From e649a976fa4d7bc3e70beda0576a8946ef38de4a Mon Sep 17 00:00:00 2001 From: alex Date: Sun, 25 Jan 2026 19:20:36 +0100 Subject: Add systemd-credential certificate loading and docs --- README.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index ed1393c..2a21b42 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,32 @@ `proxy.py` is a Gemini server that proxies all content to an http or https server. -## Notes +`proxy.py` loads certificates following the structure of Apache mod_md. + +## Providing the certificates via systemd credentials + +With `/etc/systemd/system/gemini-from-http.service`: + +``` +[Service] +LoadCredential=certificates:/etc/apache2/md/domains/ +ExecStart=.../proxy.py --certificates-from-credential certificates +PrivateUsers=self +``` + +Systemd injects the certificates to a private path than only `proxy.py` can read. +The injection is a one off, so you must restart the service to get updated certificates. + +## Providing the certificates manually + +To run `proxy.py` as a regular user, you can run the `package-mod-md-certs` script as root to copy the certificates to your user: ``` su -c ./package-mod-md-certs | tar x ``` +Then you can run: + ``` -./proxy.py domains/ +./proxy.py --certificates-from-path domains/ ``` -- cgit v1.2.3