$OpenBSD: README,v 1.2 2018/09/04 12:46:23 espie Exp $
+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
User Authentication
===================
The server uses an .htpasswd file to specify users. You can create such a file
at the root of the persistence directory (${VARBASE}/restic by default) by
executing the following command. In order to append new user to the file, just
omit the -c argument.
# su -l -s/bin/sh _restic
$ htpasswd .htpasswd username
TLS
===
By default the server uses HTTP protocol. This is not very secure since with
Basic Authentication, username and passwords will travel in cleartext in every
request. In order to enable TLS support just add the -tls argument and add a
private and public key at the root of your persistence directory. You may also
specify private and public keys by --tls-cert and --tls-key
Signed certificate is required by the restic backend, but if you just want to
test the feature you can generate unsigned keys with the following commands:
openssl genrsa -out private_key 4096
openssl req -new -x509 -key private_key -out public_key -days 365
The above arguments can be set by using rcctl(8).
