I have had this capsule for a long time now. Looking at the file timestamps,
over two and a half years. In that time, I have done several years of
university, including having to retake a partial differential equations course
several times (and I will need to take it again next year). I have also had an
idea or two for projects that could be hosted on gemini. Like, CGI games and
similar.
However, for that to work, I need a gemini server that actually supports CGI
stuff. Until today, I was using agate [1] to serve all this stuff. It is
certainly not difficult to set up, with me just needing to run the following
command every time I restarted the server to keep it running:
agate --hostname babiak.duckdns.org >>logs/agate.log 2>&1 &
=> [1] agate
And frankly, even that is not needed. Over the years, I have gathered 17
thousand lines of logging info in that file. I have never needed to look at it.
My current plans include getting rid of all the IP addresses from it, and maybe
looking at some statistics on which pages were visited the most. I expect my
gemlog index got the most hits, given I at least set up my browser to subscribe
to it to make sure it was working. So that should be a hit every time I launched
Lagrange, compared to me looking at some of my other stuff maybe once or twice a
year…
Anyway, that's not what I wanted to talk about. What I wanted to talk about, was
my moving over to the one and only Unsinkable Molly Brown.
Migrating was surprisingly easy. Sure, there's a few rough edges left here and
there (for instance, gemlog_two.sh now reports a mime type of
application/x-shellscript instead of text/x-shellscript), but for half an hour's
work, including documentation lookup, that's pretty good, in my opinion.
The first step, of course, was finding out where agate kept all its stuff, so
that molly could use it. After finding it's github page, I found it:
~ |--content | |--index.gmi | `--etc.gmi
`-- babiak.duckdns.org
|-- cert.der
`-- key.der
As I always ran agate in my home directory, as the default user ubuntu on my vps, this structure was in said home directory. Configuring molly brown to use these files was in theory, as simple as making the following config file:
CertPath = "/home/ubuntu/.certificates/babiak.duckdns.org/cert.pem"
KeyPath = "/home/ubuntu/.certificates/babiak.duckdns.org/key.pem"
DocBase = "/home/ubuntu/content"
AccessLog = "-"
ErrorLog = "-"
HostName = "babiak.duckdns.org"
You may notice that the cert and key files have different extensions. This is because they have different formats. Cert.der is an x509 certificate in DER format (at least, I think that those are the correct words), while key.der is an elliptic curve key in the same format. I have no idea what these words mean, but I did manage to find the right command to convert the certificate into PEM format quite easily:
openssl x509 -inform DER -in ~/.certificates/babiak.duckdns.org/cert.der -out \
~/.certificates/babiak.duckdns.org/cert.pem
However, regarding the key, file(1) said the following:
$ file ~/.certificates/babiak.duckdns.org/key.der
/home/ubuntu/.certificates/babiak.duckdns.org/key.der: data
I tried the same command as earlier, but got a strange error message. As I have already explained, the key is not using x509, but some kind of elliptic curve, or maybe RSA. I found this out by digging around in agate's github issues. Which algorithm was used by default was not specified, but neither ones mentioned matched the tab-completion of the openssl command, so I tried both of the options openssl listed that started with ec after trying RSA. In the end, the correct command was the following:
openssl ec -inform DER -in ~/.certificates/babiak.duckdns.org/key.der -out \
~/.certificates/babiak.duckdns.org/key.pem
text/geminiThis content has been proxied by September (ba2dc).