Deployment on Linux without Docker
Note: this guide is based on Alpine Linux setups, but you may use them for other distributions as well.
Requirements
- A VPS or VM publically accessible
- A domain name
- DNS hosted on Cloudflare (or your preferred registrar)
- The Go toolchain
- A cup of your favourite beverage (mine is tea :D)
DNS Setup
- Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
- Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
- Visit Cloudflare panel and point
yoursalty.domain.com
to the public-routable IP address of your system, ensure proxy is checked. - Grab your API key from the Cloudflare interface, you’ll need this shortly.
- Add an SRV record for Salty service discovery
- Type:
SRV
- Name:
yourdomain.com
- Service:
_salty
- Protocol:
TCP
- TTL:
3600
(One hour) - Priority:
0
(highest) - Weight:
0
- Port:
443
- Target:
salty.yourdomain.com
- Type:
- And another for Salty avatar discovery
- Type:
SRV
- Name:
yourdomain.com
- Service:
_avatars
- Protocol:
TCP
- TTL:
3600
(One hour) - Priority:
0
(highest) - Weight:
0
- Port:
443
- Target:
salty.yourdomain.com
- Type:
- Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
Infrastructure Setup
- Run:
apk add go nginx
to install the web server/reverse proxy and the toolchain - Use the following snippet and then add it to
nginx
’s configuration file:
server {
listen 80;
listen [::]:80;
server_name salty.yourdomain.com;
return 301 https://$host$request_url;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name salty.yourdomain.com;
ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
location / {
proxy_pass http://127.0.0.1:8000;
}
}
- Run:
go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest
to install the broker/webapp, ideally as its own user (i.e._salty
) - Use the following snippet for OpenRC:
#!/sbin/openrc-run
depend() {
need net
use dns
}
command="/path/to/saltyd"
command_args="--base-url salty.yourdomain.com --bind 0.0.0.0:8000 --primary-domain yourdomain.com --store bitcask://path/to/saltyd_directory/saltyim.db --data /path/to/saltyd_directory/data"
command_background=true
command_user="_salty:_salty"
procname="saltyd"
- Run:
rc-update add saltyd default
andrc-service saltyd start
to getsaltyd
running - If there are no issues, you should be able to visit
https://salty.yourdomain.com
and view the PWA