orion, my gemini server got a bunch of updates today. In particular I:
- added the ability to switch user/group id after startup
- Added the first CI which checks if the program compiles (yay!)
- Added automatic deployment of docker containers on each release (yay!)
The last point also means, that orion is now also available as podman/docker container. For now I recommend users to run orion as container application, as this reduces the impact of possible security issues.
See the following quickstart guide for deploying your own orion
container.
# Quickstart guide
In this guide we will deploy orion as our first gemini server as a podman container. All commands should work with docker as well.
# Requirements
- A Linux machine with
podman
ordocker
In this guide I’m assuming we are using the /srv/orion
directory for our configuration and data files. This directory can be of course changed to your needs.
In particular the directory structure we will be using looks as follows
/srv/orion # Main program directory
+ /srv/orion/conf # Configuration directory
+ /srv/orion/conf/orion.conf # orion configuration file
+ /srv/orion/conf/orion.key # TLS key file
+ /srv/orion/conf/orion.cert # TLS certificate
+ /srv/orion/data # Data directory
+ /srv/orion/data/index.gmi # Index page
# Step-by-step guide
1. Create our configuration file
Use the provided orion.conf example file from the GitHub repository as a template and configure it to your needs. For your first container you might want to take the following template:
## orion configuration file for a containerized deployment
## lines starting with a '#' are comments and will be ignored
## Server hostname and listen address
Hostname = YOUR_HOSTNAME_HERE
# Bind ':1965' will bind to any IP address and port 1965
Bind = :1965
## TLS certificate
## Note: Those files will be loaded before chroot!
Certfile = orion.crt
Keyfile = orion.key
## Content directory
ContentDir = /data
2. Create certificates
gemini requires TLS, but most clients are just working fine with self-signed certificates. For a quick start guide, a simple self-signed certificate works just fine. Create your first certificate with make cert
in the orion repository or manually by using
openssl genrsa -out orion.key 2048
openssl req -x509 -nodes -days 3650 -key orion.key -out orion.crt
To avoid certificate issues, ensure that you set the common name to the hostname of your gemini server.
Ensure the key and certificate file end up in our /srv/orion/conf
directory.
3. Put some data there …
Crate the /srv/orion/data
directory and the /srv/orion/data/index.gmi
file. The later one can be a simple text file containing just a bare minimum example:
Hello gemini! This is an example gemini file just to test if the server is working properly
4. Run our container
podman run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 --memory 128M grisu48/orion
docker run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 grisu48/orion
This should run our orion container with podman/docker and you should be able to connect to it via your favorite gemini client. I used e.g. amfora, but any will do.
5. Celebrate
Congratulations! You have successfully deployed your first gemini server using orion. You are awesome!