Setting up vger on FreeBSD
I did it! I put on my big boy pants and decided to set up a Gemini server.
"So," he thought to himself, "which server to choose."
tl;dr
If you want to get right to it: Install vger and stunnel via pkg, and scroll down to below where I say "let's start again with stunnel"
I would skip relayd unless you have experience with it.
vger
I chose vger for the fact that it appeared rather simple. It's not built for FreeBSD per se, but something built for OpenBSD seems to have a pretty good pedigree as far as I'm concerned. And I like compiled daemons; I find I have lots of issues with interpreted stuff.
I started off by doing what, you know, lots of people probably do, and followed the instructions. I thought I'd give things a go with vger and relayd.
They'e right in the FreeBSD pors tree, easy enough right?
Seems easy!
I started off by enabling inted in /etc/rc.conf:
Then, of course, I started inetd with: service start inetd
Realized then I'd need to edit inetd.conf to add some services. I followed the steps provided by vger:
We'll come back to this in a bit, but (spoiler alert), I don't think FreeBSD loved the syntax. So don't bother doing the step above.
relayd is more than I bargained for
I tried editing /usr/local/etc/relayd.conf to get it to listen on port 1965 and forward stuff in. Things got weird here. Apparently, relayd can do a whole lot of stuff, more than just encapsulting vger in TLS for Gemini. Too bad — everything I tried ended up resulting in errors. I probably should have read up more on relayd to have realized this wasn't the best option for me.
Womp womp.
Let's try again with stunnel
As Strong Bad once said, "Next, we'll draw a more different S." Or, in this case, a more different Stunnel.
First I said goodbye to relayd:
Then, you know, let's let the package manager do the heavy lifting:
(I forgot to check out the FAQ.)
Now, rather than complain about my many issues, here are the working steps I took:
- Made an inetd entry for stunnel to answer requests on port 1965
- Made a certificate
- Edited stunnel.conf to get it to pass along the data
inetd.conf, let's fix that and get stunnel running via inetd
OK, back to something I mentioned earlier: I don't think inetd liked the syntax I used from the vger documentation. I had to make a couple changes for that.
First, make a new service in /etc/services:
Then, edit inetd.conf referencing the services by name:
At some point I created vger a pseudo-user account (named vger). Now seems like a good time to make it if you haven't already.
If you skipped my steps of sadness above, make sure you start inetd. Add the following to /etc/rc.conf and then run: sudo service start inetd
Make a certificate
Doing the self-signed cert thing for now. While in the stunnel configuration director (/usr/local/etc/stunnel/):
Configuring stunnel
Here's the thing: I'm running stunnel from inetd. So unlike the many examples, you don't want to have a section for the service, you just want it at the root of the file. So comment out any other services and put this in at the end:
Making vger more silent
For some reason, vger sends messages to all terminals when I get a request. It's annoying, it blows away screen-based editors regularly.
I have a line in my /etc/syslog.conf file, that was included in the default FreeBSD setup, that omits certain syslog messages being generated from devd. It looks like this:
I updated it to prevent vger sending messages as daemon.emerg from logging everywhere.
It works!
This is one way to do it on FreeBSD, I'm sure there are many others.
In short, inetd starts stunnel. Stunnel reaches out to vger and tunnels the connection. All the rest is making sure you have valid certs and permissions and user accounts.
Updated:
Mon Aug 8 09:51:57 EDT 2022