waldek
/
jetforce
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.md

This commit is contained in:
Michael Lazar 2020-05-24 01:00:20 -04:00 committed by GitHub
parent ea05ff7531
commit 5b118b7581
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -104,9 +104,8 @@ $ openssl req -newkey rsa:2048 -nodes -keyout {hostname}.key \
``` ```
Jetforce also supports TLS client certificates (both self-signed and CA verified). Jetforce also supports TLS client certificates (both self-signed and CA verified).
Connections made with a client certificate will have additional metadata included Requests that are made with client certificates will include additional
in the request environment. ``REMOTE_USER`` will contain the subject common name, CGI/environment variables with information about the TLS connection.
and ``TLS_CLIENT_HASH`` will contain a fingerprint that can be used for TOFU pinning.
You can specify a CA for client validation with the ``--tls-cafile`` or ``--tls-capath`` You can specify a CA for client validation with the ``--tls-cafile`` or ``--tls-capath``
flags. Connections validated by the CA will have the ``TLS_CLIENT_VERIFIED`` environment flags. Connections validated by the CA will have the ``TLS_CLIENT_VERIFIED`` environment
@ -116,13 +115,11 @@ this readme, but you can find many helpful tutorials
### Static Files ### Static Files
Jetforce will serve static files in the ``/var/gemini/`` directory: Jetforce will, by default, serve static files in the ``/var/gemini/`` directory.
Files ending with **.gmi** will be interpreted as the *text/gemini* mime type. If
- Files ending with **.gmi** will be interpreted as the *text/gemini* type a directory is requested, jetforce will look for a file named **index.gmi** in that
- If a directory is requested, jetforce will look for a file in that directory directory to return. Otherwise, a directory file listing will be automatically
with the name of **index.gmi** generated.
- If it exists, the index file will be returned
- Otherwise, jetforce will generate a directory listing
### CGI Scripts ### CGI Scripts
@ -212,10 +209,10 @@ journalctl -u jetforce -f
*WARNING* *WARNING*
The internet can be a scary place. You (yes you!) are responsible for securing your You are exposing a server to the internet. You (yes you!) are responsible for
server and setting up appropriate access permissions. This likely means *not* securing your server and setting up appropriate access permissions. This likely means
running jetforce as the root user. Security best practices are outside of the scope *not* running jetforce as the root user. Security best practices are outside of the
of this document and largely depend on your individual threat model. scope of this document and largely depend on your individual threat model.
## License ## License