From ec0cb2e44bd958e8229ba11af827448a4c251f78 Mon Sep 17 00:00:00 2001 From: la-ninpre Date: Tue, 2 Aug 2022 18:30:03 +0300 Subject: add misc/mycorrhiza it's still work in progress. also it needs mycorrhiza user to be added to /usr/ports/infrastructure/db/user.list. --- misc/mycorrhiza/pkg/README | 87 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 misc/mycorrhiza/pkg/README (limited to 'misc/mycorrhiza/pkg/README') diff --git a/misc/mycorrhiza/pkg/README b/misc/mycorrhiza/pkg/README new file mode 100644 index 0000000..0b7ea37 --- /dev/null +++ b/misc/mycorrhiza/pkg/README @@ -0,0 +1,87 @@ ++------------------------------------------------------------------------------- +| Running ${PKGSTEM} on OpenBSD ++------------------------------------------------------------------------------- + +Initial setup +============= + +Mycorrhiza expects to be fronted by a TLS terminating proxy. By default it is +listening on localhost:1737. + +httpd(8) +-------- + +# httpd.conf(5) +server "mycorrhiza.example.com" { + listen on * port http + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + location "*" { + block return 302 "https://$HTTP_HOST$REQUEST_URI" + } +} + +mycorrhiza# rcctl enable httpd +mycorrhiza# rcctl start httpd + +acme-client(1) +-------------- + +# acme-client.conf(5) +domain mycorrhiza.example.com { + domain key "${SYSCONFDIR}/ssl/private/mycorrhiza.example.com.key" + domain full chain cerificate "${SYSCONFDIR}/ssl/mycorrhiza.example.com.crt" + sign with letsencrypt +} + +mycorrhiza# acme-client -v mycorrhiza.example.com +mycorrhiza# acme-client -v mycorrhiza.example.com + +relayd(8) +--------- + +# relayd.conf(5) +ext_ip="123.45.67.89" +ext_ip6="1234:5678:dead:beef" +mycorrhiza_port="1737" +table { 127.0.0.1 ::1 } + +http protocol https { + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + match request header append "X-Forwarded-By" \ + value "$SERVER_ADDR:$SERVER_PORT" + match request header set "Connection" value "close" + + match request header "Host" value "mycorrhiza.*" forward to + + tcp { sack, backlog 128 } + tls keypair mycorrhiza.example.com +} +relay https { + listen on $ext_ip port https tls + listen on $ext_ip6 port https tls + protocol https + forward to port $mycorrhiza_port check tcp +} + +mycorrhiza# rcctl enable relayd +mycorrhiza# rcctl start relayd + +Setup +===== + +See ${HOMEPAGE} for details about configuration and deployment. +Be sure to set up proper authentication. +Set desired wiki name in ${RCDIR}/mycorrhiza (daemon_flags variable). + +mycorrhiza# mkdir ${VARBASE}/mycorrhiza +mycorrhiza# cd ${VARBASE}/mycorrhiza +mycorrhiza# mycorrhiza . +mycorrhiza# chown -R _mycorrhiza:_mycorrhiza ${VARBASE}/mycorrhiza + +mycorrhiza# rcctl enable mycorrhiza +mycorrhiza# rcctl start mycorrhiza + +wiki will be available at https://mycorrhiza.example.com -- cgit v1.2.3