App-phoebe
view release on metacpan or search on metacpan
script/phoebe view on Meta::CPAN
echo "Welcome to the wiki!" > test.txt
echo "Please be kind." >> test.txt
perl5/bin/titan --url=titan://localhost/raw/Welcome --token=hello test.txt
You should get a nice redirect message, with an appropriate date.
30 gemini://localhost:1965/page/Welcome
You can check the page, now (replacing the appropriate date):
perl5/bin/gemini gemini://localhost:1965/page/Welcome
You should get back a page that starts as follows:
20 text/gemini; charset=UTF-8
Welcome to the wiki!
Please be kind.
Yay! ðŸ˜ðŸŽ‰ 🚀🚀
If you have a bunch of Gemtext files in a directory, you can upload them all in
one go:
titan --url=titan://localhost/ --token=hello *.gmi
=head2 Image uploads
OK, how do image uploads work? First, we need to specify which MIME types Phoebe
accepts. The files are going to be served back with that MIME type, so even if
somebody uploads an executable and claim it's an image, other people's clients
will treat it as an image instead of executing it (one hopes!) – so let's start
with a list of common MIME types.
=over
=item * C<image/jpeg> is for photos (usually with the C<jpg> extension)
=item * C<image/png> is for graphics (usually with the C<png> extension)
=item * C<audio/mpeg> is for sound (usually with the C<mp3> extension)
=back
Let's continue using the setup we used for the L</Quickstart> section. Restart
the server and allow photos:
perl5/bin/phoebe --wiki_mime_type=image/jpeg
Upload the image using the C<titan> script:
perl5/bin/titan --url=titan://localhost:1965/jupiter.jpg \
--token=hello Pictures/Planets/Juno.jpg
You should get back a redirect to the uploaded image:
30 gemini://localhost:1965/file/jupiter.jpg
How did the C<titan> script know the MIME-type to use for the upload? If you
don't specify a MIME-type using C<--mime>, the C<file> utility is called to
guess the MIME type of the file.
Test it:
file --mime-type --brief Pictures/Planets/Juno.jpg
The result is the MIME-type we enabled for our wiki:
image/jpeg
Here's what happens when you're trying to upload an unsupported MIME-type:
titan --url=titan://localhost:1965/earth.png \
--token=hello Pictures/Planets/Earth.png
What you get back explains the problem:
59 This wiki does not allow image/png
In order to allow such graphics as well, you need to restart Phoebe:
phoebe --wiki_mime_type=image/jpeg --wiki_mime_type=image/png
Except that in my case, the image is too big:
59 This wiki does not allow more than 100000 bytes per page
I could scale it down before I upload the image, using C<convert> (which is part
of ImageMagick):
convert -scale 20% Pictures/Planets/Earth.png earth-small.png
Try again:
titan --url=titan://localhost:1965/earth.png \
--token=hello earth-small.png
Alternatively, you can increase the size limit using the
C<--wiki_page_size_limit> option, but you need to restart Phoebe:
phoebe --wiki_page_size_limit=10000000 \
--wiki_mime_type=image/jpeg --wiki_mime_type=image/png
Now you can upload about 10MB…
=head2 Using systemd
Systemd is going to handle daemonisation for us. There's more documentation
available online.
L<https://www.freedesktop.org/software/systemd/man/systemd.service.html>.
Basically, this is the template for our service:
[Unit]
Description=Phoebe
After=network.target
[Service]
Type=simple
WorkingDirectory=/home/phoebe
ExecStart=/home/phoebe/phoebe
Restart=always
script/phoebe view on Meta::CPAN
=item * C<--wiki_dir> is the wiki data directory to use; the default is either
the value of the C<PHOEBE_DATA_DIR> environment variable, or the "./wiki"
subdirectory
=item * C<--wiki_space> adds an extra space that acts as its own wiki; a
subdirectory with the same name gets created in your wiki data directory
and thus you shouldn't name spaces like any of the files and directories
already there (see L</FILES>); not that settings such as
C<--wiki_page> and C<--wiki_main_page> apply to all spaces, but the page
content will be different for every wiki space
=item * C<--cert_file> is the certificate PEM file to use; the default is
F<cert.pem>
=item * C<--key_file> is the private key PEM file to use; the default is
F<key.pem>
=item * C<--log_level> is the log level to use (C<fatal>, C<error>, C<warn>,
C<info>, C<debug>); the default is C<warn>
=item * C<--log_file> is the log file to use; the default is undefined, which
means that STDERR is used
=back
=head2 UPLOADS
If you allow uploads of binary files, these are stored separately from the
regular pages; the wiki doesn't keep old revisions of files around. If somebody
overwrites a file, the old revision is gone.
You definitely don't want random people uploading all sorts of images, videos
and binaries to your server. Make sure you set up those L<tokens|/Security>
using C<--wiki_token>!
=head1 NOTES
=head2 Security
The server uses "access tokens" to check whether people are allowed to edit
files. You could also call them "passwords", if you want. They aren't associated
with a username. You set them using the C<--wiki_token> option. By default, the
only password is "hello". That's why the Titan command above contained
"token=hello". 😊
If you're going to check up on your wiki often (daily!), you could just tell
people about the token on a page of your wiki. Spammers would at least have to
read the instructions and in my experience the hardly ever do.
You could also create a separate password for every contributor and when they
leave the project, you just remove the token from the options and restart
Phoebe. They will no longer be able to edit the site.
=head2 Privacy
The server only actively logs changes to pages. It calculates a "code" for every
contribution: it is a four digit octal code. The idea is that you could colour
every digit using one of the eight standard terminal colours and thus get little
four-coloured flags.
This allows you to make a pretty good guess about edits made by the same person,
without telling you their IP numbers.
The code is computed as follows: the IP numbers is turned into a 32bit number
using a hash function, converted to octal, and the first four digits are the
code. Thus all possible IP numbers are mapped into 8â´=4096 codes.
If you increase the log level, the server will produce more output, including
information about the connections happening, like C<2020/06/29-15:35:59 CONNECT
SSL Peer: "[::1]:52730" Local: "[::1]:1965"> and the like (in this case C<::1>
is my local address so that isn't too useful but it could also be your visitor's
IP numbers, in which case you will need to tell them about it using in order to
comply with the
L<GDPR|https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>.
=head1 EXAMPLE
Here's an example for how to start Phoebe. It listens on C<localhost> port 1965,
adds the "Welcome" and the "About" page to the main menu, and allows editing
using one of two tokens.
phoebe \
--wiki_token=Elrond \
--wiki_token=Thranduil \
--wiki_page=Welcome \
--wiki_page=About
Here's what my F<phoebe.service> file actually looks like:
[Unit]
Description=Phoebe
After=network.target
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
WorkingDirectory=/home/alex/farm
Restart=always
User=alex
Group=ssl-cert
MemoryMax=100M
MemoryHigh=90M
ExecStart=/home/alex/src/phoebe/script/phoebe \
--port=1965 \
--log_level=debug \
--wiki_dir=/home/alex/phoebe \
--host=transjovian.org \
--cert_file=/var/lib/dehydrated/certs/transjovian.org/fullchain.pem \
--key_file=/var/lib/dehydrated/certs/transjovian.org/privkey.pem \
--host=toki.transjovian.org \
--cert_file=/var/lib/dehydrated/certs/transjovian.org/fullchain.pem \
--key_file=/var/lib/dehydrated/certs/transjovian.org/privkey.pem \
--host=vault.transjovian.org \
--cert_file=/var/lib/dehydrated/certs/transjovian.org/fullchain.pem \
--key_file=/var/lib/dehydrated/certs/transjovian.org/privkey.pem \
--host=communitywiki.org \
--cert_file=/var/lib/dehydrated/certs/communitywiki.org/fullchain.pem \
--key_file=/var/lib/dehydrated/certs/communitywiki.org/privkey.pem \
--host=alexschroeder.ch \
--cert_file=/var/lib/dehydrated/certs/alexschroeder.ch/fullchain.pem \
--key_file=/var/lib/dehydrated/certs/alexschroeder.ch/privkey.pem \
script/phoebe view on Meta::CPAN
package App::Phoebe;
use Modern::Perl;
our ($server);
$server->{wiki_token} = [];
This code simply deactivates the token list. No more tokens!
=head2 Virtual Hosting
Sometimes you want have a machine reachable under different domain names and you
want each domain name to have their own wiki space, automatically. You can do
this by using multiple C<--host> options.
Here's a simple, stand-alone setup that will work on your local machine. These
are usually reachable using the IPv4 C<127.0.0.1> or the name C<localhost>. The
following command tells Phoebe to serve both C<127.0.0.1> and C<localhost>
(the default is to just serve C<localhost>).
phoebe --host=127.0.0.1 --host=localhost
Visit both at L<gemini://localhost/> and L<gemini://127.0.0.1/>, and create a
new page in each one, then examine the data directory F<wiki>. You'll see both
F<wiki/localhost> and F<wiki/127.0.0.1>.
If you're using more wiki spaces, you need to prefix them with the respective
hostname if you use more than one:
phoebe --host=127.0.0.1 --host=localhost \
--wiki_space=127.0.0.1/alex --wiki_space=localhost/berta
In this situation, you can visit L<gemini://127.0.0.1/>,
L<gemini://127.0.0.1/alex/>, L<gemini://localhost/>, and
L<gemini://localhost/berta/>, and they will all be different.
If this is confusing, remember that not using virtual hosting and not using
spaces is fine, too. 😀
=head2 Multiple Certificates
If you're using virtual hosting as discussed above, you have two options: you
can use one certificate for all your hostnames, or you can use different
certificates for the hosts. If you want to use just one certificate for all your
hosts, you don't need to do anything else. If you want to use different
certificates for different hosts, you have to specify them all on the command
line. Generally speaking, use C<--host> to specifiy one or more hosts, followed
by both C<--cert_file> and C<--key_file> to specifiy the certificate and key to
use for the hosts.
For example:
phoebe --host=transjovian.org \
--cert_file=/var/lib/dehydrated/certs/transjovian.org/cert.pem \
--key_file=/var/lib/dehydrated/certs/transjovian.org/privkey.pem \
--host=alexschroeder.ch \
--cert_file=/var/lib/dehydrated/certs/alexschroeder.ch/cert.pem \
--key_file=/var/lib/dehydrated/certs/alexschroeder.ch/privkey.pem
=head1 SEE ALSO
As you might have guessed, the system is easy to tinker with, if you know some
Perl. The Transjovian Council has a wiki space dedicated to Phoebe, and it
includes a section with more configuration examples.
See L<gemini://transjovian.org/> or L<https://transjovian.org:1965/>.
=head1 LICENSE
GNU Affero General Public License
=cut
use App::Phoebe qw($log $server host_regex handle_request get_ip_numbers);
use Modern::Perl '2018';
use File::Slurper qw(read_dir);
use Encode qw(decode);
use Encode::Locale;
use IO::Socket::SSL;
use Mojo::IOLoop;
use Getopt::Long;
use Pod::Text;
use utf8;
use B;
# Some of these need to be decoded (hostnames, pagenames).
GetOptions(
$server,
'help' => \&help,
'log_level=s' => sub { $log->level($_[1]), },
'log_file=s' => sub { $log->path($_[1]) },
'cert_file=s' => \&host_setup,
'key_file=s' => \&host_setup,
'host=s' => \&host_setup,
'port=i@', # same ports for all hosts!
'wiki_dir=s',
'wiki_space=s@' => \&utf8_list_item,
'wiki_token=s@' => \&utf8_list_item,
'wiki_page=s@' => \&utf8_list_item,
'wiki_main_page=s' => \&utf8_item,
'wiki_mime_type=s@',
'wiki_page_size_limit=i')
or die("Error in command line arguments\n");
sub utf8_list_item { my ($key, $value) = @_; push(@{$server->{$key}}, decode(locale => $value)) };
sub utf8_item { my ($key, $value) = @_; $server->{$key} = decode(locale => $value) };
{
# use a block so that these variables stay local
my ($cert_file, $key_file, @host);
sub host_setup {
my ($opt, $val) = @_;
if ($opt eq 'host') {
push @host, decode(locale => $val);
return;
};
die "$val does not exist\n" unless -f $val;
if ($opt eq 'cert_file') { $cert_file = $val }
elsif ($opt eq 'key_file') { $key_file = $val }
if ($cert_file and $key_file) {
if (not @host) {
$server->{host}->{'localhost'} = 1;
( run in 1.380 second using v1.01-cache-2.11-cpan-39bf76dae61 )