GemiNim is a simple Nim server for the Gemini protocol.
gemini://gemi.nim.town
https://gemi.nim.town/index.gemini
- Fast
- Simple
- Domain-based vhosting
- CGI
- Per-user directories
- Directory listing
- Support for uploading files via Titan
- Client-side authentication with authority files (see below)
This implementation is experimental and subject to change! GemiNim supports restricting access to configured resources using a system similar to ssh authorization files.
First, restricted zones are configured in GemiNim’s configuration file as follows:
[localhost.localdomain/restrictedZones] /path/to/resource: "path/to/authority_file"
Afterwards, GemiNim will restrict access to the configured paths by first requiring a certificate if one is not provided, then verifying if the provided certificate is authorised as per the declared authority file.
The syntax for an authority file is as follow:
# Comment line <digest_type>:<digest> ...
Where <digest_type> is one of:
- md5
- sha1
- sha256
- sha512
And <digest> is the hash of the certificate to be authorised. The certificate must be hashed from it’s DER format. For example, to obtain the SHA256 of a certificate:
openssl x509 -in certs/cert.pem -outform der | openssl dgst -sha256
You can build GemiNim by running:
nimble build
I also provide a Nix package. To get into the build shell environment, just run:
nix-shell
- [X] Client certificate authentication (is implemented but highly experimental)
- [ ] HTTP(S) mirroring
- [ ] Reverse proxying support