orion, my gemini server got a bunch of updates today. In particular I:
- added the ability to switch user/group id after startup
- Added the first CI which checks if the program compiles (yay!)
- Added automatic deployment of docker containers on each release (yay!)
The last point also means, that orion is now also available as podman/docker container. For now I recommend users to run orion as container application, as this reduces the impact of possible security issues.
See the following quickstart guide for deploying your own orion
container.
Quickstart guide
In this guide we will deploy orion as our first gemini server as a podman container. All commands should work with docker as well.
Requirements
- A Linux machine with
podman
ordocker
In this guide I’m assuming we are using the /srv/orion
directory for our configuration and data files. This directory can be of course changed to your needs.
In particular the directory structure we will be using looks as follows
/srv/orion # Main program directory
+ /srv/orion/conf # Configuration directory
+ /srv/orion/conf/orion.conf # orion configuration file
+ /srv/orion/conf/orion.key # TLS key file
+ /srv/orion/conf/orion.cert # TLS certificate
+ /srv/orion/data # Data directory
+ /srv/orion/data/index.gmi # Index page
Step-by-step guide
1. Create our configuration file
Use the provided orion.conf example file from the GitHub repository as a template and configure it to your needs. For your first container you might want to take the following template:
## orion configuration file for a containerized deployment
## lines starting with a '#' are comments and will be ignored
## Server hostname and listen address
Hostname = YOUR_HOSTNAME_HERE
# Bind ':1965' will bind to any IP address and port 1965
Bind = :1965
## TLS certificate
## Note: Those files will be loaded before chroot!
Certfile = orion.crt
Keyfile = orion.key
## Content directory
ContentDir = /data
2. Create certificates
gemini requires TLS, but most clients are just working fine with self-signed certificates. For a quick start guide, a simple self-signed certificate works just fine. Create your first certificate with make cert
in the orion repository or manually by using
openssl genrsa -out orion.key 2048
openssl req -x509 -nodes -days 3650 -key orion.key -out orion.crt
To avoid certificate issues, ensure that you set the common name to the hostname of your gemini server.
Ensure the key and certificate file end up in our /srv/orion/conf
directory.
3. Put some data there …
Crate the /srv/orion/data
directory and the /srv/orion/data/index.gmi
file. The later one can be a simple text file containing just a bare minimum example:
Hello gemini! This is an example gemini file just to test if the server is working properly
4. Run our container
podman run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 --memory 128M grisu48/orion
docker run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 grisu48/orion
This should run our orion container with podman/docker and you should be able to connect to it via your favorite gemini client. I used e.g. amfora, but any will do.
5. Celebrate
Congratulations! You have successfully deployed your first gemini server using orion. You are awesome!