more small improvements for the quickstart

author: Omar Polo <op@omarpolo.com> 2021-10-13 20:52:19 +0000
committer: Omar Polo <op@omarpolo.com> 2021-10-13 20:52:19 +0000
commit: 33c4c3a5ba6331d7140be52dc3a4612abc07694d (patch)
tree: d38cacce8f230482403cb7b47b2ebad5e20b8189 /site
parent: 2ae10bb4ee41cd16a6f2abdb6196ab515818aa32 (diff)
2 files changed, 31 insertions, 14 deletions
diff --git a/site/quickstart.gmi b/site/quickstart.gmi
index 61e3f64..95bbd29 100644
--- a/site/quickstart.gmi
+++ b/site/quickstart.gmi
@@ -27,13 +27,15 @@ To run gmid in daemon mode a configuration file is needed.  The format of the co
 # /etc/gmid.conf
 
 server "example.com" {
-	cert "/path/to/certificate"
-	key  "/path/to/private-key"
+	cert "/etc/ssl/example.com.pem"
+	key  "/etc/ssl/private/example.com.key"
+
+	# path to the root directory of your capsule
 	root "/var/gemini/example.com"
 }
 ```
 
-You also need to generate a certificate for the capsule.  A X.509 (TLS) certificate can be generated for e.g. with contrib/gencert
+A certificate is needed for the capsule.  Generate one for e.g. using contrib/gencert:
 
 => https://git.omarpolo.com/gmid/tree/contrib/gencert contrib/gencert
 
@@ -50,9 +52,16 @@ Generated files:
         ./example.com.key : private key
 ```
 
-Optionally, move ‘example.com.pem’ and ‘example.com.key’ to another location.
+Move ‘example.com.pem’ and ‘example.com.key’ to a safe place and double check that the ‘cert’ and ‘key’ options in the configuration points to these files.
 
-Make sure that the ‘cert’ and ‘key’ options in the configuration file points to these files.
+For example, save them in ‘/etc/ssl/’ (as root)
+
+```how to save the certificate and private key in /etc/ssl
+# mkdir -p /etc/ssl/private
+# chown 700 /etc/ssl/private
+# mv example.com.pem /etc/ssl/
+# mv example.com.key /etc/ssl/private/
+```
 
 Then running gmid is as easy as
 
@@ -67,7 +76,7 @@ Congratulations, your capsule is online!
 
 gmid employs various techniques to prevent the damage caused by bugs, but some steps needs to be done manually.
 
-If gmid was installed from your distribution package manager, chance are that it already does all of this and is also providing a service to run gmid automatically (e.g. a systemd unit file, a rc script, …)  Otherwise, it’s heavily suggested to create at least a dedicated user.
+If gmid was installed from your distribution package manager, chance are that it already does all of this and is also providing a service to run gmid automatically (e.g. a rc script, a systemd unit file, …)  Otherwise, it’s heavily suggested to create at least a dedicated user.
 
 
 ### A dedicated user
diff --git a/site/quickstart.html b/site/quickstart.html
index 470db03..ded73b3 100644
--- a/site/quickstart.html
+++ b/site/quickstart.html
@@ -158,13 +158,15 @@
     <pre># /etc/gmid.conf
 
 server "example.com" {
-	cert "/path/to/certificate"
-	key  "/path/to/private-key"
+	cert "/etc/ssl/example.com.pem"
+	key  "/etc/ssl/private/example.com/key"
+
+	# path to the root directory of your capsule
 	root "/var/gemini/example.com"
 }</pre>
     <p>
-      You also need to generate a certificate for the capsule.  A
-      X.509 (TLS) certificate can be generated for e.g. with
+      A certificate is needed for the capsule.  Generate one for
+      e.g. using
       <a href="https://git.omarpolo.com/gmid/tree/contrib/gencert">contrib/gencert</a>:
     </p>
     <pre>$ ./contrib/gencert example.com
@@ -178,9 +180,15 @@ Generated files:
         ./example.com.pem : certificate
         ./example.com.key : private key</pre>
     <p>
-      Optionally, move ‘example.com.pem’ and ‘example.com.key’ to
-      another location.
+      Move ‘example.com.pem’ and ‘example.com.key’ to a safe place and
+      double check that the ‘cert’ and ‘key’ options in the
+      configuration points to these files.
     </p>
+    <p>For example, save them in ‘/etc/ssl/’ (as root)</p>
+    <pre># mkdir -p /etc/ssl/private
+# chown 700 /etc/ssl/private
+# mv example.com.pem /etc/ssl/
+# mv example.com.key /etc/ssl/private/</pre>
     <p>
       Make sure that the ‘cert’ and ‘key’ options in the configuration
       file points to these files.
@@ -196,8 +204,8 @@ Generated files:
     <p>
       If gmid was installed from your distribution package manager,
       chance are that it already does all of this and is also
-      providing a service to run gmid automatically (e.g. a systemd
-      unit file, a rc script, …)  Otherwise, it’s heavily suggested to
+      providing a service to run gmid automatically (e.g. a rc script,
+      a systemd unit file …)  Otherwise, it’s heavily suggested to
       create at least a dedicated user.
     </p>
     <h3>A dedicated user</h3>
author	Omar Polo <op@omarpolo.com>	2021-10-13 20:52:19 +0000
committer	Omar Polo <op@omarpolo.com>	2021-10-13 20:52:19 +0000
commit	33c4c3a5ba6331d7140be52dc3a4612abc07694d (patch)
tree	d38cacce8f230482403cb7b47b2ebad5e20b8189 /site
parent	2ae10bb4ee41cd16a6f2abdb6196ab515818aa32 (diff)