Archives
/
gophi
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update README.md

Browse Source 
Signed-off-by: kim (grufwub) <grufwub@gmail.com>
master
kim (grufwub) 4 years ago
parent eac520031a
commit ee88bce8da
1 changed files with 48 additions and 75 deletions
Show Stats Download Patch File Download Diff File

123
README.md
Unescape Escape View File

@ -14,81 +14,88 @@ WARNING: the development branch is filled with lava, fear and capitalism.
# Features
- Built with concurrency and efficiency in mind.
- Built with security, concurrency and efficiency in mind.
- ZERO external dependencies.
- Security focused -- by default chroots to server directory and drops
privileges, though `-rootless` flag may be applied to skip these steps
(e.g. when running on a shared host).
- LRU file caching -- with user-controlled cache size, max cached file size
- LRU file caching with user-controlled cache size, max cached file size
and cache refresh frequency.
- Insert files within gophermaps, including automating reflowing of lines
longer than (user definable) page width.
- CGI-bin support with CGI 1.1 compliance.
- Executable gophermap support.
- Insert files with automated line reflowing, and inline shell script
output within gophermaps.
- Automatic replacement of `$hostname` or `$port` with the information of
the host the client is connecting to.
- Support for all commonly accepted item type characters (beyond just
RFC1436 support).
- Automatic replacement of `$hostname` or `$port` in gophermap lines with
current host information.
- User supplied footer text appended to gophermaps and directory listings.
- Item type characters beyond RFC 1436 standard (see below).
- Separate system and access logging with output and formatting options.
*Please note: previously, chrooting to server directory and dropping
privileges was supported by using Go C bindings. Unexpected circumstances
have not yet been witness... But as this is not officially supported due to
unexpected behaviour witnessed with `.Set{U,G}id()`, and there is a near 10 year
ongoing tracked issue (https://github.com/golang/go/issues/1435), I decided to
drop this feature for now. As soon as this patch gets merged I'll add
support: https://go-review.googlesource.com/c/go/+/210639
As a result of removing this, request sanitization has been majorly improved
and checks are in place to prevent running Gophor as root.
If you run into issues binding to a lower port number due to insufficient
permissions then there are a few alternatives:
- set process capabilities using utility like capsh:
https://linux.die.net/man/1/capsh
- use Docker (or some other solution) and configure port forwarding on the
host
- start gopher in it's own namespace in a chroot*
- Separate system and access logging with various output options (change
output location, change flags to include timestamps or include IPs with
access logs).
# Usage
```
gophor [args]
-root-dir Change server root directory.
-port Change server NON-TLS listening port.
-port Change server listening port.
-hostname Change server hostname (FQDN, used to craft dir
lists).
-bind-addr Change server bind-address (used in creating
socket).
-user Drop to supplied user's UID and GID permissions
before execution.
-env New-line separated list of environment variables
to use when executing cgi-bin, gophermaps, shell
commands.
-system-log Path to gophor system log file.
-access-log Path to gophor access log file.
-log-output Change log output type (disable|stderr|file)
-log-opts Comma-separated list of lop opts (timestamp|ip)
-cache-check Change file-cache freshness check frequency.
-cache-size Change max no. files in file-cache.
-cache-file-max Change maximum allowed size of a cached file.
-disable-cache Disable file caching.
-page-width Change page width used when formatting output.
-footer Change gophermap footer text (Unix new-line
separated lines).
-no-footer-separator Disable footer text line separator.
-restrict-files New-line separated list of regex statements
restricting files from showing in directory listing.
-description Change server description in generated caps.txt.
-admin-email Change admin email in generated caps.txt.
-geoloc Change geolocation in generated caps.txt.
-rootless Run without root privileges (no chroot, no privilege
drop, no restricted ports).
-version Print version string.
```
@ -143,12 +150,8 @@ Type | Treat as | Meaning
. | - | [SERVER ONLY] Last line -- stop processing gophermap default
* | - | [SERVER ONLY] Last line + directory listing -- stop processing
| | gophermap and end on a directory listing
= | - | [SERVER ONLY] Include subgophermap / regular file here. Prints
| | and formats file / gophermap in-place
Planned to be supported:
Type | Treat as | Meaning
$ | - | [SERVER ONLY] Execute shell command and print stdout here
= | - | [SERVER ONLY] Include or execute subgophermap, cgi-bin, regular
| | file or shell command stdout here
```
# Compliance
@ -219,49 +222,19 @@ Null port: `0`
Shortterm:
- Set default charset -- need to think about implementation here...
- Neaten codebase after recent RequestPath addition.
- Character encoding support
- Fix file cache only updating if main gophermap changes (but not sub files)
-- need to either rethink how we keep track of files, or rethink how
gophermaps are stored in memory.
Longterm:
- Finish inline shell scripting support -- current thinking is to only allow
during rootless operation.
- Rotating logs -- have a check on start for a file-size, rotate out if the
file is too large. Possibly checks during run-time too?
- Add last-mod-time to directory listings -- have global time parser
object, maybe separate out separate global instances of objects (e.g.
worker related, cache related, config related?)
- TLS support -- ~~requires a rethink of how we're passing port functions
generating gopher directory entries, also there is no definitive standard
for this yet~~ implemented these changes! figuring out gopher + TLS itself
though? no luck yet.
- Connection throttling + timeouts -- thread to keep track of list of
recently connected IPs. Keep incremementing connection count and only
remove from list when `lastIncremented` time is greater than timeout
- More closely follow GoLang built-in net/http code style for worker -- just
a neatness thing, maybe bring some performance improvements too and a
generally different way of approaching some of the solutions to problems we
have
- Rotating logs
# Please note
- Add last-mod-time to directory listings
During the initial writing phase the quality of git commit messages may be
low and many changes are likely to be bundled together at a time, just
because the pace of development right now is rather break-neck.
- TLS support
As soon as we reach a stable point in development, or if other people start
contributing issues or PRs, whichever comes first, this will be changed
right away.
- Connection throttling + timeouts
# Resources used

Write Preview
Loading…
Cancel
Save