Deployment on Linux without Docker

Note: this guide is based on Alpine Linux setups, but you may use them for other distributions as well.

Requirements

• A VPS or VM publically accessible
• A domain name
• DNS hosted on Cloudflare (or your preferred registrar)
• The Go toolchain
• A cup of your favourite beverage (mine is tea :D)

DNS Setup

• Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
• Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
• Visit Cloudflare panel and point yoursalty.domain.com to the public-routable IP address of your system, ensure proxy is checked.
• Grab your API key from the Cloudflare interface, you’ll need this shortly.
• Add an SRV record for Salty service discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _salty
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• And another for Salty avatar discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _avatars
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.

Infrastructure Setup

• Run: apk add go nginx to install the web server/reverse proxy and the toolchain
• Use the following snippet and then add it to nginx’s configuration file:

server {
	listen 80;
	listen [::]:80;
	server_name salty.yourdomain.com;
	
	return 301 https://$host$request_url;
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name salty.yourdomain.com;
	
	ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
	ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
	
	location / {
		proxy_pass http://127.0.0.1:8000;
	}
}

• Run: go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest to install the broker/webapp, ideally as its own user (i.e. _salty)
• Use the following snippet for OpenRC:

#!/sbin/openrc-run

depend() {
	need net
	use dns
}

command="/path/to/saltyd"
command_args="--base-url salty.yourdomain.com --bind 0.0.0.0:8000 --primary-domain yourdomain.com --store bitcask://path/to/saltyd_directory/saltyim.db --data /path/to/saltyd_directory/data"
command_background=true
command_user="_salty:_salty"
procname="saltyd"

• Run: rc-update add saltyd default and rc-service saltyd start to get saltyd running
• If there are no issues, you should be able to visit https://salty.yourdomain.com and view the PWA