Deployment in OpenBSD

Requirements

• A VPS or VM publically accessible
• A domain name
• DNS hosted on Cloudflare (or your preferred registrar)
• The Go toolchain A cup of your favourite beverage (mine is tea :D)

DNS Setup

• Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
• Ensure ports 80 and 443 (TCP) are open via editing pf.conf(5) and reloading with pfctl -f /etc/pf.conf
• Visit Cloudflare panel and point yoursalty.domain.com to the public-routable IP address of your system, ensure proxy is checked.
• Grab your API key from the Cloudflare interface, you’ll need this shortly.
• Add an SRV record for Salty service discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _salty
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• And another for Salty avatar discovery
  • Type: SRV
  • Name: yourdomain.com
  • Service: _avatars
  • Protocol: TCP
  • TTL: 3600 (One hour)
  • Priority: 0 (highest)
  • Weight: 0
  • Port: 443
  • Target: salty.yourdomain.com
• Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.

Infrastructure Setup

• Run: pkg_add go nginx to install the web server/reverse proxy and the toolchain
• Use the following snippet and then add it to nginx’s configuration file:

server {
	listen 80;
	listen [::]:80;
	server_name salty.yourdomain.com;
	
	return 301 https://$host$request_url;
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name salty.yourdomain.com;
	
	ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
	ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
	
	location / {
		proxy_pass http://127.0.0.1:8000;
	}
}

• Run: go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest to install the broker/webapp, ideally as its own user (i.e. _salty)
• Use the following snippet for /etc/rc.d/saltyd:

#!/bin/ksh
daemon="/usr/local/salty/saltyd"
daemon_user="_saltyd"
daemon_flags="-b 0.0.0.0:8000 -d /path/to/salty/data -u https://salty.yourdomain.com -p yourdomain.com -s bitcask://path/to/salty/salty.db"

. /etc/rc.d/rc.subr

rc_bg=YES
rc_reload=NO

rc_cmd "$1"

The script has to have the execution bit set (mode 0755)

• Run: rcctl enable saltyd nginx and rcctl start saltyd nginx to get saltyd and nginx running.
• If there are no issues, you should be able to visit https://salty.yourdomain.com and view the PWA