diff options
Diffstat (limited to 'misc/mycorrhiza/pkg/README')
| -rw-r--r-- | misc/mycorrhiza/pkg/README | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/misc/mycorrhiza/pkg/README b/misc/mycorrhiza/pkg/README new file mode 100644 index 0000000..0b7ea37 --- /dev/null +++ b/misc/mycorrhiza/pkg/README @@ -0,0 +1,87 @@ ++------------------------------------------------------------------------------- +| Running ${PKGSTEM} on OpenBSD ++------------------------------------------------------------------------------- + +Initial setup +============= + +Mycorrhiza expects to be fronted by a TLS terminating proxy. By default it is +listening on localhost:1737. + +httpd(8) +-------- + +# httpd.conf(5) +server "mycorrhiza.example.com" { + listen on * port http + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + location "*" { + block return 302 "https://$HTTP_HOST$REQUEST_URI" + } +} + +mycorrhiza# rcctl enable httpd +mycorrhiza# rcctl start httpd + +acme-client(1) +-------------- + +# acme-client.conf(5) +domain mycorrhiza.example.com { + domain key "${SYSCONFDIR}/ssl/private/mycorrhiza.example.com.key" + domain full chain cerificate "${SYSCONFDIR}/ssl/mycorrhiza.example.com.crt" + sign with letsencrypt +} + +mycorrhiza# acme-client -v mycorrhiza.example.com +mycorrhiza# acme-client -v mycorrhiza.example.com + +relayd(8) +--------- + +# relayd.conf(5) +ext_ip="123.45.67.89" +ext_ip6="1234:5678:dead:beef" +mycorrhiza_port="1737" +table <mycorrhiza> { 127.0.0.1 ::1 } + +http protocol https { + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + match request header append "X-Forwarded-By" \ + value "$SERVER_ADDR:$SERVER_PORT" + match request header set "Connection" value "close" + + match request header "Host" value "mycorrhiza.*" forward to <mycorrhiza> + + tcp { sack, backlog 128 } + tls keypair mycorrhiza.example.com +} +relay https { + listen on $ext_ip port https tls + listen on $ext_ip6 port https tls + protocol https + forward to <mycorrhiza> port $mycorrhiza_port check tcp +} + +mycorrhiza# rcctl enable relayd +mycorrhiza# rcctl start relayd + +Setup +===== + +See ${HOMEPAGE} for details about configuration and deployment. +Be sure to set up proper authentication. +Set desired wiki name in ${RCDIR}/mycorrhiza (daemon_flags variable). + +mycorrhiza# mkdir ${VARBASE}/mycorrhiza +mycorrhiza# cd ${VARBASE}/mycorrhiza +mycorrhiza# mycorrhiza . +mycorrhiza# chown -R _mycorrhiza:_mycorrhiza ${VARBASE}/mycorrhiza + +mycorrhiza# rcctl enable mycorrhiza +mycorrhiza# rcctl start mycorrhiza + +wiki will be available at https://mycorrhiza.example.com |