Prepare Pollux v1.0.0 release
- Update Cargo.toml version to 1.0.0 - Revise README.md: document available CLI options (--config, --test-processing-delay), update config format - Update INSTALL.md: change user from gemini to pollux, simplify certificate setup, remove Let's Encrypt instructions - Update systemd service user to pollux - Add comprehensive CHANGELOG.md documenting all v1.0.0 features - Remove references to eliminated CLI options (--root, --cert, --key, --host, --port) Key features in v1.0.0: - Rate limiting with configurable concurrent requests - Comprehensive config validation and error handling - Custom logging system with structured output - Security features: path traversal protection, URI validation - Systemd integration and complete installation guide - Full test suite (22 tests) with zero warnings
This commit is contained in:
parent
bde6181820
commit
c193d831ed
5 changed files with 55 additions and 44 deletions
46
dist/INSTALL.md
vendored
46
dist/INSTALL.md
vendored
|
|
@ -20,10 +20,10 @@ sudo cp target/release/pollux /usr/local/bin/
|
|||
sudo certbot certonly --standalone -d example.com
|
||||
|
||||
# 3. Create directories and user
|
||||
sudo useradd -r -s /bin/false gemini
|
||||
sudo usermod -a -G ssl-cert gemini
|
||||
sudo useradd -r -s /bin/false pollux
|
||||
sudo usermod -a -G ssl-cert pollux
|
||||
sudo mkdir -p /etc/pollux /var/www/example.com
|
||||
sudo chown -R gemini:gemini /var/www/example.com
|
||||
sudo chown -R pollux:pollux /var/www/example.com
|
||||
|
||||
# 4. Install config
|
||||
sudo cp dist/config.toml /etc/pollux/
|
||||
|
|
@ -55,23 +55,13 @@ sudo cp target/release/pollux /usr/local/bin/
|
|||
|
||||
### Certificate Setup
|
||||
|
||||
#### Let's Encrypt (Recommended)
|
||||
#### Certificate Setup
|
||||
|
||||
```bash
|
||||
# Install certbot
|
||||
sudo apt install certbot # Ubuntu/Debian
|
||||
# OR
|
||||
sudo dnf install certbot # Fedora/RHEL
|
||||
**For Production:** Obtain certificates from your preferred Certificate Authority and place them in `/etc/pollux/`. Ensure they are readable by the pollux user.
|
||||
|
||||
# Get certificate
|
||||
sudo certbot certonly --standalone -d example.com
|
||||
**For Development/Testing:** Generate self-signed certificates (see Quick Start section).
|
||||
|
||||
# Verify permissions
|
||||
ls -la /etc/letsencrypt/live/example.com/
|
||||
# Should show fullchain.pem and privkey.pem
|
||||
```
|
||||
|
||||
#### Self-Signed (Development Only)
|
||||
**Note:** Let's Encrypt certificates can be used but their installation and permission setup is beyond the scope of this documentation.
|
||||
|
||||
```bash
|
||||
# Generate certificates
|
||||
|
|
@ -82,7 +72,7 @@ openssl req -x509 -newkey rsa:4096 \
|
|||
-subj "/CN=example.com"
|
||||
|
||||
# Set permissions
|
||||
sudo chown gemini:gemini /etc/pollux/*.pem
|
||||
sudo chown pollux:pollux /etc/pollux/*.pem
|
||||
sudo chmod 644 /etc/pollux/cert.pem
|
||||
sudo chmod 600 /etc/pollux/key.pem
|
||||
```
|
||||
|
|
@ -91,16 +81,16 @@ sudo chmod 600 /etc/pollux/key.pem
|
|||
|
||||
```bash
|
||||
# Create service user
|
||||
sudo useradd -r -s /bin/false gemini
|
||||
sudo useradd -r -s /bin/false pollux
|
||||
|
||||
# Add to certificate group (varies by distro)
|
||||
sudo usermod -a -G ssl-cert gemini # Ubuntu/Debian
|
||||
sudo usermod -a -G ssl-cert pollux # Ubuntu/Debian
|
||||
# OR
|
||||
sudo usermod -a -G certbot gemini # Some systems
|
||||
sudo usermod -a -G certbot pollux # Some systems
|
||||
|
||||
# Create directories
|
||||
sudo mkdir -p /etc/pollux /var/www/example.com
|
||||
sudo chown -R gemini:gemini /var/www/example.com
|
||||
sudo chown -R pollux:pollux /var/www/example.com
|
||||
```
|
||||
|
||||
### Configuration
|
||||
|
|
@ -109,8 +99,8 @@ Edit `/etc/pollux/config.toml`:
|
|||
|
||||
```toml
|
||||
root = "/var/www/example.com"
|
||||
cert = "/etc/letsencrypt/live/example.com/fullchain.pem"
|
||||
key = "/etc/letsencrypt/live/example.com/privkey.pem"
|
||||
cert = "/etc/pollux/cert.pem"
|
||||
key = "/etc/pollux/key.pem"
|
||||
bind_host = "0.0.0.0"
|
||||
hostname = "example.com"
|
||||
port = 1965
|
||||
|
|
@ -125,7 +115,7 @@ log_level = "info"
|
|||
sudo cp -r gemini-content/* /var/www/example.com/
|
||||
|
||||
# Set permissions
|
||||
sudo chown -R gemini:gemini /var/www/example.com
|
||||
sudo chown -R pollux:pollux /var/www/example.com
|
||||
sudo find /var/www/example.com -type f -exec chmod 644 {} \;
|
||||
sudo find /var/www/example.com -type d -exec chmod 755 {} \;
|
||||
```
|
||||
|
|
@ -164,10 +154,10 @@ openssl s_client -connect example.com:1965 -servername example.com <<< "gemini:/
|
|||
### Permission Issues
|
||||
```bash
|
||||
# Check certificate access
|
||||
sudo -u gemini cat /etc/letsencrypt/live/example.com/fullchain.pem
|
||||
sudo -u pollux cat /etc/pollux/cert.pem
|
||||
|
||||
# Check content access
|
||||
sudo -u gemini ls -la /var/www/example.com/
|
||||
sudo -u pollux ls -la /var/www/example.com/
|
||||
```
|
||||
|
||||
### Port Issues
|
||||
|
|
@ -176,7 +166,7 @@ sudo -u gemini ls -la /var/www/example.com/
|
|||
sudo netstat -tlnp | grep :1965
|
||||
|
||||
# Test binding
|
||||
sudo -u gemini /usr/local/bin/pollux # Should show startup messages
|
||||
sudo -u pollux /usr/local/bin/pollux # Should show startup messages
|
||||
```
|
||||
|
||||
### Certificate Issues
|
||||
|
|
|
|||
4
dist/pollux.service
vendored
4
dist/pollux.service
vendored
|
|
@ -8,8 +8,8 @@ Type=simple
|
|||
ExecStart=/usr/local/bin/pollux
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
User=gemini
|
||||
Group=gemini
|
||||
User=pollux
|
||||
Group=pollux
|
||||
NoNewPrivileges=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=strict
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue