.1.1, which is the latest version. Any thoughts?
๐ silica ยท Aug 31 at 11:07:
@stack Sorry about that last message, I didn't explain clear enough that my word "version 2.1.1" mean git tag and last version mean latest commit.
I got `fatal in server: missing socket for IMSG_RECONF_SOCK` when compile gmid from commit 72caf63 (latest commit). I switch to ac211ae (tag 2.1.1), and that solve the problem.
If you cloned gmid repo, compile it form commit ac211ae should fix the problem. (or get source tarball from github release.)
๐ stack [OP] ยท Aug 31 at 15:34:
@silica, thank you, got it working!
Unfortunately I just saw that it supports FCGI, not CGI. While it is ostensibly better and I will likely switch to that, I am hoping to get the site up as is with CGI as a first step.
So I am back to nothing.
๐ devoid ยท Aug 31 at 16:31:
There's nothing as permanent as a temporary solution.
If you plan to switch to FCGI later then just start now.
๐ stack [OP] ยท Aug 31 at 20:27:
I am traveling and have a few minutes here and there, enough to move the current code over, maybe a small fix, but not a rewrite of the interface to game logic reliably
There must be a server that supports CGI. I don't care what it's written in anymore, just that it works.
It can't be that hard, right?
๐ ingrix ยท Sep 01 at 00:38:
I am actively developing libpxd/polluxd, which is written in C and supports CGI, amongst other features.
โ polluxd documentation/information
We run it on ingrix.info, hashnix.club, and eschew.ai at least. I think the documentation is enough to get you up and running but if you run into troubles drop me a line at ingrix at sdf dot org or drop into hashnix.club's dream chat.
๐ ingrix ยท Sep 01 at 00:41:
I goofed the links, sorry. Try:
โ polluxd documentation/information
๐ stack [OP] ยท Sep 01 at 01:59:
That's more like it!
๐ stack [OP] ยท Sep 01 at 13:31:
@ingrix, a CGI question.
My game currently has a compiled CGI executable and a bunch of .gmi and data files in the same directory. Is it possible to configure the server to work with that, or would I need to segregate CGI scripts to a separate directory?
๐ ingrix ยท Sep 01 at 17:00:
@stack
You /should/ be able to do what you're asking. Specify your cgi script directly in the location block to change its behavior. Example
location /path/to/my/game/files {
action=file
...
}
location /path/to/my/game/files/game.exe {
action=cgi
...
}
I haven't tried that combination specifically, but if that doesn't work then let me know and I will patch it.
๐ stack [OP] ยท Sep 01 at 17:31:
@ingrix,
unzipped the topmost libpxd, trid to 'make' but error:
./update_version.sh: 3: set: Illegal option -o pipefail make: *** [Makefile:28: include/libpxd/px_version.h] Error 2
๐ ingrix ยท Sep 01 at 17:42:
@stack
I thought I fixed that issue. If you remove that line in update_version.sh it should work. Sorry for the inconvenience.
๐ stack [OP] ยท Sep 01 at 20:09:
@ingrix, having trouble with configuration, getting unrecognized key location.
When specifying location=... is that an absolute file path or the url path?
How do docroot and chroot_dir interact? Is docroot a url path or file path? If file path, is it post-chroot?
๐ stack [OP] ยท Sep 01 at 20:36:
Here is what I am trying to do:
File system:
home
stack
gemkeys
...pems
public_gemini
stack
game
cgi # a cgi file
...gmi_files
And the config (does not work)
drop_user=stack
drop_group=stack
host=...
listen_addr=any
port=1965
cert_file=gemkey/my.crt
key_file=gemkey/my.key
chroot_dir=/home/stack/public_gemini
docroot=/
#home/stack/public_gemini
#fails on next line!
location=/stack/game{
action = file
}
>/home/stack>polluxd -f polluxd.conf
error polluxd_config.c: 152: polluxd.conf line 13: unrecognized key location
error polluxd.c: 111: could not update configuration from file
๐ ingrix ยท Sep 01 at 21:40:
@stack
Location blocks should be specified as absolute paths and are matched against the request path. The block specification should not have '=' between 'location' and the directory, i.e. you want:
location /stack/game { <- no =
'docroot' is prepended to the request path to translate it into a filesystem path. It is considered post-chroot, as are most other values. The only pre-chroot values are the key/cert and log paths.
You may want to consider not specifying a chroot_dir and point 'docroot' at /home/stack/public_gemini for simplicity, first,then add a chroot once it's working.
๐ ingrix ยท Sep 01 at 22:01:
@stack
Here's an off-the-cuff directory hierarchy and config file I put together based on what it seems like you're trying to do (though it runs out of /tmp instead of /home). Extract this into your /tmp and pass the enclosed polluxd-stack.conf to polluxd. You should be able to request gemini://localhost:1969/stack/game/cgi/stack.cgi and it'll print out the contents of one of the files in /tmp/stack/public_gemini/stack/game/
fyi this does not use a chroot
โ test conf + directory hierarchy
๐ stack [OP] ยท Sep 02 at 00:39:
@ingrix: thanks, that works. I will do some more fixing tomorrow and do a trial launch.
๐ stack [OP] ยท Sep 02 at 15:18:
@ingrix, a couple of quick questions:
Is the server intended to output ongoing activity to the invoking terminal and should be redirected to a log?
Is there a better way to terminate it other than looking up and killing it by process id?
Is there logging, btw?
๐ ingrix ยท Sep 02 at 17:22:
@stack
Logging is written to stderr. You can redirect stderr to a log file with shell redirection which is perfectly fine, or you can use the logfile=... option in the global part of the config file which will open stderr to whatever file you specify there (that one is done pre-chroot, btw).
Looking up the PID and killing it is the way to go. If you send the main process (probably the lowest pid) a SIGHUP will do a clean shutdown, but you can also just kill all polluxd processes and it should work just fine. Forcible termination by other signals also shouldn't adversely affect anything in polluxd itself.
๐ stack [OP] ยท Sep 03 at 15:50:
@ingrix: CGI is not getting REMOTE_USER!
I rely on the user name from the certificate!
GEMINI_URL=gemini://spell.ddns.net/games/env.cgi HOSTNAME=spell.ddns.net REMOTE_ADDR=71.247.220.174:52978 AUTH_TYPE=CERTIFICATE TLS_VERSION=TLSv1.3 PATH_TRANSLATED=/home/stack/public_gemini/games/env.cgi SERVER_SOFTWARE=libpxd/polluxd TLS_CIPHER=TLS_AES_256_GCM_SHA384 TLS_CLIENT_HASH=<deleted> SERVER_PROTOCOL=gemini SERVER_ADDR=172.31.39.9:1965 TLS_CLIENT_PUBKEY_HASH=<deleted> PWD=/ SCRIPT_NAME=/games/env.cgi SERVER_NAME=spell.ddns.net
๐ ingrix ยท Sep 03 at 15:59:
@stack noted, polluxd doesn't extract that info yet. I'll put a patch together tonight.
๐ stack [OP] ยท Sep 03 at 16:03:
Thank you!
โ๏ธ gim ยท Sep 05 at 19:22:
out of curiosity, but what should be inside REMOTE_USER?
๐ stack [OP] ยท Sep 05 at 19:36:
REMOTE_USER contains the name entered during the creation of the client certificate.
If you are curious, here is a cgi script that returns all environment variables sent by your client. Enable a certificate and see for yourself:
Unfortunately tilde team is down most of the time these days...
โ๏ธ gim ยท Sep 05 at 19:56:
I was curious, cause most of my (user) certs simply are empty
๐ stack [OP] ยท Sep 05 at 20:22:
I use the name in SpellBinding's top score board. If you play without a name, you will still be on the board without a name. Otherwise it does not affect gameplay.
Source