Requirements

• A VPS, VM or Jail publicly accessible
• A domain name
• Ability to edit you DNS records at your preferred registrar
• The Go toolchain

DNS Setup

• Update and configure your VPS/VM/Jail how you prefer. Hardening and configuration are out of the scope for this guide, when in doubt refer to The FreeBSD Handbook.
• Ensure ports 80 and 443 (TCP) are open via editing pf.conf(5) and reloading with service pf reload
• Visit your registrar DNS Settings panel and point salty.domain.com to the public-routable IP address of your system.
• Add an SRV record for Salty service discovery
  • Type: SRV
  • Name: example.com
  • Service: _salty
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.example.com
• And another for Salty avatar discovery
  • Type: SRV
  • Name: example.com
  • Service: _avatars
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.example.com
• And wait a few minutes as DNS propagation can take a bit.

Infrastructure Setup

• Run: pkg install go nginx to install the web server/reverse proxy and the toolchain

Setup your Nginx proxy:

• Use the following snippet and then add it to nginx’s configuration file:

 1server {
 2 listen 80;
 3 listen [::]:80;
 4 server_name salty.example.com;
 5 
 6 return 301 https://$host$request_url;
 7}
 8
 9server {
10 listen 443 ssl;
11 listen [::]:443 ssl;
12 server_name salty.example.com;
13 
14 ssl_certificate /path/to/salty.example.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
15 ssl_certificate_key /path/to/salty.example.com/privkey.pem; # Same as above
16 
17 location / {
18  proxy_pass http://127.0.0.1:8000;
19 }
20}

P.S: if you already have a different proxy manager already set up, you can skip the Nginx part and use that instead.

Setup your salty broker:

• Install the Saltyd broker, ideally as it’s own non-root user, we will use the _saltyd user for this example.

1go install go.salty.im/saltyim/cmd/saltyd@latest

• Copy and edit the following snippet to your liking and put it in /usr/local/etc/rc.d/saltyd

 1#!/bin/sh
 2#
 3
 4# PROVIDE: saltyd
 5# REQUIRE: NETWORKING
 6# KEYWORD: shutdown
 7#
 8# Add these lines to /etc/rc.conf.local or /etc/rc.conf
 9# to enable this service:
10#
11# saltyd_enable (bool):         Set to NO by default.
12#                               Set it to YES to enable saltyd.
13# saltyd_home (path):           Where saltyd's /data and /certs
14#                               directories will be kept for this example.
15# saltyd_user (str):            User to run saltyd as.
16#                               Set to _saltyd by default.
17# saltyd_proc_opt (str):        If not set saltyd will use the defaults,
18#                               see `saltyd --help`
19
20
21. /etc/rc.subr
22
23load_rc_config "$name"
24
25
26: ${saltyd_enable:="NO"}
27: ${saltyd_home:?"salty_home isn't set in rc.conf"}
28: ${saltyd_user:?"salty_user isn't set in rc.conf"}
29: ${saltyd_group:="${saltyd_user}"}
30: ${saltyd_proc_opt:?"saltyd_proc_opt isn't set in rc.conf"}
31: ${saltyd_pidfile:="/var/run/saltyd/saltyd.pid"}
32: ${saltyd_syslog_tag:="saltyd"}
33: ${saltyd_syslog_priority:="info"}
34: ${saltyd_syslog_facility:="daemon"}
35
36
37pidfile="${saltyd_pidfile}"
38
39name="saltyd"
40desc="saltyd - a saltyim broker"
41rcvar="${name}_enable"
42saltyd_proc_name="/home/_saltyd/go/bin/saltyd"                                 # Full path to your saltyd binary (i.e: /home/_saltyd/go/bin/saltyd)
43command="/usr/sbin/daemon"
44command_args="-P ${pidfile} -S -T ${saltyd_syslog_tag} -s ${saltyd_syslog_priority} -l ${saltyd_syslog_facility} -- ${saltyd_proc_name} ${saltyd_proc_opt}"
45saltyd_chdir="$saltyd_home"
46start_precmd="start_precmd"
47
48start_precmd()
49{
50        if [ ! -d "${saltyd_home}" ]
51        then
52                install -d -m 755 -o "${saltyd_user}" "${saltyd_home}"
53        fi
54
55        if [ ! -f "$saltyd_pidfile" ]
56        then
57                install -d -m 755 -o "${saltyd_user}" /var/run/"${name}"
58                cat /dev/null > "${saltyd_pidfile}" && chown "${saltyd_user}" "${saltyd_pidfile}"
59        else
60                return 0
61        fi
62}
63
64cd "$saltyd_home"
65
66run_rc_command "$1"

N.B: The script has to have the execution bit set (mode 0755)

• Add in the necessary rc variables with the proper values to your /etc/rc.conf file as shown in the following example:

 1root@sandbox:~ # sysrc nginx_enable="YES"
 2nginx_enable:  -> YES
 3root@sandbox:~ # sysrc saltyd_enable="YES"
 4saltyd_enable:  -> YES
 5root@sandbox:~ # sysrc saltyd_home="/home/_saltyd/salty_broker_files"
 6saltyd_home:  -> /home/_saltyd/salty_broker_files
 7root@sandbox:~ # sysrc saltyd_user="_saltyd"
 8saltyd_user:  -> _saltyd
 9root@sandbox:~ # sysrc saltyd_proc_opt="-u https://salty.example.com -p example.com -E support@example.com"
10saltyd_proc_opt:  -> -u https://salty.example.com -p example.com -E support@example.com

Remember to check out saltyd --help for a list of available options and add what you need to the saltyd_proc_opt variable accordingly, otherwise saltyd will fall back to using it’s defaults.

• Start Nginx and Saltyd

1service nginx start
2service saltyd start

• Check your logs tail -f /var/log/daemon.log If there are no issues, you should be able to proceed with registering your first user.