pollux/README.md

# Pollux - A Simple Gemini Server

Pollux is a lightweight Gemini server for serving static files securely. It supports TLS, hostname validation, and basic directory serving.

## Requirements

Rust 1.70+ and Cargo.

## Building

Clone or download the source, then run:

```bash
cargo build --release
```

This produces the `target/release/pollux` binary.

## Running

Create a config file at `/etc/pollux/config.toml` or use `--config` to specify a path:

```toml
root = "/path/to/static/files"
cert = "certs/cert.pem"
key = "certs/key.pem"
host = "gemini.jeena.net"
port = 1965
log_level = "info"
```

## Development Setup

### Quick Start with Self-Signed Certs
```bash
mkdir -p dev
openssl req -x509 -newkey rsa:2048 \
  -keyout dev/key.pem \
  -out dev/cert.pem \
  -days 365 \
  -nodes \
  -subj "/CN=localhost"
```

Update `config.toml`:
```toml
cert = "dev/cert.pem"
key = "dev/key.pem"
```

Run the server:

```bash
./pollux --config /path/to/config.toml
```

Or specify options directly (overrides config):

```bash
./pollux --root /path/to/static/files --cert cert.pem --key key.pem --host yourdomain.com --port 1965
```

Access with a Gemini client like Lagrange at `gemini://yourdomain.com/`.

## Options

- `--config`: Path to config file (default `/etc/pollux/config.toml`)
- `--root`: Directory to serve files from (required)
- `--cert`: Path to certificate file (required)
- `--key`: Path to private key file (required)
- `--host`: Hostname for validation (required)
- `--port`: Port to listen on (default 1965)

## Security

Uses path validation to prevent directory traversal. Validate hostnames for production use.

### Certificate Management
- Never commit certificate files to version control
- Use development certificates only for local testing
- Production certificates should be obtained via Let's Encrypt or your CA

## Testing

Run `cargo test` for unit tests. Fix warnings before commits.