Technology Linux

orion update

orion, my gemini server got a bunch of updates today. In particular I:

  • added the ability to switch user/group id after startup
  • Added the first CI which checks if the program compiles (yay!)
  • Added automatic deployment of docker containers on each release (yay!)

The last point also means, that orion is now also available as podman/docker container. For now I recommend users to run orion as container application, as this reduces the impact of possible security issues.

See the following quickstart guide for deploying your own orion container.

# Quickstart guide

In this guide we will deploy orion as our first gemini server as a podman container. All commands should work with docker as well.

# Requirements

  • A Linux machine with podman or docker

In this guide I’m assuming we are using the /srv/orion directory for our configuration and data files. This directory can be of course changed to your needs. In particular the directory structure we will be using looks as follows

  /srv/orion                                # Main program directory
  + /srv/orion/conf                         # Configuration directory
    + /srv/orion/conf/orion.conf            # orion configuration file
    + /srv/orion/conf/orion.key             # TLS key file
    + /srv/orion/conf/orion.cert            # TLS certificate
  + /srv/orion/data                         # Data directory
    + /srv/orion/data/index.gmi             # Index page

# Step-by-step guide

1. Create our configuration file

Use the provided orion.conf example file from the GitHub repository as a template and configure it to your needs. For your first container you might want to take the following template:

## orion configuration file for a containerized deployment
## lines starting with a '#' are comments and will be ignored

## Server hostname and listen address
Hostname = YOUR_HOSTNAME_HERE
# Bind ':1965' will bind to any IP address and port 1965
Bind = :1965

## TLS certificate
## Note: Those files will be loaded before chroot!
Certfile = orion.crt
Keyfile = orion.key

## Content directory
ContentDir = /data

2. Create certificates

gemini requires TLS, but most clients are just working fine with self-signed certificates. For a quick start guide, a simple self-signed certificate works just fine. Create your first certificate with make cert in the orion repository or manually by using

openssl genrsa -out orion.key 2048
openssl req -x509 -nodes -days 3650 -key orion.key -out orion.crt

To avoid certificate issues, ensure that you set the common name to the hostname of your gemini server.

Ensure the key and certificate file end up in our /srv/orion/conf directory.

3. Put some data there …

Crate the /srv/orion/data directory and the /srv/orion/data/index.gmi file. The later one can be a simple text file containing just a bare minimum example:

Hello gemini! This is an example gemini file just to test if the server is working properly

4. Run our container

podman run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 --memory 128M grisu48/orion
docker run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 grisu48/orion

This should run our orion container with podman/docker and you should be able to connect to it via your favorite gemini client. I used e.g. amfora, but any will do.

5. Celebrate

Congratulations! You have successfully deployed your first gemini server using orion. You are awesome!