Jeena
8fa30c2545
- Complete Gemini server implementation with logging - Add comprehensive documentation (README.md, AGENTS.md) - Implement certificate management guidelines - Add .gitignore for security and build artifacts - All unit tests passing (14/14) - Ready for production deployment
44 lines
1.3 KiB
Markdown
44 lines
1.3 KiB
Markdown
Overview
|
|
--------
|
|
|
|
This project is a very simple gemini server which only serves static files,
|
|
nothing else. It is meant to be generic so other people can use it.
|
|
|
|
Setup
|
|
=====
|
|
|
|
This is a modern Rust project with the default rust setup.
|
|
|
|
Security
|
|
========
|
|
|
|
In this project cyber security is very important because we are implementing
|
|
a server which reads arbitrary data from other computers and we need to make
|
|
sure that bad actors can't break it and read random things from outside
|
|
the directory, or even worse write things.
|
|
|
|
Testing
|
|
=======
|
|
We have UnitTests which should be kept up to date before committing any new code.
|
|
|
|
Fix every compiler warning before committing.
|
|
|
|
### Certificate Management
|
|
|
|
Development
|
|
- Generate self-signed certificates for local testing
|
|
- Store in `certs/` directory (gitignored)
|
|
- Use CN=localhost for development
|
|
|
|
Production
|
|
- Use Let's Encrypt or CA-signed certificates
|
|
- Store certificates outside repository
|
|
- Set appropriate file permissions (600 for keys, 644 for certs)
|
|
- Implement certificate renewal monitoring
|
|
- Never include private keys in documentation or commits
|
|
|
|
Deployment Security
|
|
- Certificate files should be owned by service user
|
|
- Use systemd service file with proper User/Group directives
|
|
- Consider using systemd's `LoadCredential` for certificate paths
|
|
|