jeena/pollux
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
pollux/dist/INSTALL.md
Jeena ea8083fe1f Implement dual host configuration: bind_host and hostname 
- Replace 'host' config with separate 'bind_host' and 'hostname'
- bind_host: IP/interface for server binding (default 0.0.0.0)
- hostname: Domain for URI validation (required)
- Update all parsing and validation code
- Create dist/ directory with systemd service, config, and install guide
- Add comprehensive INSTALL.md with setup instructions
2026-01-16 12:46:27 +00:00

223 lines
No EOL
4.8 KiB
Markdown
Raw Blame History

# Installing Pollux Gemini Server
This guide covers installing and configuring the Pollux Gemini server for production use.
## Prerequisites
- Linux system with systemd
- Rust toolchain (for building from source)
- Domain name with DNS configured
- Let's Encrypt account (for certificates)
## Quick Start
```bash
# 1. Build and install
cargo build --release
sudo cp target/release/pollux /usr/local/bin/
# 2. Get certificates
sudo certbot certonly --standalone -d example.com
# 3. Create directories and user
sudo useradd -r -s /bin/false gemini
sudo usermod -a -G ssl-cert gemini
sudo mkdir -p /etc/pollux /var/www/example.com
sudo chown -R gemini:gemini /var/www/example.com
# 4. Install config
sudo cp dist/config.toml /etc/pollux/
# 5. Add your Gemini content
sudo cp -r your-content/* /var/www/example.com/
# 6. Install and start service
sudo cp dist/pollux.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable pollux
sudo systemctl start pollux
# 7. Check status
sudo systemctl status pollux
sudo journalctl -u pollux -f
```
## Detailed Installation
### Building from Source
```bash
git clone https://github.com/yourusername/pollux.git
cd pollux
cargo build --release
sudo cp target/release/pollux /usr/local/bin/
```
### Certificate Setup
#### Let's Encrypt (Recommended)
```bash
# Install certbot
sudo apt install certbot # Ubuntu/Debian
# OR
sudo dnf install certbot # Fedora/RHEL
# Get certificate
sudo certbot certonly --standalone -d example.com
# Verify permissions
ls -la /etc/letsencrypt/live/example.com/
# Should show fullchain.pem and privkey.pem
```
#### Self-Signed (Development Only)
```bash
# Generate certificates
openssl req -x509 -newkey rsa:4096 \
-keyout /etc/pollux/key.pem \
-out /etc/pollux/cert.pem \
-days 365 -nodes \
-subj "/CN=example.com"
# Set permissions
sudo chown gemini:gemini /etc/pollux/*.pem
sudo chmod 644 /etc/pollux/cert.pem
sudo chmod 600 /etc/pollux/key.pem
```
### User and Directory Setup
```bash
# Create service user
sudo useradd -r -s /bin/false gemini
# Add to certificate group (varies by distro)
sudo usermod -a -G ssl-cert gemini # Ubuntu/Debian
# OR
sudo usermod -a -G certbot gemini # Some systems
# Create directories
sudo mkdir -p /etc/pollux /var/www/example.com
sudo chown -R gemini:gemini /var/www/example.com
```
### Configuration
Edit `/etc/pollux/config.toml`:
```toml
root = "/var/www/example.com"
cert = "/etc/letsencrypt/live/example.com/fullchain.pem"
key = "/etc/letsencrypt/live/example.com/privkey.pem"
bind_host = "0.0.0.0"
hostname = "example.com"
port = 1965
max_concurrent_requests = 1000
log_level = "info"
```
### Content Setup
```bash
# Copy your Gemini files
sudo cp -r gemini-content/* /var/www/example.com/
# Set permissions
sudo chown -R gemini:gemini /var/www/example.com
sudo find /var/www/example.com -type f -exec chmod 644 {} \;
sudo find /var/www/example.com -type d -exec chmod 755 {} \;
```
### Service Installation
```bash
# Install service file
sudo cp dist/pollux.service /etc/systemd/system/
# If your paths differ, edit the service file
sudo editor /etc/systemd/system/pollux.service
# Update ReadOnlyPaths to match your config
# Enable and start
sudo systemctl daemon-reload
sudo systemctl enable pollux
sudo systemctl start pollux
```
### Verification
```bash
# Check service status
sudo systemctl status pollux
# View logs
sudo journalctl -u pollux -f
# Test connection
openssl s_client -connect example.com:1965 -servername example.com <<< "gemini://example.com/\r\n" | head -1
```
## Troubleshooting
### Permission Issues
```bash
# Check certificate access
sudo -u gemini cat /etc/letsencrypt/live/example.com/fullchain.pem
# Check content access
sudo -u gemini ls -la /var/www/example.com/
```
### Port Issues
```bash
# Check if port is in use
sudo netstat -tlnp | grep :1965
# Test binding
sudo -u gemini /usr/local/bin/pollux # Should show startup messages
```
### Certificate Issues
```bash
# Renew certificates
sudo certbot renew
# Reload service after cert renewal
sudo systemctl reload pollux
```
## Configuration Options
See `config.toml` for all available options. Key settings:
- `root`: Directory containing your .gmi files
- `cert`/`key`: TLS certificate paths
- `bind_host`: IP/interface to bind to
- `hostname`: Domain name for URI validation
- `port`: Listen port (1965 is standard)
- `max_concurrent_requests`: Connection limit
- `log_level`: Logging verbosity
## Upgrading
```bash
# Stop service
sudo systemctl stop pollux
# Install new binary
sudo cp target/release/pollux /usr/local/bin/
# Start service
sudo systemctl start pollux
```
## Security Notes
- Certificates are read-only by the service user
- Content directory is read-only
- No temporary file access
- Systemd security hardening applied
- Private keys have restricted permissions
- URI validation prevents domain confusion attacks
Reference in a new issue View git blame Copy permalink