all repos — ports @ ec0cb2e44bd958e8229ba11af827448a4c251f78

collection of ports for openbsd

misc/mycorrhiza/pkg/README (view raw)

 1+-------------------------------------------------------------------------------
 2| Running ${PKGSTEM} on OpenBSD
 3+-------------------------------------------------------------------------------
 4
 5Initial setup
 6=============
 7
 8Mycorrhiza expects to be fronted by a TLS terminating proxy. By default it is 
 9listening on localhost:1737.
10
11httpd(8)
12--------
13
14# httpd.conf(5)
15server "mycorrhiza.example.com" {
16	listen on * port http
17	location "/.well-known/acme-challenge/*" {
18		root "/acme"
19		request strip 2
20	}
21	location "*" {
22		block return 302 "https://$HTTP_HOST$REQUEST_URI"
23	}
24}
25
26mycorrhiza# rcctl enable httpd
27mycorrhiza# rcctl start httpd
28
29acme-client(1)
30--------------
31
32# acme-client.conf(5)
33domain mycorrhiza.example.com {
34	domain key "${SYSCONFDIR}/ssl/private/mycorrhiza.example.com.key"
35	domain full chain cerificate "${SYSCONFDIR}/ssl/mycorrhiza.example.com.crt"
36	sign with letsencrypt
37}
38
39mycorrhiza# acme-client -v mycorrhiza.example.com
40mycorrhiza# acme-client -v mycorrhiza.example.com
41
42relayd(8)
43---------
44
45# relayd.conf(5)
46ext_ip="123.45.67.89"
47ext_ip6="1234:5678:dead:beef"
48mycorrhiza_port="1737"
49table <mycorrhiza> { 127.0.0.1 ::1 }
50
51http protocol https {
52	match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
53	match request header append "X-Forwarded-By" \
54		value "$SERVER_ADDR:$SERVER_PORT"
55	match request header set "Connection" value "close"
56
57	match request header "Host" value "mycorrhiza.*" forward to <mycorrhiza>
58
59	tcp { sack, backlog 128 }
60	tls keypair mycorrhiza.example.com
61}
62relay https {
63	listen on $ext_ip port https tls
64	listen on $ext_ip6 port https tls
65	protocol https
66	forward to <mycorrhiza> port $mycorrhiza_port check tcp
67}
68
69mycorrhiza# rcctl enable relayd
70mycorrhiza# rcctl start relayd
71
72Setup
73=====
74
75See ${HOMEPAGE} for details about configuration and deployment.
76Be sure to set up proper authentication.
77Set desired wiki name in ${RCDIR}/mycorrhiza (daemon_flags variable).
78
79mycorrhiza# mkdir ${VARBASE}/mycorrhiza
80mycorrhiza# cd ${VARBASE}/mycorrhiza
81mycorrhiza# mycorrhiza .
82mycorrhiza# chown -R _mycorrhiza:_mycorrhiza ${VARBASE}/mycorrhiza
83
84mycorrhiza# rcctl enable mycorrhiza
85mycorrhiza# rcctl start mycorrhiza
86
87wiki will be available at https://mycorrhiza.example.com