diff options
| author | la-ninpre <leobrekalini@gmail.com> | 2022-08-02 18:30:03 +0300 |
|---|---|---|
| committer | la-ninpre <leobrekalini@gmail.com> | 2022-08-02 18:30:03 +0300 |
| commit | ec0cb2e44bd958e8229ba11af827448a4c251f78 (patch) | |
| tree | 4a9d24950b2deb9bd0c55a27401c3237b39ded96 /misc/mycorrhiza/pkg/README | |
| parent | 5cc0874b0d5ee6415bdfe90372a9e86563c34d5d (diff) | |
| download | ports-ec0cb2e44bd958e8229ba11af827448a4c251f78.tar.gz ports-ec0cb2e44bd958e8229ba11af827448a4c251f78.zip | |
add misc/mycorrhiza
it's still work in progress. also it needs mycorrhiza user to be added
to /usr/ports/infrastructure/db/user.list.
Diffstat (limited to 'misc/mycorrhiza/pkg/README')
| -rw-r--r-- | misc/mycorrhiza/pkg/README | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/misc/mycorrhiza/pkg/README b/misc/mycorrhiza/pkg/README new file mode 100644 index 0000000..0b7ea37 --- /dev/null +++ b/misc/mycorrhiza/pkg/README @@ -0,0 +1,87 @@ ++------------------------------------------------------------------------------- +| Running ${PKGSTEM} on OpenBSD ++------------------------------------------------------------------------------- + +Initial setup +============= + +Mycorrhiza expects to be fronted by a TLS terminating proxy. By default it is +listening on localhost:1737. + +httpd(8) +-------- + +# httpd.conf(5) +server "mycorrhiza.example.com" { + listen on * port http + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + location "*" { + block return 302 "https://$HTTP_HOST$REQUEST_URI" + } +} + +mycorrhiza# rcctl enable httpd +mycorrhiza# rcctl start httpd + +acme-client(1) +-------------- + +# acme-client.conf(5) +domain mycorrhiza.example.com { + domain key "${SYSCONFDIR}/ssl/private/mycorrhiza.example.com.key" + domain full chain cerificate "${SYSCONFDIR}/ssl/mycorrhiza.example.com.crt" + sign with letsencrypt +} + +mycorrhiza# acme-client -v mycorrhiza.example.com +mycorrhiza# acme-client -v mycorrhiza.example.com + +relayd(8) +--------- + +# relayd.conf(5) +ext_ip="123.45.67.89" +ext_ip6="1234:5678:dead:beef" +mycorrhiza_port="1737" +table <mycorrhiza> { 127.0.0.1 ::1 } + +http protocol https { + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + match request header append "X-Forwarded-By" \ + value "$SERVER_ADDR:$SERVER_PORT" + match request header set "Connection" value "close" + + match request header "Host" value "mycorrhiza.*" forward to <mycorrhiza> + + tcp { sack, backlog 128 } + tls keypair mycorrhiza.example.com +} +relay https { + listen on $ext_ip port https tls + listen on $ext_ip6 port https tls + protocol https + forward to <mycorrhiza> port $mycorrhiza_port check tcp +} + +mycorrhiza# rcctl enable relayd +mycorrhiza# rcctl start relayd + +Setup +===== + +See ${HOMEPAGE} for details about configuration and deployment. +Be sure to set up proper authentication. +Set desired wiki name in ${RCDIR}/mycorrhiza (daemon_flags variable). + +mycorrhiza# mkdir ${VARBASE}/mycorrhiza +mycorrhiza# cd ${VARBASE}/mycorrhiza +mycorrhiza# mycorrhiza . +mycorrhiza# chown -R _mycorrhiza:_mycorrhiza ${VARBASE}/mycorrhiza + +mycorrhiza# rcctl enable mycorrhiza +mycorrhiza# rcctl start mycorrhiza + +wiki will be available at https://mycorrhiza.example.com |