orion update

orion, my gemini server got a bunch of updates today. In particular I:

  • added the ability to switch user/group id after startup
  • Added the first CI which checks if the program compiles (yay!)
  • Added automatic deployment of docker containers on each release (yay!)

The last point also means, that orion is now also available as podman/docker container. For now I recommend users to run orion as container application, as this reduces the impact of possible security issues.

See the following quickstart guide for deploying your own orion container.


Quickstart guide

In this guide we will deploy orion as our first gemini server as a podman container. All commands should work with docker as well.

Requirements

  • A Linux machine with podman or docker

In this guide I’m assuming we are using the /srv/orion directory for our configuration and data files. This directory can be of course changed to your needs. In particular the directory structure we will be using looks as follows

  /srv/orion                                # Main program directory
  + /srv/orion/conf                         # Configuration directory
    + /srv/orion/conf/orion.conf            # orion configuration file
    + /srv/orion/conf/orion.key             # TLS key file
    + /srv/orion/conf/orion.cert            # TLS certificate
  + /srv/orion/data                         # Data directory
    + /srv/orion/data/index.gmi             # Index page

Step-by-step guide

1. Create our configuration file

Use the provided orion.conf example file from the GitHub repository as a template and configure it to your needs. For your first container you might want to take the following template:

## orion configuration file for a containerized deployment
## lines starting with a '#' are comments and will be ignored

## Server hostname and listen address
Hostname = YOUR_HOSTNAME_HERE
# Bind ':1965' will bind to any IP address and port 1965
Bind = :1965

## TLS certificate
## Note: Those files will be loaded before chroot!
Certfile = orion.crt
Keyfile = orion.key

## Content directory
ContentDir = /data

2. Create certificates

gemini requires TLS, but most clients are just working fine with self-signed certificates. For a quick start guide, a simple self-signed certificate works just fine. Create your first certificate with make cert in the orion repository or manually by using

openssl genrsa -out orion.key 2048
openssl req -x509 -nodes -days 3650 -key orion.key -out orion.crt

To avoid certificate issues, ensure that you set the common name to the hostname of your gemini server.

Ensure the key and certificate file end up in our /srv/orion/conf directory.

3. Put some data there …

Crate the /srv/orion/data directory and the /srv/orion/data/index.gmi file. The later one can be a simple text file containing just a bare minimum example:

Hello gemini! This is an example gemini file just to test if the server is working properly

4. Run our container

podman run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 --memory 128M grisu48/orion
docker run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 grisu48/orion

This should run our orion container with podman/docker and you should be able to connect to it via your favorite gemini client. I used e.g. amfora, but any will do.

5. Celebrate

Congratulations! You have successfully deployed your first gemini server using orion. You are awesome!