StrongRandom Notes, cheatsheets, random numbers.

Gemini Server, OpenBSD

1 min read howto

vger is in OpenBSD ports, so let’s use that.

pkg_add vger

cat << EOF > /etc/inetd.conf
127.0.0.1:11965 stream tcp nowait _vger /usr/local/bin/vger vger
EOF

cat <<EOF > /etc/relayd.conf
log connection

tcp protocol "gemini" {
   tls keypair strongrandom.com
}

relay "gemini" {
    listen on 0.0.0.0 port 1965 tls
    protocol "gemini"
    forward to 127.0.0.1 port 11965
}
EOF

# SEE NOTES BELOW
cd /etc/ssl
ln -s strongrandom.com.fullchain.pem strongrandom.com.crt

rcctl enable relayd inetd
rcctl start relayd inetd

If you are using Let’s Encrypt and acme-client(1), this configuration can share that certificate.

Symlink your certificate so that relayd(8) can find it as shown above. Your certificate will hopefully have a different name, so don’t just cut-and-paste that section.

If you are using the example cron job in acme-client(1), be sure to restart relayd(8) as well.

Be sure and open tcp/1965 in your firewall configuration.

Success! gemini://strongrandom.com