For privacy, a possible solution is to allow the masking of some bits of the client IP address. For instance:
log_mask = 48
And we log only the 48 first bits.
Also, when the request is logged, the source IP address is not present. Is it on purpose, to preserve the privacy of the client?
Yes, OK. Here is a possible systemd service file, if you want to include it in the distribution:
[Unit] Description=stargazer, Gemini server After=network.target [Service] Type=simple Restart=always RestartSec=5 User=gemini ExecStart=/usr/local/bin/stargazer -C /usr/local/etc/stargazer.ini # Without the following two options, everything is sent to systemd and retrievable with journalctl -t stargrazer #StandardOutput=file:/var/log/stargazer/output.log #StandardError=file:/var/log/stargazer/output.err [Install] WantedBy=multi-user.target
With the last version of stargazer (which apparently binds only on IPv6 when you give it
[::], it works, I can have both
[::]on the same port, which seems sensible to me. Thanks.
It would be a cool feature to be able to log the connections somewhere, either with syslog or by writing directly the file.
Yes, there is the key connection-logging but, when the server is launched without a terminal, for instance with systemd, it does not help.
It is not obvious but, if you use a non-standard port, the route must be configured just with the name of the capsule, not name:port. (Apparently, if you listen on two ports, you cannot have two different routes for these ports.)
[dns.gemini.bortzmeyer.org] root=/var/gemini scgi = on scgi-address = "localhost:9053"
Sorry, I was not clear: if the key is unknown, the error message is correct. If it is not appropriate at this place (for instance scgi=on), you get the wrong error message.
If, in a section, you put a key which is not known, the error message indicates the previous line (which is, here, perfectly legal):
% ./target/release/stargazer -C ../stargazer.ini ERROR - Error loading config file: ../stargazer.ini: Section `gemini.bortzmeyer.org` contains parameters that are either not allowed for this router type or known: root=/var/gemini
Yes, it is Linux. If I listen on IPv6 it works with both v4 and v6 but it is configurable. It is probably not because of Rust but it is a kernel choice, configurable with
sysctl net/ipv6/bindv6only. In my case (it is the default on Debian):
% cat /proc/sys/net/ipv6/bindv6only 0
This is why it works. This is a painful problem because it means the result of a given configuration file will depend on the system. I don't know for Rust but Go https://github.com/golang/go/issues/679 had a similar issue.