Deployment in OpenBSD

Requirements

• A VPS or VM publically accessible
• A domain name
• DNS hosted on Cloudflare (or your preferred registrar)
• The Go toolchain
  A cup of your favourite beverage (mine is tea :D)

DNS Setup

• Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
• Ensure ports 80 and 443 (TCP) are open via editing pf.conf(5) and reloading with pfctl -f /etc/pf.conf
• Visit Cloudflare panel and point yoursalty.domain.com to the public-routable IP address of your system, ensure proxy is checked.
• Grab your API key from the Cloudflare interface, you’ll need this shortly.
• Add an SRV record for Salty service discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _salty
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• And another for Salty avatar discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _avatars
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.

Infrastructure Setup

• Run: pkg_add go nginx to install the web server/reverse proxy and the toolchain
• Use the following snippet and then add it to nginx’s configuration file:

 1server {
 2	listen 80;
 3	listen [::]:80;
 4	server_name salty.yourdomain.com;
 5	
 6	return 301 https://$host$request_url;
 7}
 8
 9server {
10	listen 443 ssl;
11	listen [::]:443 ssl;
12	server_name salty.yourdomain.com;
13	
14	ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
15	ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
16	
17	location / {
18		proxy_pass http://127.0.0.1:8000;
19	}
20}

• Run: go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest to install the broker/webapp, ideally as its own user (i.e. _salty)
• Use the following snippet for /etc/rc.d/saltyd:

 1#!/bin/ksh
 2daemon="/usr/local/salty/saltyd"
 3daemon_user="_saltyd"
 4daemon_flags="-b 0.0.0.0:8000 -d /path/to/salty/data -u https://salty.yourdomain.com -p yourdomain.com -s bitcask://path/to/salty/salty.db"
 5
 6. /etc/rc.d/rc.subr
 7
 8rc_bg=YES
 9rc_reload=NO
10
11rc_cmd "$1"

The script has to have the execution bit set (mode 0755)

• Run: rcctl enable saltyd nginx and rcctl start saltyd nginx to get saltyd and nginx running.
• If there are no issues, you should be able to visit https://salty.yourdomain.com and view the PWA