Deployment on Linux without Docker

Note: this guide is based on Alpine Linux setups, but you may use them for other distributions as well.

Requirements

• A VPS or VM publically accessible
• A domain name
• DNS hosted on Cloudflare (or your preferred registrar)
• The Go toolchain
• A cup of your favourite beverage (mine is tea :D)

DNS Setup

• Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
• Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
• Visit Cloudflare panel and point yoursalty.domain.com to the public-routable IP address of your system, ensure proxy is checked.
• Grab your API key from the Cloudflare interface, you’ll need this shortly.
• Add an SRV record for Salty service discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _salty
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• And another for Salty avatar discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _avatars
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.

Infrastructure Setup

• Run: apk add go nginx to install the web server/reverse proxy and the toolchain

• Use the following snippet and then add it to nginx’s configuration file:

  server {
  listen 80;
  listen [::]:80;
  server_name salty.yourdomain.com;
  return 301 https://$host$request_url;
  }
  server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name salty.yourdomain.com;
  ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
  ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
  location / {
  	proxy_pass http://127.0.0.1:8000;
  }
  }
  

• Run: go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest to install the broker/webapp, ideally as its own user (i.e. _salty)

• Use the following snippet for OpenRC:

  #!/sbin/openrc-run
  depend() {
  need net
  use dns
  }
  command="/path/to/saltyd"
  command_args="--base-url salty.yourdomain.com --bind 0.0.0.0:8000 --primary-domain yourdomain.com --store bitcask://path/to/saltyd_directory/saltyim.db --data /path/to/saltyd_directory/data"
  command_background=true
  command_user="_salty:_salty"
  procname="saltyd"
  

• Run: rc-update add saltyd default and rc-service saltyd start to get saltyd running

• If there are no issues, you should be able to visit https://salty.yourdomain.com and view the PWA