# Molly Brown ## Gemini server (created Jan 29, 2021) I started using the Molly Brown Gemini server in May 2020. I have updated it a couple times since then. => Create an empty directory `~/go`. Set the $GOPATH environment variable to `~/go`. Run `go get tildegit.org/solderpunk/molly-brown`. > If everything goes well, the end result of this will be that you'll have the Molly Brown source code sitting in ~/go/src/tildegit.org/solderpunk/molly-brown and an executable binary sitting at ~/go/bin/molly-brown. If it makes you happier or your life easier, you can copy that binary to /usr/sbin/ or anywhere else. > Molly Brown can run without a configuration file, in which case it will use compiled-in default settings. However, these settings are oriented toward quick test runs with all files in the current working directory. For regular use, you will want to override these defaults with more suitable settings from a config file. An example config file showing the syntax for all settings can be found in the ~/go/src/tildegit.org/solderpunk/molly-brown/ directory with the filename example.conf. You can copy this file to /etc/molly.conf and edit it to suit your environment. All the options are explained further below. If you put your configuration file somewhere other than /etc/molly.conf, you will need to use Molly Brown's -c command line option to tell Molly Brown where to find it. > Molly Brown does not handle details like daemonising itself, changing the user it runs as, etc. You will need to take care of these tasks by, e.g. integrating Molly Brown with your operating system's init system. Some limited instructions on how to do this for common systems follows. > You can always use a tool like daemon to take care of daemonising the Molly Brown process, changing the user it runs as, chrooting it to a particular location, etc. You can call daemon from /etc/rc.local (if your OS still supports it) to start it on system boot. For my setup, I copied the molly-brown binary file to `/usr/sbin`. I kept the config file at `/etc/molly.conf`. And I used the daemon tool to run it. `ps aux | grep molly` shows, for example ... `13115 daemon /usr/sbin/molly-brown` `13116 /usr/sbin/molly-brown` --- to stop: `kill 13115` to start: `daemon /usr/sbin/molly-brown` More about the Molly Brown server: > Support for "certificate zones", where access to certain paths is restricted to clients providing TLS certificates whose SHA256 fingerprints have been added to a list of approved fingerprints, analogous to SSH's authorized_keys file. ### Creating self-fined sever certs I did this on Jan 29, 2021, switching from using temporary certs from Let's Encrypt to using self-signed certs as recommended by Gemini users. When visiting sites with the Kristall Gemini browser, I have to revoke old certs often within Kristall, including with my own site. After revoking trust and refreshing the site, then all is good. With a self-signed cert set to expire years from now, this clunkiness won't occur. I used solderpunk's utility. => > A simple tool for creating self-signed certs for use in Geminispace. I did the following: `git clone https://tildegit.org/solderpunk/gemcert.git` `go build main.go` Since I didn't specify an output file for the executable, I renamed the executable. `mv main gemcert` Then I created the certs that have an expiration date of 10 years from now. `./gemcert --server --domain sawv.org --years 10` That created `sawv.org.crt` and `sawv.org.key` certs in the same location where I built and ran the executable. In my Gemini server directory, I created a directory called `certificates` where I copied the above certs. I modified my `/etc/molly.conf` file to point to the new certs. I stopped and restarted the molly-brown server. When I used Kristall to visit gemini://sawv.org, I had to revoke trust and refresh. The key type for sawv.org is now EC and not RSA. On Jan 29, 2021, I installed the latest version of the Molly Brown Gemini server. With the new self-signed certs, this is my current Molly Brown config file with the `HomDocBase` value set to "user" below, which is not what I use on my server. ``` Port = 1965 Hostname = "sawv.org" CertPath = "/home/gemini/certificates/sawv.org.crt" KeyPath = "/home/gemini/certificates/sawv.org.key" DocBase = "/home/gemini/docroot/" HomeDocBase = "user" AccessLog = "/var/log/molly/access.log" ErrorLog = "/var/log/molly/error.log" GeminiExt = "gmi" CGIPaths = [ "/home/gemini/docroot/cgi-bin/" ] [MimeOverrides] "atom.xml$" = "application/atom+xml" "rss.xml$" = "application/rss+xml" ".md$" = "text/markdown" ``` -30-