blob: 0b7ea3748e72a77d4b87495c09b5291e96444490 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------
Initial setup
=============
Mycorrhiza expects to be fronted by a TLS terminating proxy. By default it is
listening on localhost:1737.
httpd(8)
--------
# httpd.conf(5)
server "mycorrhiza.example.com" {
listen on * port http
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "*" {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
mycorrhiza# rcctl enable httpd
mycorrhiza# rcctl start httpd
acme-client(1)
--------------
# acme-client.conf(5)
domain mycorrhiza.example.com {
domain key "${SYSCONFDIR}/ssl/private/mycorrhiza.example.com.key"
domain full chain cerificate "${SYSCONFDIR}/ssl/mycorrhiza.example.com.crt"
sign with letsencrypt
}
mycorrhiza# acme-client -v mycorrhiza.example.com
mycorrhiza# acme-client -v mycorrhiza.example.com
relayd(8)
---------
# relayd.conf(5)
ext_ip="123.45.67.89"
ext_ip6="1234:5678:dead:beef"
mycorrhiza_port="1737"
table <mycorrhiza> { 127.0.0.1 ::1 }
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
match request header "Host" value "mycorrhiza.*" forward to <mycorrhiza>
tcp { sack, backlog 128 }
tls keypair mycorrhiza.example.com
}
relay https {
listen on $ext_ip port https tls
listen on $ext_ip6 port https tls
protocol https
forward to <mycorrhiza> port $mycorrhiza_port check tcp
}
mycorrhiza# rcctl enable relayd
mycorrhiza# rcctl start relayd
Setup
=====
See ${HOMEPAGE} for details about configuration and deployment.
Be sure to set up proper authentication.
Set desired wiki name in ${RCDIR}/mycorrhiza (daemon_flags variable).
mycorrhiza# mkdir ${VARBASE}/mycorrhiza
mycorrhiza# cd ${VARBASE}/mycorrhiza
mycorrhiza# mycorrhiza .
mycorrhiza# chown -R _mycorrhiza:_mycorrhiza ${VARBASE}/mycorrhiza
mycorrhiza# rcctl enable mycorrhiza
mycorrhiza# rcctl start mycorrhiza
wiki will be available at https://mycorrhiza.example.com
|
