Note: this guide is based on Alpine Linux setups, but you may use them for other distributions as well.
Requirements
- A VPS or VM publicly accessible
- A domain name
- DNS hosted on Cloudflare (or your preferred registrar)
- The Go toolchain
- A cup of your favourite beverage (mine is tea :D)
DNS Setup
- Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
- Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
- Visit Cloudflare panel and point
salty.example.comto the publicly-routed IP address of your system, ensure proxy is checked. - Grab your API key from the Cloudflare interface, you’ll need this shortly.
- Add an SRV record for Salty service discovery
- Type:
SRV - Name:
example.com - Service:
_salty - Protocol:
TCP - TTL:
3600(One hour) - Priority:
0(highest) - Weight:
0 - Port:
443 - Target:
salty.example.com
- Type:
- And another for Salty avatar discovery
- Type:
SRV - Name:
example.com - Service:
_avatars - Protocol:
TCP - TTL:
3600(One hour) - Priority:
0(highest) - Weight:
0 - Port:
443 - Target:
salty.example.com
- Type:
- Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
Infrastructure Setup
- Run:
apk add go nginxto install the web server/reverse proxy and the toolchain - Use the following snippet and then add it to
nginx’s configuration file:
1server {
2 listen 80;
3 listen [::]:80;
4 server_name salty.example.com;
5
6 return 301 https://$host$request_url;
7}
8
9server {
10 listen 443 ssl;
11 listen [::]:443 ssl;
12 server_name salty.example.com;
13
14 ssl_certificate /path/to/salty.example.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
15 ssl_certificate_key /path/to/salty.example.com/privkey.pem; # Same as above
16
17 location / {
18 proxy_pass http://127.0.0.1:8000;
19 }
20}
- Run:
go install go.salty.im/saltyim/cmd/saltyd@latestto install the broker/webapp, ideally as its own user (i.e._salty) - Use the following snippet for OpenRC:
1#!/sbin/openrc-run
2
3depend() {
4 need net
5 use dns
6}
7
8command="/path/to/saltyd"
9command_args="--base-url salty.yourdomain.com --bind 0.0.0.0:8000 --primary-domain yourdomain.com --store bitcask://path/to/saltyd_directory/saltyim.db --data /path/to/saltyd_directory/data"
10command_background=true
11command_user="_salty:_salty"
12procname="saltyd"
- Run:
rc-update add saltyd defaultandrc-service saltyd startto getsaltydrunning - If there are no issues, you should be able to visit
https://salty.yourdomain.comand view the PWA