misc/mycorrhiza/pkg/README (view raw)
1+-------------------------------------------------------------------------------
2| Running ${PKGSTEM} on OpenBSD
3+-------------------------------------------------------------------------------
4
5Initial setup
6=============
7
8Mycorrhiza expects to be fronted by a TLS terminating proxy. By default it is
9listening on localhost:1737.
10
11httpd(8)
12--------
13
14# httpd.conf(5)
15server "mycorrhiza.example.com" {
16 listen on * port http
17 location "/.well-known/acme-challenge/*" {
18 root "/acme"
19 request strip 2
20 }
21 location "*" {
22 block return 302 "https://$HTTP_HOST$REQUEST_URI"
23 }
24}
25
26mycorrhiza# rcctl enable httpd
27mycorrhiza# rcctl start httpd
28
29acme-client(1)
30--------------
31
32# acme-client.conf(5)
33domain mycorrhiza.example.com {
34 domain key "${SYSCONFDIR}/ssl/private/mycorrhiza.example.com.key"
35 domain full chain cerificate "${SYSCONFDIR}/ssl/mycorrhiza.example.com.crt"
36 sign with letsencrypt
37}
38
39mycorrhiza# acme-client -v mycorrhiza.example.com
40
41relayd(8)
42---------
43
44# relayd.conf(5)
45ext_ip="123.45.67.89"
46ext_ip6="1234:5678:dead:beef"
47mycorrhiza_port="1737"
48table <mycorrhiza> { 127.0.0.1 ::1 }
49
50http protocol https {
51 match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
52 match request header append "X-Forwarded-By" \
53 value "$SERVER_ADDR:$SERVER_PORT"
54 match request header set "Connection" value "close"
55
56 match request header "Host" value "mycorrhiza.*" forward to <mycorrhiza>
57
58 tcp { sack, backlog 128 }
59 tls keypair mycorrhiza.example.com
60}
61relay https {
62 listen on $ext_ip port https tls
63 listen on $ext_ip6 port https tls
64 protocol https
65 forward to <mycorrhiza> port $mycorrhiza_port check tcp
66}
67
68mycorrhiza# rcctl enable relayd
69mycorrhiza# rcctl start relayd
70
71Setup
72=====
73
74See ${HOMEPAGE} for details about configuration and deployment.
75Be sure to set up proper authentication.
76By default wiki will be created in ${LOCALSTATEDIR}/mycorrhiza,
77but you can change that by setting daemon flags with rcctl(8).
78
79mycorrhiza# rcctl set mycorrhiza flags '/some/other/wiki/dir'
80
81Enable and start the daemon.
82
83mycorrhiza# rcctl enable mycorrhiza
84mycorrhiza# rcctl start mycorrhiza
85
86Wiki will be available at https://mycorrhiza.example.com