orion, my gemini server got a bunch of updates today. In particular I:
- added the ability to switch user/group id after startup
- Added the first CI which checks if the program compiles (yay!)
- Added automatic deployment of docker containers on each release (yay!)
The last point also means, that orion is now also available as podman/docker container. For now I recommend users to run orion as container application, as this reduces the impact of possible security issues.
See the following quickstart guide for deploying your own
In this guide we will deploy orion as our first gemini server as a podman container. All commands should work with docker as well.
- A Linux machine with
In this guide I’m assuming we are using the
/srv/orion directory for our configuration and data files. This directory can be of course changed to your needs.
In particular the directory structure we will be using looks as follows
/srv/orion # Main program directory + /srv/orion/conf # Configuration directory + /srv/orion/conf/orion.conf # orion configuration file + /srv/orion/conf/orion.key # TLS key file + /srv/orion/conf/orion.cert # TLS certificate + /srv/orion/data # Data directory + /srv/orion/data/index.gmi # Index page
1. Create our configuration file
Use the provided orion.conf example file from the GitHub repository as a template and configure it to your needs. For your first container you might want to take the following template:
## orion configuration file for a containerized deployment ## lines starting with a '#' are comments and will be ignored ## Server hostname and listen address Hostname = YOUR_HOSTNAME_HERE # Bind ':1965' will bind to any IP address and port 1965 Bind = :1965 ## TLS certificate ## Note: Those files will be loaded before chroot! Certfile = orion.crt Keyfile = orion.key ## Content directory ContentDir = /data
2. Create certificates
gemini requires TLS, but most clients are just working fine with self-signed certificates. For a quick start guide, a simple self-signed certificate works just fine. Create your first certificate with
make cert in the orion repository or manually by using
openssl genrsa -out orion.key 2048 openssl req -x509 -nodes -days 3650 -key orion.key -out orion.crt
To avoid certificate issues, ensure that you set the common name to the hostname of your gemini server.
Ensure the key and certificate file end up in our
3. Put some data there …
/srv/orion/data directory and the
/srv/orion/data/index.gmi file. The later one can be a simple text file containing just a bare minimum example:
Hello gemini! This is an example gemini file just to test if the server is working properly
4. Run our container
podman run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 --memory 128M grisu48/orion docker run -d --name orion -v /srv/orion/conf:/conf -v /srv/orion/data:/data -p 1965:1965 grisu48/orion
This should run our orion container with podman/docker and you should be able to connect to it via your favorite gemini client. I used e.g. amfora, but any will do.
Congratulations! You have successfully deployed your first gemini server using orion. You are awesome!