Requirements

• A VPS or VM publicly accessible
• A domain name
• DNS hosted on Cloudflare (or your preferred registrar)
• The Go toolchain
  A cup of your favourite beverage (mine is tea :D)

DNS Setup

• Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
• Ensure ports 80 and 443 (TCP) are open via editing pf.conf(5) and reloading with pfctl -f /etc/pf.conf
• Visit Cloudflare panel and point salty.domain.com to the public-routable IP address of your system, ensure proxy is checked.
• Grab your API key from the Cloudflare interface, you’ll need this shortly.
• Add an SRV record for Salty service discovery
  • Type: SRV
  • Name: example.com
  • Service: _salty
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.example.com
• And another for Salty avatar discovery
  • Type: SRV
  • Name: example.com
  • Service: _avatars
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.example.com
• Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.

Infrastructure Setup

• Run: pkg_add go nginx to install the web server/reverse proxy and the toolchain
• Use the following snippet and then add it to nginx’s configuration file:

 1server {
 2 listen 80;
 3 listen [::]:80;
 4 server_name salty.example.com;
 5 
 6 return 301 https://$host$request_url;
 7}
 8
 9server {
10 listen 443 ssl;
11 listen [::]:443 ssl;
12 server_name salty.example.com;
13 
14 ssl_certificate /path/to/salty.example.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
15 ssl_certificate_key /path/to/salty.example.com/privkey.pem; # Same as above
16 
17 location / {
18  proxy_pass http://127.0.0.1:8000;
19 }
20}

• Run: go install go.salty.im/saltyim/cmd/saltyd@latest to install the broker/webapp, ideally as its own user (i.e. _salty)
• Use the following snippet for /etc/rc.d/saltyd:

 1#!/bin/ksh
 2daemon="/usr/local/salty/saltyd"
 3daemon_user="_saltyd"
 4daemon_flags="-b 0.0.0.0:8000 -d /path/to/salty/data -u https://salty.example.com -p example.com -s bitcask://path/to/salty/salty.db"
 5
 6. /etc/rc.d/rc.subr
 7
 8rc_bg=YES
 9rc_reload=NO
10
11rc_cmd "$1"

The script has to have the execution bit set (mode 0755)

• Run: rcctl enable saltyd nginx and rcctl start saltyd nginx to get saltyd and nginx running.
• If there are no issues, you should be able to visit https://salty.example.com and view the PWA