Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clone this wiki locally
Gobby Dedicated Server
The libinfinity package, which is the library the core functionality of Gobby is based on, includes a dedicated Gobby server, which is called infinoted. It is included in the Windows installer at the Download page, and available in all major Linux distributions.
The instructions below target version 0.6 of the infinoted server, which is somewhat different from previous versions due to the introduced plugin infrastructure. For previous versions, please consult the old trac page. To find out which version you are using, see whether your executable binary is called
The infinoted server reads its configuration from a configuration file. The configuration file is searched at in the following directories, in order:
If there exist valid files at more than one locations, then settings in a file further down the list overwrite the corresponding option from a previously loaded file. On Windows, the location for the configuration files are
The location of the configuration file can also be overridden with the
--config-file command-line parameter. The format of the configuration file is known as GKeyFile format, which is very similar to
.ini files on Windows. The main program options must be given in the
[infinoted] group. All these options can also be overriden by command line argument with the same name. The following settings are recognized by infinoted:
- log-file: If set, write the server log to the given file, in addition to stderr.
- key-file: Specifies the path to the private key of the server for TLS.
certificate-file: Specifies the path to the server certificate. Can be the same as
key-fileif the key and certificate are present in the same file.
- certificate-chain: If the certificate file does not contain the chain to the root CA certificate, then this option can be used to specify another file that contains the rest of the certificate chain.
- port: The TCP port number to listen on for incoming connections. The default is port 6523.
security-policy: This setting can take one of the three values no-tls, allow-tls or require-tls. If no-tls is used, the
certificate-chainoptions are ignored and the server accepts only unsecured connections. If
require-tlsare used, then
certificate-filemust be set to point to the certificate to use for secure connections. While
allow-tlsstill allows clients to make an unsecure connection, the
require-tlsoption enforces the use of Transport Layer Security (TLS) for all connections. If TLS is enabled, infinoted automatically uses Perfect Forward Secrecy (PFS) as well. See the section Secure Connections below for more details on how to set up infinoted for secure connections.
root-directory: Points to a directory in which the infinoted server stores the directory tree. The directory is created if it does not exist. When the server is stopped, it makes sure that all documents are stored in this directory, so that when it is started again all data is available in the same state in which it was when the server was shut down. The format in which the files are saved is a custom XML format which not only stores the plain document text but also which user wrote what parts of the text. The default value is
plugins: A semicolon-separated list of additional plugins to load. The infinoted package ships with a number of additional plugins, and it also supports third-party plugins which enhance the server functionality. The plugin infrastructure is discussed the section Plugin Infrastructure below in more detail. The default value is
note-text, which loads one plugin called note-text that is responsible for handling text documents. When this value is changed to load additional plugins, the note-text plugin should always be included in the list of plugins.
- password: A password that has to be entered by clients before being allowed to connect to the server.
Below is an example of a simple infinoted configuration file.
[infinoted] key-file=/home/ck/infinoted-key.pem certificate-file=/home/ck/infinoted-cert.pem security-policy=require-tls
Command Line Parameters
All configuration options mentioned above can also be given on the command line. In that case they override the values read from the configuration files. In addition, the following command line parameters are available:
- --config-file: Specifies an alternative configuration file to load.
--create-key: Create a new 4096-bit RSA private key, and store it at the path given by the
--create-certificate: Create a new self-signed certificate that is valid for one year and signed with the key given in
key-file(possibly newly created, if
create-keyis also given). The certificate is stored at the path given by the
--plugin-parameter: Override a parameter of a plugin. This option can be given multiple times to override more than one parameter. The syntax is
plugin:key:value, where plugin is the name of the plugin for which to override a parameter,
keyis the name of the parameter to override and
valueis the new value for the parameter. See the Plugin Infrastructure section below for more details on plugins.
- --daemonize, -d: Run the server in the background.
- --kill-daemon, -D: Kill a running daemon and exit.
- --version, -v: Print version information and exit.
It is recommended to always use connections secured with Transport Layer Security (TLS), i.e. set the
security-policy setting to require-tls. There is no significant drawback in doing so, and all compatible Gobby versions support it. In order to use TLS, a private key and a certificate are needed. If your server does not already have a certificate, or if you want to use the server on your local machine, infinoted can create a simple self-signed certificate automatically. For this to happen, set the
certificate-file options to the location where the private key and the certificate should be stored. Then, run
infinoted-0.6 --create-key --create-certificate to create the private key and certificate. You can then press Ctrl+C to exit infinoted, and run it without the
--create-certificate options the next time.
While the certificate can be public, the corresponding private key should be kept secret and not be accessible by other persons. Gobby users will have to accept the self-signed certificate the first time they connect to the server (in a similar way as when connecting with SSH for the first time). Subsequent connections work without user interaction. A warning message will be shown to users when a server at the same address shows a different certificate and the first certificate has not yet expired.
The infinoted server can be extended with additional functionality provided by plugins. The
plugins configuration option (see the Configuration section) specifies what plugins are loaded. Plugins can have additional options that steer their behavior. Options for plugins are provided in an additional section in the configuration file which has the name of the corresponding plugin. An example is given in the following:
[infinoted] key-file=/home/ck/infinoted-key.pem certificate-file=/home/ck/infinoted-cert.pem security-policy=require-tls plugins=note-text;autosave;certificate-auth [autosave] interval=10 [certificate-auth] ca-list=/home/ck/infinoted-cert.pem accept-unauthenticated-clients=false
Plugin options can be overridden on the command line with the
--plugin-parameter option. One example would be
--plugin-parameter=autosave:interval:20 to set the autosave interval to 20 seconds, overriding the value
10 from the above configuration file.
Below is a list of available plugins with links to a description and available options. Instructions for developers how to create their own infinoted plugins can be found at this page.
The following plugins ship with the core infinoted distribution.
autosave: Save the documents periodically to the server's
- certificate-auth: Allow clients to authenticate themselves with client certificates.
- directory-sync: Periodically save a copy of the document tree in plain text format.
- document-stream: Provide a simple API to text and chat documents via unix domain sockets.
- linekeeper: Make sure there is always a fixed number of newlines at the end of the document.
- logging: Enable logging of additional events.
- note-chat: Add support for chat documents in the directory tree.
- note-text: Add support for text documents in the directory tree (default).
- record: Save recordings of text sessions as they happen, for later playback and debugging.
- traffic-logging: Write out all ingoing and outgoing traffic in unencrypted format, for debugging.
- transformation-protection: Protect the server from malicious client requests or extremly lagging clients.