From 75f2177d5b68d610b859c18eddb14540d1ee92b5 Mon Sep 17 00:00:00 2001 From: nonlinear Date: Sat, 15 Dec 2018 14:00:00 -0800 Subject: [PATCH] Update/add OpenBSD config files --- installation/openbsd/httpd.conf | 36 ++++++++++++++++++++++++ installation/openbsd/rc.d/pleromad | 34 +++++++++++++++++++++++ installation/openbsd/relayd.conf | 44 ++++++++++++++++++++++++++++++ installation/rc.d/pleromad | 26 ------------------ 4 files changed, 114 insertions(+), 26 deletions(-) create mode 100644 installation/openbsd/httpd.conf create mode 100755 installation/openbsd/rc.d/pleromad create mode 100644 installation/openbsd/relayd.conf delete mode 100755 installation/rc.d/pleromad diff --git a/installation/openbsd/httpd.conf b/installation/openbsd/httpd.conf new file mode 100644 index 000000000..82f4803fd --- /dev/null +++ b/installation/openbsd/httpd.conf @@ -0,0 +1,36 @@ +# +# Default httpd.conf file for Pleroma on OpenBSD +# Simple installation instructions +# 1. Place file in /etc +# 2. Replace with your public IP address +# 3. If using IPv6, uncomment IPv6 lines and replace with your public IPv6 address +# 4. Check file using 'doas httpd -n' +# 5. Enable and start httpd: +# # doas rcctl enable httpd +# # doas rcctl start httpd +# + +ext_inet="" +#ext_inet6="" + +server "default" { + listen on $ext_inet port 80 # Comment to disable listening on IPv4 +# listen on $ext_inet6 port 80 # Comment to disable listening on IPv6 + listen on 127.0.0.1 port 80 # Do NOT comment this line + + log syslog + directory no index + + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + + location "/robots.txt" { root "/htdocs/local/" } + location "/*" { block return 302 "https://$HTTP_HOST$REQUEST_URI" } +} + +types { + include "/usr/share/misc/mime.types" +} + diff --git a/installation/openbsd/rc.d/pleromad b/installation/openbsd/rc.d/pleromad new file mode 100755 index 000000000..19ac4bb51 --- /dev/null +++ b/installation/openbsd/rc.d/pleromad @@ -0,0 +1,34 @@ +#!/bin/ksh +# +# Default init file for Pleroma on OpenBSD +# +# Simple installation instructions: +# 1. Install Pleroma per wiki instructions +# 2. Place this pleromad file in /etc/rc.d +# 3. Enable and start Pleroma +# # doas rcctl enable pleromad +# # doas rcctl start pleromad +# + +daemon="/usr/local/bin/elixir" +daemon_flags="--detached -S /usr/local/bin/mix phx.server" +daemon_user="_pleroma" + +. /etc/rc.d/rc.subr + +rc_reload=NO +pexp="phx.server" + +rc_check() { + pgrep -q -U _pleroma -f "phx.server" +} + +rc_start() { + ${rcexec} "cd pleroma; ${daemon} ${daemon_flags}" +} + +rc_stop() { + pkill -q -U _pleroma -f "phx.server" +} + +rc_cmd $1 diff --git a/installation/openbsd/relayd.conf b/installation/openbsd/relayd.conf new file mode 100644 index 000000000..31c2c1129 --- /dev/null +++ b/installation/openbsd/relayd.conf @@ -0,0 +1,44 @@ +# +# Default relayd.conf file for Pleroma on OpenBSD +# Simple installation instructions: +# 1. Place in /etc +# 2. Replace with your public IPv4 address +# 3. If using IPv6i, uncomment IPv6 lines and replace with your public IPv6 address +# 4. Check file using 'doas relayd -n' +# 5. Reload/start relayd +# # doas rcctl enable relayd +# # doas rcctl start relayd +# + +ext_inet="" +#ext_inet6="" + +table { 127.0.0.1 } +table { 127.0.0.1 } + +http protocol plerup { # Protocol for upstream pleroma server + #tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit + tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA0-POLY1305" + tls ecdhe secp384r1 + + # Forward some paths to the local server (as pleroma won't respond to them as you might want) + pass request quick path "/robots.txt" forward to + + # Append a bunch of headers + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictl required by pleroma but adding them won't hurt + match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" + + match request header append "Connection" value "upgrade" + +} + +relay wwwtls { + listen on $ext_inet port https tls # Comment to disable listening on IPv4 +# listen on $ext_inet6 port https tls # Comment to disable listening on IPv6 + + protocol plerup + + forward to port 4000 check http "/" code 200 + forward to port 80 check http "/robots.txt" code 200 +} + diff --git a/installation/rc.d/pleromad b/installation/rc.d/pleromad deleted file mode 100755 index b19ce1e74..000000000 --- a/installation/rc.d/pleromad +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/ksh -# - -daemon="/usr/local/bin/elixir" -daemon_flags="--detached -S /usr/local/bin/mix phx.server" -daemon_user="_pleroma" - -. /etc/rc.d/rc.subr - -rc_reload=NO -#pexp="/usr/local/lib/erlang19/erts-8.3/bin/beam -- -root /usr/local/lib/erlang19 -progname erl19 -- -home /home/_pleroma -- -pa /usr/local/lib/elixir/bin/../lib/eex/ebin /usr/local/lib/elixir/bin/../lib/elixir/ebin /usr/local/lib/elixir/bin/../lib/ex_unit/ebin /usr/local/lib/elixir/bin/../lib/iex/ebin /usr/local/lib/elixir/bin/../lib/logger/ebin /usr/local/lib/elixir/bin/../lib/mix/ebin -elixir ansi_enabled true -noshell -s elixir start_cli -noshell -noinput -extra --detached -S /usr/local/bin/mix phx.server" -pexp="phx.server" - -rc_check() { - pgrep -q -U _pleroma -f "phx.server" -} - -rc_start() { - ${rcexec} "cd pleroma; ${daemon} ${daemon_flags}" -} - -rc_stop() { - pkill -q -U _pleroma -f "phx.server" -} - -rc_cmd $1