diff options
| author | Rodion Goritskov <rodion.goritskov@gmail.com> | 2024-06-22 23:33:54 +0400 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2024-07-26 18:55:07 +0200 |
| commit | 4bc49e2185179fbbc96a06ff0a921021f746011a (patch) | |
| tree | 15ff270ac3aafbbbc5c86b146dcc29e0e52c0aa5 /doc | |
| parent | 2cbdec8bcd4c712fc4ac40af603297c104a7eb13 (diff) | |
services: agate: Update options for compatibility with the current Agate version.
* gnu/services/web.scm (<agate-configuration>)[certs]: Add.
[cert]: Remove.
[key]: Remove.
[hostname]: Change from string to list.
[silent?]: Remove.
[only-tls13?]: Add.
[central-conf?]: Add.
[ed25519?]: Add.
[skip-port-check?]: Add.
(agate-shepherd-service): Change handling of addr and hostname, add new
options handling.
* doc/guix.texi (Web Services): Update.
Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guix.texi | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 9ba96af459..41814042f5 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32935,25 +32935,30 @@ This is the type of the agate service, whose value should be an (service agate-service-type (agate-configuration (content "/srv/gemini") - (cert "/srv/cert.pem") - (key "/srv/key.rsa"))) + (certs "/srv/gemini-certs"))) @end lisp The example above represents the minimal tweaking necessary to get Agate -up and running. Specifying the path to the certificate and key is +up and running. Specifying the path to the certificate and key directory is always necessary, as the Gemini protocol requires TLS by default. -To obtain a certificate and a key, you could, for example, use OpenSSL, -running a command similar to the following example: +If specified path is writable by Agate, and contains no valid key +and certificate, the Agate will try to generate them on the first start. +If specified directory is read-only - key and certificate should be pre-generated by user. + +To obtain a certificate and a key in a DER format, you could, for example, +use OpenSSL, running a commands similar to the following example: @example -openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \ - -days 3650 -nodes -subj "/CN=example.com" +openssl genpkey -out key.der -outform DER -algorithm RSA \ + -pkeyopt rsa_keygen_bits:4096 +openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \ + -subj "/CN=example.com" @end example Of course, you'll have to replace @i{example.com} with your own domain name, and then point the Agate configuration towards the path of the -generated key and certificate. +directory with the generated key and certificate using the @code{certs} option. @end defvar @@ -32967,30 +32972,38 @@ The package object of the Agate server. @item @code{content} (default: @file{"/srv/gemini"}) The directory from which Agate will serve files. -@item @code{cert} (default: @code{#f}) -The path to the TLS certificate PEM file to be used for encrypted -connections. Must be filled in with a value from the user. - -@item @code{key} (default: @code{#f}) -The path to the PKCS8 private key file to be used for encrypted -connections. Must be filled in with a value from the user. +@item @code{certs} (default: @file{"/srv/gemini-certs"}) +Root of the certificate directory. Must be filled in with a value from the user. @item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")}) A list of the addresses to listen on. -@item @code{hostname} (default: @code{#f}) -The domain name of this Gemini server. Optional. +@item @code{hostnames} (default: @code{'()}) +Virtual hosts for the Gemini server. If multiple values are +specified, corresponding directory names should be present in the @code{content} +directory. Optional. @item @code{lang} (default: @code{#f}) RFC 4646 language code(s) for text/gemini documents. Optional. -@item @code{silent?} (default: @code{#f}) -Set to @code{#t} to disable logging output. +@item @code{only-tls13?} (default: @code{#f}) +Set to @code{#t} to disable support for TLSv1.2. @item @code{serve-secret?} (default: @code{#f}) Set to @code{#t} to serve secret files (files/directories starting with a dot). +@item @code{central-conf?} (default: @code{#f}) +Set to @code{#t} to look for the .meta configuration file in the @code{content} +root directory and will ignore @code{.meta} files in other directories + +@item @code{ed25519?} (default: @code{#f}) +Set to @code{#t} to generate keys using the Ed25519 signature algorithm +instead of the default ECDSA. + +@item @code{skip-port-check?} (default: @code{#f}) +Set to @code{#t} to skip URL port check even when a @code{hostname} is specified. + @item @code{log-ip?} (default: @code{#t}) Whether or not to output IP addresses when logging. |