[my_capsule] Custom Gemini capsule to make your Gemini pages reachable on the web

Custom Gemini capsule with SFTP access and HtmGem to make your Gemini pages reachable on the web.

https://gemini.circumlunar.space/

Gemini is a new internet protocol which:

  • Is heavier than gopher
  • Is lighter than the web
  • Will not replace either
  • Strives for maximum power to weight ratio
  • Takes user privacy very seriously
5 Likes

Many thanks for adding this - Iā€™ve been eagerly awaiting a Gemini server to be added!

Initially the server wouldnā€™t start - to get it working I had to make several changes to the config file in /etc/gemserv/config.d -

  1. Change the permissions of the domain toml config file (ie your.domain.com.toml) to gemserv:gemserv
  2. Copy the contents of server.toml into the top of the above mentioned file.

Not sure if those two tweaks are the best solution, but they work for me at least.

hi @yalh76

Iā€™ve also installed your packaged app in a subdomain of my ynh server at home

It seems installation was fine, as I can open in a regular browser (ie. firefox) https://gem.mydomain.tld and see sftp credentials and port. Default ā€œwelcomeā€ page.

But trying to open gem.mydomain.tld on Amfora (my gemini browser of choice) replies with

URL Fetch Error ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•—
ā•‘ ā•‘
ā•‘ Failed to connect to the server: ā•‘
ā•‘ tls: DialWithDialer timed out.

Port 1965 is open on my home router; and https page loads fine; so I guess DNS config is also fine on my register; letsencrypt certificate also installed.

Please would any of you give any hint about the possible issue? Should I write a default page in /var/www/gemā€¦folder or should it serve your default page (as with http)? thanks

@mxv

Iā€™m going to reboot server now and

hi!

Iā€™ve done what @mxv suggests

chown gemserv:gemserv domain.tld.toml

and copy/paste server.toml content on top of domain.tld.toml

then restart gemserv service.

Now works!

Thanks

First command solves /var/log/gemserv/gemserv.log

cat: /etc/gemserv/config.d/domain.tld.toml: Permission denied

second one solves

Config error: missing field server at line 1 column 1

1 Like

I just installed it and it works fine after having followed instructions of @mxv and @ghose.

I can access my capsule through gemini but not with https where I receive an error:

An error occurred during a connection to gem.xxxx.org. Certificate key usage inadequate for attempted operation.

Error code: SEC_ERROR_INADEQUATE_KEY_USAGE

Do I have anything to do regarding the certificate or dns (at my registrar)?

Thank you.

My problem accessing my capsule with https is solved, I forgot to install a letā€™s encrypt certificate for the domain used when installing my_capsule app.

Thank you for your work @yalh76 !

1 Like

But what is the use of a MySQL database when installing?

I donā€™t know, I 've seen that you can use cgi with gemerv, so that cgi can need a mysql, so Iā€™ve implemented a mysql during install

In addition, mycapsule_ynh is based on mywebapp_ynh that implement a mysql database during install

1 Like

hi @yalh76

already opened a github issue, because Iā€™ve been contacted about possible problems with gemserv versions <0.6.5 related to traversal file system attacks.

switched off my capsule untill the update.

upstream updated ~int80h/gemserv: master - sourcehut git

thanks.

Hi,

Which ports need to be opened ? I reinstalled my yunohost and forgot which ports are neededā€¦

Thank you.

1965

1 Like

Thank you.

@yalh76 Hello, the file /etc/systemd/system/gemserv.service provided by gemserv_yunohost contains conflicting systemd directives. I donā€™t have a GitHub account, could you fix the bug yourself?

Description of the issue

The installation of the server is done without any apparent problem. The start of the service fails. You can see the logged information below.

LOGFILE: journalctl
-- Logs begin at Mon 2022-02-28 14:04:06 GMT, end at Mon 2022-02-28 16:26:42 GMT. --
Feb 28 16:03:52 systemd[1]: Started gemserv.
Feb 28 16:03:53 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:03:53 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:03:58 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:03:58 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 735.
Feb 28 16:03:58 systemd[1]: Stopped gemserv.
Feb 28 16:03:58 systemd[1]: Starting gemserv...
Feb 28 16:03:58 systemd[1]: Started gemserv.
Feb 28 16:03:58 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:03:58 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:03 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:03 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 736.
Feb 28 16:04:03 systemd[1]: Stopped gemserv.
Feb 28 16:04:03 systemd[1]: Starting gemserv...
Feb 28 16:04:04 systemd[1]: Started gemserv.
Feb 28 16:04:04 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:04 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:09 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:09 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 737.
Feb 28 16:04:09 systemd[1]: Stopped gemserv.
Feb 28 16:04:09 systemd[1]: Starting gemserv...
Feb 28 16:04:10 systemd[1]: Started gemserv.
Feb 28 16:04:10 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:10 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:15 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:15 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 738.
Feb 28 16:04:15 systemd[1]: Stopped gemserv.
Feb 28 16:04:15 systemd[1]: Starting gemserv...
Feb 28 16:04:15 systemd[1]: Started gemserv.
Feb 28 16:04:16 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:16 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:21 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:21 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 739.
Feb 28 16:04:21 systemd[1]: Stopped gemserv.
Feb 28 16:04:21 systemd[1]: Starting gemserv...
Feb 28 16:04:21 systemd[1]: Started gemserv.
Feb 28 16:04:21 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:21 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:26 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:26 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 740.
Feb 28 16:04:26 systemd[1]: Stopped gemserv.
Feb 28 16:04:26 systemd[1]: Starting gemserv...
Feb 28 16:04:27 systemd[1]: Started gemserv.
Feb 28 16:04:27 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:27 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:29 systemd[1]: Stopped gemserv.
Feb 28 16:26:42 systemd[1]: Starting gemserv...
Feb 28 16:26:42 systemd[1]: Started gemserv.
Feb 28 16:26:42 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:26:42 systemd[1]: gemserv.service: Failed with result 'exit-code'.

LOGFILE: /var/log/gemserv/gemserv.log
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

After analysis, the systemd directive ProtectSystem=full prevents the executions of the systemd directives ExecStartPre.

ProtectSystem=

Takes a boolean argument or the special values "full " or "strict ". If true, mounts the /usr/ and the boot loader directories (/boot and /efi ) read-only for processes invoked by this unit. If set to "full ", the /etc/ directory is mounted read-only, too.

At startup, the service cannot initially create the required configuration file (config.toml) for the server.

Thanks,
just pushed it on Fix ProtectSystem=full prevents the executions of the systemd directā€¦ by yalh76 Ā· Pull Request #10 Ā· YunoHost-Apps/gemserv_ynh Ā· GitHub

gemserv fails to start

/var/log/gemserv/gemserv.log

Config error: duplicate field `log` at line 18 column 1

in /etc/gemserv/config.toml

log = ā€œinfoā€ is actually twice in that config file, but if I try to delete one entry (as root user) it is written back again (I guess by gemserv user)

-rw-r----- 1 gemserv gemserv 1005 May 13 06:16 config.toml

I have stopped gemserv.service, tried to edit file and restart it again.
I have restarted whole YNH. No success.

Please, any hint? thank you

I see it only once in the config header file

Can you verify there is no log = ā€œinfoā€ in your own .toml (not the config.toml.head which is in fact a copy of the file I gave the link to) in the /etc/gemserv/config.d/ folder?

I do not see any trace of log = ā€œinfoā€ in the config template used by the my_capsule package to generates the config of each capsule, so I dontā€™ understand where can this duplication come from

2 Likes

thank you!

there was indeed a log=info entry AND port/host (it was needed, at least in my config, in the early days of the server and it was there since)

commented all those three lines and now server restarted withou warnings.

2022-05-13 07:26:53,459 INFO  [gemserv] Serving 1 vhosts

Thank you.

1 Like

I want to share this experience. Itā€™s not a problem or asking for help.

YNH ssl certificate auto-renewal for my_capsule worked fine few weeks ago, and my_capsuleā€™s ā€œweb versionā€ is been served using this new certificate, so nginx took it right (I presume).

BUT gemserv was not using this new certificate. I checked configs and both servers had the same route to the same ssl certificate. I had to manually restart gemserv server to force the use of this new certificate because last start was older than certifcate renewal.

I presume (again) that somehow nginx was restarted after this renewal or it works differently to gemserv and gemserv does not automatically loads this config.

I donā€™t know if this is a bug or a feature :smiley: , just comment here because my_capsule was reporting a bad certificate warning because of this. I hope this is of any help.

bye! :wave:

Hi,

Thanks for the report, itā€™s a bug, I didnā€™t though of the certificate renewalā€¦ I think that after the certificate renewal nginx is automatically reloaded ā€¦

1 Like

Iā€™ve updated my_capsule to 0.6.6~ynh3

and gemserv failed to start, and reading /var/log/gemserv/gemserv.log I see:

chown: changing ownership of '/etc/gemserv/config.d/domain.tld.toml': Operation not permitted
cat: /etc/gemserv/config.d/domain.tld.toml: Permission denied
Config error: missing field `server` at line 1 column 1

config error is caused by ownership (I guessed), so

Iā€™ve compared old (backed up) config file permissions

-rw-r----- 1 gemserv gemserv 363 May 13 07:26 /home/yunohost.conf/backup/etc/gemserv/config.d/domain.tld.toml.backup.20220802.072722

with the new one

-rw-r----- 1 my_capsule my_capsule 322 Aug 2 07:27 domain.tld.toml

so Iā€™ve manually changed ownership and restarted gemserv.

chown gemserv:gemserv domain.tld.toml

It now works.

Please, is this the correct way of solving it? thank you

Thank you.