cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/www/honk/pkg/README
abieber d9be05d887 Bonk honk to 0.9.5 
- Fixes rc_stop
- Updates to examples / README

diff from "maintainer" >.> Horia Racoviceanu <horia () racoviceanu ! com>
2021-01-16 23:42:57 +00:00

119 lines
2.7 KiB
Plaintext
Raw Blame History

$OpenBSD: README,v 1.4 2021/01/16 23:42:57 abieber Exp $
+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------
Initial configuration
=====================
honk expects to be fronted by a TLS terminating reverse proxy.
Make sure to pass the Host header for nginx(8)
proxy_set_header Host $http_host;
Icon and favicon
----------------
honk# mkdir ${VARBASE}/www/htdocs/honk
honk# ftp -o ${VARBASE}/www/htdocs/honk/icon.png \
https://honk.tedunangst.com/icon.png
honk# ftp -o ${VARBASE}/www/htdocs/honk/favicon.ico \
https://honk.tedunangst.com/favicon.ico
httpd(8)
--------
# httpd.conf(5)
server "honk.example.com" {
listen on * port http
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "/*icon.*" {
root "/htdocs/honk"
}
location "*" {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
honk# rcctl enable httpd
honk# rcctl start httpd
acme-client(1)
--------------
# acme-client.conf(5)
domain honk.example.com {
domain key "${SYSCONFDIR}/ssl/private/honk.example.com.key"
domain full chain certificate "${SYSCONFDIR}/ssl/honk.example.com.crt"
sign with letsencrypt
}
honk# acme-client -v honk.example.com
honk# ocspcheck -vNo /etc/ssl/honk.example.com.{ocsp,crt}
relayd(8)
---------
# relayd.conf(5)
ext_ip="203.0.113.4"
ext_ip2="2001:0db8::4"
honk_port="31337"
table <honk> { 127.0.0.1 ::1 }
table <localhost> { 127.0.0.1 ::1 }
http protocol "https" {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
match request header "Host" value "honk.*" forward to <honk>
match request path "/*icon.*" forward to <localhost>
tcp { sack, backlog 128 }
tls keypair honk.example.com
}
relay "https" {
listen on $ext_ip port https tls
protocol "https"
forward to <localhost> port http check http "/icon.png" code 200
forward to <honk> port $honk_port check tcp
}
relay "https2" {
listen on $ext_ip2 port https tls
protocol "https"
forward to <localhost> port http check http "/icon.png" code 200
forward to <honk> port $honk_port check tcp
}
honk# rcctl enable relayd
honk# rcctl start relayd
pf(4)
-----
# pf.conf(5)
anchor "relayd/*"
honk# pfctl -f ${SYSCONFDIR}/pf.conf
Setup
=====
Please see ${LOCALBASE}/share/doc/honk
honk# doas -su _honk
honk$ umask 077; cd ${VARBASE}/honk && honk init
listenaddr: localhost:31337
servername: honk.example.com
honk$ touch ${VARBASE}/honk/savedinbox.json
honk$ exit
honk# rcctl enable honk
honk# rcctl start honk
Honk at https://honk.example.com
Reference in New Issue View Git Blame Copy Permalink