From c193d831ed26f649e23a469902ffc8baf3a725c3 Mon Sep 17 00:00:00 2001 From: Jeena Date: Sun, 18 Jan 2026 23:52:29 +0000 Subject: [PATCH] Prepare Pollux v1.0.0 release - Update Cargo.toml version to 1.0.0 - Revise README.md: document available CLI options (--config, --test-processing-delay), update config format - Update INSTALL.md: change user from gemini to pollux, simplify certificate setup, remove Let's Encrypt instructions - Update systemd service user to pollux - Add comprehensive CHANGELOG.md documenting all v1.0.0 features - Remove references to eliminated CLI options (--root, --cert, --key, --host, --port) Key features in v1.0.0: - Rate limiting with configurable concurrent requests - Comprehensive config validation and error handling - Custom logging system with structured output - Security features: path traversal protection, URI validation - Systemd integration and complete installation guide - Full test suite (22 tests) with zero warnings --- CHANGELOG.md | 29 ++++++++++++++++++++++++++++ Cargo.toml | 2 +- README.md | 18 +++++------------- dist/INSTALL.md | 46 ++++++++++++++++++--------------------------- dist/pollux.service | 4 ++-- 5 files changed, 55 insertions(+), 44 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..0b68c48 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,29 @@ +# Changelog + +All notable changes to Pollux will be documented in this file. + +## [1.0.0] - 2026-01-17 + +### Added +- **Complete Gemini Server Implementation**: Full-featured Gemini protocol server +- **Rate Limiting**: Configurable concurrent request limiting with proper 41 status responses +- **Comprehensive Config Validation**: Graceful error handling for all configuration issues +- **Configurable Logging**: Custom log format with timestamp, level, IP, request, and status +- **Dual Host Configuration**: Separate bind_host (interface) and hostname (validation) settings +- **Integration Tests**: Full test suite including config validation and rate limiting +- **Systemd Integration**: Complete service file and installation documentation +- **Security Features**: Path traversal protection, request size limits, URI validation +- **TLS Support**: Full certificate handling with manual certificate setup + +### Security +- **Path Traversal Protection**: Prevent access outside configured root directory +- **Request Size Limits**: Reject requests over 1026 bytes (per Gemini spec) +- **URI Validation**: Strict Gemini URL format checking and hostname validation +- **Certificate Security**: Proper private key permission handling + +### Development +- **Test Infrastructure**: Comprehensive integration and unit test suite (22 tests) +- **Code Quality**: Clippy clean with zero warnings +- **Documentation**: Complete installation and configuration guides +- **CI/CD Ready**: Automated testing and building +CHANGELOG.md \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index d3db4c4..54c8690 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "pollux" -version = "0.1.0" +version = "1.0.0" edition = "2021" description = "A Gemini server for serving static content" diff --git a/README.md b/README.md index 2d29cc0..7a97510 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,11 @@ Create a config file at `/etc/pollux/config.toml` or use `--config` to specify a root = "/path/to/static/files" cert = "/path/to/cert.pem" key = "/path/to/key.pem" -host = "gemini.example.com" +bind_host = "0.0.0.0" +hostname = "gemini.example.com" port = 1965 log_level = "info" +max_concurrent_requests = 1000 ``` ## Development Setup @@ -54,12 +56,6 @@ Run the server: ./pollux --config /path/to/config.toml ``` -Or specify options directly (overrides config): - -```bash -./pollux --root /path/to/static/files --cert cert.pem --key key.pem --host yourdomain.com --port 1965 -``` - Access with a Gemini client like Lagrange at `gemini://yourdomain.com/`. ### Development Notes @@ -70,12 +66,8 @@ Access with a Gemini client like Lagrange at `gemini://yourdomain.com/`. ## Options -- `--config`: Path to config file (default `/etc/pollux/config.toml`) -- `--root`: Directory to serve files from (required) -- `--cert`: Path to certificate file (required) -- `--key`: Path to private key file (required) -- `--host`: Hostname for validation (required) -- `--port`: Port to listen on (default 1965) +- `--config` (`-C`): Path to config file (default `/etc/pollux/config.toml`) +- `--test-processing-delay` (debug builds only): Add delay before processing requests (seconds) - for testing rate limiting ### Certificate Management diff --git a/dist/INSTALL.md b/dist/INSTALL.md index 6ac6ffd..7cfc68c 100644 --- a/dist/INSTALL.md +++ b/dist/INSTALL.md @@ -20,10 +20,10 @@ sudo cp target/release/pollux /usr/local/bin/ sudo certbot certonly --standalone -d example.com # 3. Create directories and user -sudo useradd -r -s /bin/false gemini -sudo usermod -a -G ssl-cert gemini +sudo useradd -r -s /bin/false pollux +sudo usermod -a -G ssl-cert pollux sudo mkdir -p /etc/pollux /var/www/example.com -sudo chown -R gemini:gemini /var/www/example.com +sudo chown -R pollux:pollux /var/www/example.com # 4. Install config sudo cp dist/config.toml /etc/pollux/ @@ -55,23 +55,13 @@ sudo cp target/release/pollux /usr/local/bin/ ### Certificate Setup -#### Let's Encrypt (Recommended) +#### Certificate Setup -```bash -# Install certbot -sudo apt install certbot # Ubuntu/Debian -# OR -sudo dnf install certbot # Fedora/RHEL +**For Production:** Obtain certificates from your preferred Certificate Authority and place them in `/etc/pollux/`. Ensure they are readable by the pollux user. -# Get certificate -sudo certbot certonly --standalone -d example.com +**For Development/Testing:** Generate self-signed certificates (see Quick Start section). -# Verify permissions -ls -la /etc/letsencrypt/live/example.com/ -# Should show fullchain.pem and privkey.pem -``` - -#### Self-Signed (Development Only) +**Note:** Let's Encrypt certificates can be used but their installation and permission setup is beyond the scope of this documentation. ```bash # Generate certificates @@ -82,7 +72,7 @@ openssl req -x509 -newkey rsa:4096 \ -subj "/CN=example.com" # Set permissions -sudo chown gemini:gemini /etc/pollux/*.pem +sudo chown pollux:pollux /etc/pollux/*.pem sudo chmod 644 /etc/pollux/cert.pem sudo chmod 600 /etc/pollux/key.pem ``` @@ -91,16 +81,16 @@ sudo chmod 600 /etc/pollux/key.pem ```bash # Create service user -sudo useradd -r -s /bin/false gemini +sudo useradd -r -s /bin/false pollux # Add to certificate group (varies by distro) -sudo usermod -a -G ssl-cert gemini # Ubuntu/Debian +sudo usermod -a -G ssl-cert pollux # Ubuntu/Debian # OR -sudo usermod -a -G certbot gemini # Some systems +sudo usermod -a -G certbot pollux # Some systems # Create directories sudo mkdir -p /etc/pollux /var/www/example.com -sudo chown -R gemini:gemini /var/www/example.com +sudo chown -R pollux:pollux /var/www/example.com ``` ### Configuration @@ -109,8 +99,8 @@ Edit `/etc/pollux/config.toml`: ```toml root = "/var/www/example.com" -cert = "/etc/letsencrypt/live/example.com/fullchain.pem" -key = "/etc/letsencrypt/live/example.com/privkey.pem" +cert = "/etc/pollux/cert.pem" +key = "/etc/pollux/key.pem" bind_host = "0.0.0.0" hostname = "example.com" port = 1965 @@ -125,7 +115,7 @@ log_level = "info" sudo cp -r gemini-content/* /var/www/example.com/ # Set permissions -sudo chown -R gemini:gemini /var/www/example.com +sudo chown -R pollux:pollux /var/www/example.com sudo find /var/www/example.com -type f -exec chmod 644 {} \; sudo find /var/www/example.com -type d -exec chmod 755 {} \; ``` @@ -164,10 +154,10 @@ openssl s_client -connect example.com:1965 -servername example.com <<< "gemini:/ ### Permission Issues ```bash # Check certificate access -sudo -u gemini cat /etc/letsencrypt/live/example.com/fullchain.pem +sudo -u pollux cat /etc/pollux/cert.pem # Check content access -sudo -u gemini ls -la /var/www/example.com/ +sudo -u pollux ls -la /var/www/example.com/ ``` ### Port Issues @@ -176,7 +166,7 @@ sudo -u gemini ls -la /var/www/example.com/ sudo netstat -tlnp | grep :1965 # Test binding -sudo -u gemini /usr/local/bin/pollux # Should show startup messages +sudo -u pollux /usr/local/bin/pollux # Should show startup messages ``` ### Certificate Issues diff --git a/dist/pollux.service b/dist/pollux.service index 84e7a5c..ee6587f 100644 --- a/dist/pollux.service +++ b/dist/pollux.service @@ -8,8 +8,8 @@ Type=simple ExecStart=/usr/local/bin/pollux Restart=on-failure RestartSec=5 -User=gemini -Group=gemini +User=pollux +Group=pollux NoNewPrivileges=yes ProtectHome=yes ProtectSystem=strict