feat: Implement virtual hosting for multi-domain Gemini server
- Add hostname-based request routing for multiple capsules per server - Parse virtual host configs from TOML sections ([hostname]) - Implement per-host certificate and content isolation - Add comprehensive virtual host testing and validation - Update docs and examples for multi-host deployments This enables Pollux to serve multiple Gemini domains from one instance, providing the foundation for multi-tenant Gemini hosting.
This commit is contained in:
parent
c193d831ed
commit
0459cb6220
22 changed files with 2296 additions and 406 deletions
64
dist/config.toml
vendored
64
dist/config.toml
vendored
|
|
@ -5,31 +5,14 @@
|
|||
#
|
||||
# The Gemini protocol is specified in RFC 1436: https://tools.ietf.org/rfc/rfc1436.txt
|
||||
|
||||
# Directory containing your Gemini files (.gmi, .txt, images, etc.)
|
||||
# The server will serve files from this directory and its subdirectories.
|
||||
# Default index file is 'index.gmi' for directory requests.
|
||||
#
|
||||
# IMPORTANT: The server needs READ access to this directory.
|
||||
# Make sure the service user (gemini) can read all files here.
|
||||
root = "/var/www/example.com"
|
||||
|
||||
# TLS certificate and private key files
|
||||
# These files are required for TLS encryption (Gemini requires TLS).
|
||||
#
|
||||
# For Let's Encrypt certificates (recommended for production):
|
||||
# cert = "/etc/letsencrypt/live/example.com/fullchain.pem"
|
||||
# key = "/etc/letsencrypt/live/example.com/privkey.pem"
|
||||
#
|
||||
# To obtain Let's Encrypt certs:
|
||||
# sudo certbot certonly --standalone -d example.com
|
||||
#
|
||||
# For development/testing, generate self-signed certs:
|
||||
# openssl req -x509 -newkey rsa:4096 -keyout /etc/pollux/key.pem -out /etc/pollux/cert.pem -days 365 -nodes -subj "/CN=example.com"
|
||||
cert = "/etc/letsencrypt/live/example.com/fullchain.pem"
|
||||
key = "/etc/letsencrypt/live/example.com/privkey.pem"
|
||||
# For additional hostnames, add more sections like:
|
||||
# ["blog.example.com"]
|
||||
# root = "/var/gemini/blog"
|
||||
# cert = "/etc/pollux/tls/blog.crt"
|
||||
# key = "/etc/pollux/tls/blog.key"
|
||||
|
||||
# Server network configuration
|
||||
#
|
||||
#
|
||||
# bind_host: IP address or interface to bind the server to
|
||||
# - "0.0.0.0" = listen on all interfaces (default)
|
||||
# - "127.0.0.1" = localhost only
|
||||
|
|
@ -37,12 +20,6 @@ key = "/etc/letsencrypt/live/example.com/privkey.pem"
|
|||
# - Specific IP = bind to that address only
|
||||
bind_host = "0.0.0.0"
|
||||
|
||||
# hostname: Domain name for URI validation
|
||||
# - Used to validate incoming gemini:// URIs
|
||||
# - Clients must use: gemini://yourdomain.com
|
||||
# - Server validates that requests match this hostname
|
||||
hostname = "example.com"
|
||||
|
||||
# port: TCP port to listen on
|
||||
# - Default Gemini port is 1965
|
||||
# - Ports below 1024 require root privileges
|
||||
|
|
@ -50,7 +27,7 @@ hostname = "example.com"
|
|||
port = 1965
|
||||
|
||||
# Request limiting
|
||||
#
|
||||
#
|
||||
# max_concurrent_requests: Maximum number of simultaneous connections
|
||||
# - Prevents server overload and DoS attacks
|
||||
# - Set to 0 to disable limiting (not recommended)
|
||||
|
|
@ -58,11 +35,34 @@ port = 1965
|
|||
max_concurrent_requests = 1000
|
||||
|
||||
# Logging configuration
|
||||
#
|
||||
#
|
||||
# log_level: Controls how much information is logged
|
||||
# - "error": Only errors that prevent normal operation
|
||||
# - "warn": Errors plus warnings about unusual conditions
|
||||
# - "info": General operational information (recommended)
|
||||
# - "debug": Detailed debugging information
|
||||
# - "trace": Very verbose debugging (use only for troubleshooting)
|
||||
log_level = "info"
|
||||
log_level = "info"
|
||||
|
||||
# Host configuration
|
||||
# Each hostname needs its own section with root, cert, and key settings
|
||||
["example.com"]
|
||||
# Directory containing your Gemini files (.gmi, .txt, images, etc.)
|
||||
# The server will serve files from this directory and its subdirectories.
|
||||
# Default index file is 'index.gmi' for directory requests.
|
||||
#
|
||||
# IMPORTANT: The server needs READ access to this directory.
|
||||
# Make sure the service user can read all files here.
|
||||
root = "/var/gemini"
|
||||
|
||||
# TLS certificate and private key files
|
||||
# These files are required for TLS encryption (Gemini requires TLS).
|
||||
#
|
||||
# For self-signed certificates (development/testing):
|
||||
cert = "/etc/pollux/tls/cert.pem"
|
||||
key = "/etc/pollux/tls/key.pem"
|
||||
#
|
||||
# Generate self-signed certs with:
|
||||
# openssl req -x509 -newkey rsa:4096 -keyout /etc/pollux/tls/key.pem -out /etc/pollux/tls/cert.pem -days 365 -nodes -subj "/CN=example.com"
|
||||
#
|
||||
# For Let's Encrypt certificates, use paths under /etc/letsencrypt/live/
|
||||
Loading…
Add table
Add a link
Reference in a new issue