Implement dual host configuration: bind_host and hostname

- Replace 'host' config with separate 'bind_host' and 'hostname'
- bind_host: IP/interface for server binding (default 0.0.0.0)
- hostname: Domain for URI validation (required)
- Update all parsing and validation code
- Create dist/ directory with systemd service, config, and install guide
- Add comprehensive INSTALL.md with setup instructions

dist/INSTALL.md

@@ -0,0 +1,223 @@
+# Installing Pollux Gemini Server
+
+This guide covers installing and configuring the Pollux Gemini server for production use.
+
+## Prerequisites
+
+- Linux system with systemd
+- Rust toolchain (for building from source)
+- Domain name with DNS configured
+- Let's Encrypt account (for certificates)
+
+## Quick Start
+
+```bash
+# 1. Build and install
+cargo build --release
+sudo cp target/release/pollux /usr/local/bin/
+
+# 2. Get certificates
+sudo certbot certonly --standalone -d example.com
+
+# 3. Create directories and user
+sudo useradd -r -s /bin/false gemini
+sudo usermod -a -G ssl-cert gemini
+sudo mkdir -p /etc/pollux /var/www/example.com
+sudo chown -R gemini:gemini /var/www/example.com
+
+# 4. Install config
+sudo cp dist/config.toml /etc/pollux/
+
+# 5. Add your Gemini content
+sudo cp -r your-content/* /var/www/example.com/
+
+# 6. Install and start service
+sudo cp dist/pollux.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable pollux
+sudo systemctl start pollux
+
+# 7. Check status
+sudo systemctl status pollux
+sudo journalctl -u pollux -f
+```
+
+## Detailed Installation
+
+### Building from Source
+
+```bash
+git clone https://github.com/yourusername/pollux.git
+cd pollux
+cargo build --release
+sudo cp target/release/pollux /usr/local/bin/
+```
+
+### Certificate Setup
+
+#### Let's Encrypt (Recommended)
+
+```bash
+# Install certbot
+sudo apt install certbot  # Ubuntu/Debian
+# OR
+sudo dnf install certbot  # Fedora/RHEL
+
+# Get certificate
+sudo certbot certonly --standalone -d example.com
+
+# Verify permissions
+ls -la /etc/letsencrypt/live/example.com/
+# Should show fullchain.pem and privkey.pem
+```
+
+#### Self-Signed (Development Only)
+
+```bash
+# Generate certificates
+openssl req -x509 -newkey rsa:4096 \
+  -keyout /etc/pollux/key.pem \
+  -out /etc/pollux/cert.pem \
+  -days 365 -nodes \
+  -subj "/CN=example.com"
+
+# Set permissions
+sudo chown gemini:gemini /etc/pollux/*.pem
+sudo chmod 644 /etc/pollux/cert.pem
+sudo chmod 600 /etc/pollux/key.pem
+```
+
+### User and Directory Setup
+
+```bash
+# Create service user
+sudo useradd -r -s /bin/false gemini
+
+# Add to certificate group (varies by distro)
+sudo usermod -a -G ssl-cert gemini    # Ubuntu/Debian
+# OR
+sudo usermod -a -G certbot gemini     # Some systems
+
+# Create directories
+sudo mkdir -p /etc/pollux /var/www/example.com
+sudo chown -R gemini:gemini /var/www/example.com
+```
+
+### Configuration
+
+Edit `/etc/pollux/config.toml`:
+
+```toml
+root = "/var/www/example.com"
+cert = "/etc/letsencrypt/live/example.com/fullchain.pem"
+key = "/etc/letsencrypt/live/example.com/privkey.pem"
+bind_host = "0.0.0.0"
+hostname = "example.com"
+port = 1965
+max_concurrent_requests = 1000
+log_level = "info"
+```
+
+### Content Setup
+
+```bash
+# Copy your Gemini files
+sudo cp -r gemini-content/* /var/www/example.com/
+
+# Set permissions
+sudo chown -R gemini:gemini /var/www/example.com
+sudo find /var/www/example.com -type f -exec chmod 644 {} \;
+sudo find /var/www/example.com -type d -exec chmod 755 {} \;
+```
+
+### Service Installation
+
+```bash
+# Install service file
+sudo cp dist/pollux.service /etc/systemd/system/
+
+# If your paths differ, edit the service file
+sudo editor /etc/systemd/system/pollux.service
+# Update ReadOnlyPaths to match your config
+
+# Enable and start
+sudo systemctl daemon-reload
+sudo systemctl enable pollux
+sudo systemctl start pollux
+```
+
+### Verification
+
+```bash
+# Check service status
+sudo systemctl status pollux
+
+# View logs
+sudo journalctl -u pollux -f
+
+# Test connection
+openssl s_client -connect example.com:1965 -servername example.com <<< "gemini://example.com/\r\n" | head -1
+```
+
+## Troubleshooting
+
+### Permission Issues
+```bash
+# Check certificate access
+sudo -u gemini cat /etc/letsencrypt/live/example.com/fullchain.pem
+
+# Check content access
+sudo -u gemini ls -la /var/www/example.com/
+```
+
+### Port Issues
+```bash
+# Check if port is in use
+sudo netstat -tlnp | grep :1965
+
+# Test binding
+sudo -u gemini /usr/local/bin/pollux  # Should show startup messages
+```
+
+### Certificate Issues
+```bash
+# Renew certificates
+sudo certbot renew
+
+# Reload service after cert renewal
+sudo systemctl reload pollux
+```
+
+## Configuration Options
+
+See `config.toml` for all available options. Key settings:
+
+- `root`: Directory containing your .gmi files
+- `cert`/`key`: TLS certificate paths
+- `bind_host`: IP/interface to bind to
+- `hostname`: Domain name for URI validation
+- `port`: Listen port (1965 is standard)
+- `max_concurrent_requests`: Connection limit
+- `log_level`: Logging verbosity
+
+## Upgrading
+
+```bash
+# Stop service
+sudo systemctl stop pollux
+
+# Install new binary
+sudo cp target/release/pollux /usr/local/bin/
+
+# Start service
+sudo systemctl start pollux
+```
+
+## Security Notes
+
+- Certificates are read-only by the service user
+- Content directory is read-only
+- No temporary file access
+- Systemd security hardening applied
+- Private keys have restricted permissions
+- URI validation prevents domain confusion attacks

dist/config.toml

@@ -0,0 +1,68 @@
+# Pollux Gemini Server Configuration
+# 
+# This is an example configuration file for the Pollux Gemini server.
+# Copy this file to /etc/pollux/config.toml and customize the values below.
+# 
+# The Gemini protocol is specified in RFC 1436: https://tools.ietf.org/rfc/rfc1436.txt
+
+# Directory containing your Gemini files (.gmi, .txt, images, etc.)
+# The server will serve files from this directory and its subdirectories.
+# Default index file is 'index.gmi' for directory requests.
+# 
+# IMPORTANT: The server needs READ access to this directory.
+# Make sure the service user (gemini) can read all files here.
+root = "/var/www/example.com"
+
+# TLS certificate and private key files
+# These files are required for TLS encryption (Gemini requires TLS).
+# 
+# For Let's Encrypt certificates (recommended for production):
+# cert = "/etc/letsencrypt/live/example.com/fullchain.pem"
+# key = "/etc/letsencrypt/live/example.com/privkey.pem"
+# 
+# To obtain Let's Encrypt certs:
+# sudo certbot certonly --standalone -d example.com
+# 
+# For development/testing, generate self-signed certs:
+# openssl req -x509 -newkey rsa:4096 -keyout /etc/pollux/key.pem -out /etc/pollux/cert.pem -days 365 -nodes -subj "/CN=example.com"
+cert = "/etc/letsencrypt/live/example.com/fullchain.pem"
+key = "/etc/letsencrypt/live/example.com/privkey.pem"
+
+# Server network configuration
+# 
+# bind_host: IP address or interface to bind the server to
+#   - "0.0.0.0" = listen on all interfaces (default)
+#   - "127.0.0.1" = localhost only
+#   - "::" = IPv6 all interfaces
+#   - Specific IP = bind to that address only
+bind_host = "0.0.0.0"
+
+# hostname: Domain name for URI validation
+#   - Used to validate incoming gemini:// URIs
+#   - Clients must use: gemini://yourdomain.com
+#   - Server validates that requests match this hostname
+hostname = "example.com"
+
+# port: TCP port to listen on
+#   - Default Gemini port is 1965
+#   - Ports below 1024 require root privileges
+#   - Choose a different port if 1965 is in use
+port = 1965
+
+# Request limiting
+# 
+# max_concurrent_requests: Maximum number of simultaneous connections
+#   - Prevents server overload and DoS attacks
+#   - Set to 0 to disable limiting (not recommended)
+#   - Typical values: 100-10000 depending on server capacity
+max_concurrent_requests = 1000
+
+# Logging configuration
+# 
+# log_level: Controls how much information is logged
+#   - "error": Only errors that prevent normal operation
+#   - "warn": Errors plus warnings about unusual conditions
+#   - "info": General operational information (recommended)
+#   - "debug": Detailed debugging information
+#   - "trace": Very verbose debugging (use only for troubleshooting)
+log_level = "info"

dist/pollux.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=Pollux Gemini Server
+After=network.target
+Wants=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/pollux
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=5
+User=gemini
+Group=gemini
+NoNewPrivileges=yes
+ProtectHome=yes
+ProtectSystem=strict
+ReadOnlyPaths=/etc/pollux /etc/letsencrypt/live/example.com /var/www/example.com
+# NOTE: Adjust paths to match your config:
+# - /etc/letsencrypt/live/example.com for Let's Encrypt certs
+# - /var/www/example.com for your content root
+# The server needs read access to config, certificates, and content files
+
+[Install]
+WantedBy=multi-user.target