diff options
author | sternenseemann <sternenseemann@systemli.org> | 2021-03-16 15:54:41 +0000 |
---|---|---|
committer | sternenseemann <sternenseemann@systemli.org> | 2021-03-16 15:54:41 +0000 |
commit | 8f8cd7ed22e4d3cf5ceacd9c698eed32beca978d (patch) | |
tree | 209bb4bbede46555d8a05a37faef1b154bdeea86 | |
parent | 8e04f7a034f242d2015dd7fd8013a6a3ccbf5239 (diff) |
Deploying to gh-pages from @ sternenseemann/spacecookie@73aece8c0a080af88533c4418f693a892daadf57 🚀
-rw-r--r-- | spacecookie-gophermap.5.html | 2 | ||||
-rw-r--r-- | spacecookie.1.html | 36 | ||||
-rw-r--r-- | spacecookie.json.5.html | 17 |
3 files changed, 30 insertions, 25 deletions
diff --git a/spacecookie-gophermap.5.html b/spacecookie-gophermap.5.html index 26e9d7a..14a5512 100644 --- a/spacecookie-gophermap.5.html +++ b/spacecookie-gophermap.5.html @@ -175,7 +175,7 @@ The <code class="Nm">spacecookie-gophermap</code> documentation has been written </div> <table class="foot"> <tr> - <td class="foot-date">March 15, 2021</td> + <td class="foot-date">March 16, 2021</td> <td class="foot-os">NixOS</td> </tr> </table> diff --git a/spacecookie.1.html b/spacecookie.1.html index e2fe08d..7a9c094 100644 --- a/spacecookie.1.html +++ b/spacecookie.1.html @@ -86,18 +86,28 @@ <code class="Nm">spacecookie</code> on demand only and reducing the load on server startup. Additionally it means that the daemon doesn't ever need to be started as root because it won't need to setup a socket bound to a - well-known port. A thing to watch out for is to make sure that the settings - in <a class="Xr" href="./spacecookie.json.5.html">spacecookie.json(5)</a> - match the settings in the - <a class="Xr" href="https://manpages.debian.org/unstable/systemd.socket.5.en.html">systemd.socket(5)</a> - file: Specifically in ‘<code class="Li">listen</code>’, - ‘<code class="Li">port</code>’ needs to match the settings in - the systemd configuration while ‘<code class="Li">addr</code>’ - won't have any effect. As always - ‘<code class="Li">hostname</code>’ has to be configured - correctly as well. <code class="Nm">spacecookie</code> doesn't run any - sanity checks comparing the socket from systemd with information from the - configuration (yet).</p> + well-known port.</p> +<p class="Pp">Mind the following points when configuring socket activation:</p> +<ul class="Bl-bullet"> + <li>The port set in the + <a class="Xr" href="https://manpages.debian.org/unstable/systemd.socket.5.en.html">systemd.socket(5)</a> + file must match the port configured in + <a class="Xr" href="./spacecookie.json.5.html">spacecookie.json(5)</a>.</li> + <li>The socket set up by + <a class="Xr" href="https://manpages.debian.org/unstable/systemd.1.en.html">systemd(1)</a> + must use the IPv6 address family and the TCP protocol. It is recommended + to always set ‘<code class="Li">BindIPv6Only=both</code>’ in + <a class="Xr" href="https://manpages.debian.org/unstable/systemd.socket.5.en.html">systemd.socket(5)</a>. + To listen on an IPv4 address only, you can use an IPv6 socket with a + mapped IPv4 address.</li> + <li>As always the <b class="Sy">hostname</b> setting must match the public + address or hostname the socket is listening on.</li> +</ul> +<p class="Pp">Make sure to check your socket configuration settings carefully + since <code class="Nm">spacecookie</code> doesn't run any sanity checks on + the socket received from + <a class="Xr" href="https://manpages.debian.org/unstable/systemd.1.en.html">systemd(1)</a> + yet.</p> <p class="Pp">An example <a class="Xr" href="https://manpages.debian.org/unstable/systemd.service.5.en.html">systemd.service(5)</a> and @@ -154,7 +164,7 @@ By default, <code class="Nm">spacecookie</code> always behaves like a gopher </div> <table class="foot"> <tr> - <td class="foot-date">March 15, 2021</td> + <td class="foot-date">March 16, 2021</td> <td class="foot-os">NixOS</td> </tr> </table> diff --git a/spacecookie.json.5.html b/spacecookie.json.5.html index bfb4085..f3562da 100644 --- a/spacecookie.json.5.html +++ b/spacecookie.json.5.html @@ -95,8 +95,8 @@ The following settings are optional, meaning there is either a default value or listen on since it listens on all available addresses for incoming requests by default, i. e. <b class="Sy">INADDR_ANY</b>. For example, ‘<code class="Li">::1</code>’ can be used to listen on - the link-local addresses only. This is especially useful if you are - setting up a onion service using + the link-local addresses only which comes in handy if you are setting + up a onion service using <a class="Xr" href="https://manpages.debian.org/unstable/tor.1.en.html">tor(1)</a> and want to avoid leaking the server's identity. <p class="Pp">When given, @@ -131,11 +131,6 @@ The following settings are optional, meaning there is either a default value or socket activation. See the <a class="Xr" href="./spacecookie.1.html">spacecookie(1)</a> man page for details on setting this up. - <p class="Pp">Warning: Errors related to switching user are not fatal, - <a class="Xr" href="./spacecookie.1.html">spacecookie(1)</a> will only - log a warning if the - <a class="Xr" href="https://manpages.debian.org/unstable/setuid.2.en.html">setuid(2)</a> - call fails.</p> <p class="Pp">Type: string. Default: ‘<code class="Li">null</code>’.</p> </dd> @@ -209,9 +204,9 @@ The following configuration equates to the default behavior of </pre> </div> <p class="Pp">This configuration is suitable for running as an onion service: It - disables logging completely to not collect any kind of meta data about - user's and only listens on the link-local address to avoid leaking its - identity. We can also use a non-well-known port since + disables logging completely to not collect any kind of meta data about users + and only listens on the link-local address to avoid leaking its identity. We + can also use a non-well-known port since <a class="Xr" href="https://manpages.debian.org/unstable/tor.1.en.html">tor(1)</a> allows free mapping from local to exposed ports, so <a class="Xr" href="./spacecookie.1.html">spacecookie(1)</a> can be started @@ -265,7 +260,7 @@ The <code class="Nm">spacecookie.json</code> documentation has been written by </div> <table class="foot"> <tr> - <td class="foot-date">March 15, 2021</td> + <td class="foot-date">March 16, 2021</td> <td class="foot-os">NixOS</td> </tr> </table> |