Subtle breaking changes (#17)

This is mainly to facilitate accessiblity of the deployment documentation.

Co-authored-by: Aoi K <admin@kyoko-project.wer.ee>
Reviewed-on: #17
Reviewed-by: James Mills <james@mills.io>
Co-authored-by: Aoi Koizumi (古泉 あおい) <novaburst@noreply@mills.io>
Co-committed-by: Aoi Koizumi (古泉 あおい) <novaburst@noreply@mills.io>
pull/18/head
Aoi Koizumi (古泉 あおい) 3 weeks ago committed by James Mills
parent fe1d7d7121
commit 5abfaacd4a
  1. 56
      deployment/linux-with-docker.md
  2. 87
      deployment/linux-without-docker.md
  3. 89
      deployment/openbsd.md
  4. 9
      instructions.md

@ -0,0 +1,56 @@
---
title: Deployment on Linux w/ Docker
---
# Deployment on Linux with Docker
## Requirements
* A VPS or VM publically accessible
* A domain name
* DNS hosted on Cloudflare
* A cup of coffee (or your favourite beverage)
## DNS Setup
* Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
* Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
* Visit Cloudflare panel and point `salty.yourdomain.com` to the public-routable IP address of your system, ensure proxy is checked.
* Grab your API key from the Cloudflare interface, you'll need this shortly.
* Add an SRV record for Salty service discovery
* Type: `SRV`
* Name: `yourdomain.com`
* Service: `_salty`
* Protocol: `TCP`
* TTL: `3600` (One hour)
* Priority: `0` (highest)
* Weight: `0`
* Port: `443`
* Target: `salty.yourdomain.com`
* And another for Salty avatar discovery
* Type: `SRV`
* Name: `yourdomain.com`
* Service: `_avatars`
* Protocol: `TCP`
* TTL: `3600` (One hour)
* Priority: `0` (highest)
* Weight: `0`
* Port: `443`
* Target: `salty.yourdomain.com`
* Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
## Infrastructure Setup
* Install docker on your VPS/VM.
* Create an operator user with `wheel` or `sudo` group as well as `docker` group.
* Run: `docker swarm init`, you've now created a single node Docker Swarm cluster.
* Run: `docker network create -d overlay traefik`, this will create the network needed for Traefik and Salty to communicate.
* Run: `docker stack deploy -c traefik.yml traefik`, this will deploy the traefik stack.
* Give Traefik a few minutes to warm up. Tail the logs with `docker logs -f traefik_traefik.1.someid` to ensure there are no errors
* Run: `docker stack deploy -c salty.yml salty`
* Run: `watch docker stack ps salty --no-trunc` to ensure the stack comes up and reaches running state
* Run: `docker logs -f salty_salty.1.someid` to verify the service is up
* If there are no issues, you should be able to visit `https://salty.yourdomain.com` and view the PWA
* Grab another cup
You will find example Docker Swarm stacks (docker-compose yaml) in [stacks](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/stacks)
* [salty.yml](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/stacks/salty.yml)
* [traefik.yml](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/stacks/traefik.yml)

@ -0,0 +1,87 @@
---
title: Deployment on Linux w/o Docker
---
# Deployment on Linux without Docker
Note: this guide is based on [Alpine Linux](https://alpinelinux.org) setups, but you may use them for other distributions as well.
## Requirements
* A VPS or VM publically accessible
* A domain name
* DNS hosted on Cloudflare (or your preferred registrar)
* The [Go](https://go.dev) toolchain
* A cup of your favourite beverage ([mine](https://kyoko-project.wer.ee/~akoizumi/) is tea :D)
## DNS Setup
* Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
* Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
* Visit Cloudflare panel and point `yoursalty.domain.com` to the public-routable IP address of your system, ensure proxy is checked.
* Grab your API key from the Cloudflare interface, you'll need this shortly.
* Add an SRV record for Salty service discovery
* Type: `SRV`
* Name: `yourdomain.com`
* Service: `_salty`
* Protocol: `TCP`
* TTL: `3600` (One hour)
* Priority: `0` (highest)
* Weight: `0`
* Port: `443`
* Target: `salty.yourdomain.com`
* And another for Salty avatar discovery
* Type: `SRV`
* Name: `yourdomain.com`
* Service: `_avatars`
* Protocol: `TCP`
* TTL: `3600` (One hour)
* Priority: `0` (highest)
* Weight: `0`
* Port: `443`
* Target: `salty.yourdomain.com`
* Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
## Infrastructure Setup
* Run: `apk add go nginx` to install the web server/reverse proxy and the toolchain
* Use the following snippet and then add it to `nginx`'s configuration file:
```
server {
listen 80;
listen [::]:80;
server_name salty.yourdomain.com;
return 301 https://$host$request_url;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name salty.yourdomain.com;
ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
location / {
proxy_pass http://127.0.0.1:8000;
}
}
```
* Run: `go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest` to install the broker/webapp, ideally as its own user (i.e. `_salty`)
* Use the following snippet for OpenRC:
```
#!/sbin/openrc-run
depend() {
need net
use dns
}
command="/path/to/saltyd"
command_args="--base-url salty.yourdomain.com --bind 0.0.0.0:8000 --primary-domain yourdomain.com --store bitcask://path/to/saltyd_directory/saltyim.db --data /path/to/saltyd_directory/data"
command_background=true
command_user="_salty:_salty"
procname="saltyd"
```
* Run: `rc-update add saltyd default` and `rc-service saltyd start` to get `saltyd` running
* If there are no issues, you should be able to visit `https://salty.yourdomain.com` and view the PWA

@ -0,0 +1,89 @@
---
title: Deployment in OpenBSD
---
# Deployment in OpenBSD
## Requirements
* A VPS or VM publically accessible
* A domain name
* DNS hosted on Cloudflare (or your preferred registrar)
* The [Go](https://go.dev) toolchain
A cup of your favourite beverage ([mine](https://kyoko-project.wer.ee/~akoizumi/) is tea :D)
## DNS Setup
* Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
* Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
* Visit Cloudflare panel and point yoursalty.domain.com to the public-routable IP address of your system, ensure proxy is checked.
* Grab your API key from the Cloudflare interface, you’ll need this shortly.
* Add an SRV record for Salty service discovery
* Type: `SRV`
* Name: `yourdomain.com`
* Service: `_salty`
* Protocol: `TCP`
* TTL: `3600` (One hour)
* Priority: `0` (highest)
* Weight: `0`
* Port: `443`
* Target: `salty.yourdomain.com`
* And another for Salty avatar discovery
* Type: `SRV`
* Name: `yourdomain.com`
* Service: `_avatars`
* Protocol: `TCP`
* TTL: `3600` (One hour)
* Priority: `0` (highest)
* Weight: `0`
* Port: `443`
* Target: `salty.yourdomain.com`
* Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
## Infrastructure Setup
* Run: `pkg_add go nginx` to install the web server/reverse proxy and the toolchain
* Use the following snippet and then add it to `nginx`'s configuration file:
```nginx
server {
listen 80;
listen [::]:80;
server_name salty.yourdomain.com;
return 301 https://$host$request_url;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name salty.yourdomain.com;
ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
location / {
proxy_pass http://127.0.0.1:8000;
}
}
```
* Run: `go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest` to install the broker/webapp, ideally as its own user (i.e. `_salty`)
* Use the following snippet for `/etc/rc.d/saltyd`:
```shell
#!/bin/ksh
daemon="/usr/local/salty/saltyd"
daemon_user="_saltyd"
daemon_flags="-b 0.0.0.0:8000 -d /path/to/salty/data -u https://salty.yourdomain.com -p yourdomain.com -s bitcask://path/to/salty/salty.db"
. /etc/rc.d/rc.subr
rc_bg=YES
rc_reload=NO
rc_cmd "$1"
```
The script has to have the execution bit set (mode 0755)
* Run: `rcctl enable saltyd nginx` and `rcctl start saltyd nginx` to get `saltyd` and `nginx` running.
* If there are no issues, you should be able to visit `https://salty.yourdomain.com` and view the PWA

@ -37,4 +37,11 @@ go install go.mills.io/salty/cmd/salty-keygen@latest
## Server-side
This part is covered in the [Deployment guide](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/Deployment.md)
Deployment of a `saltyd` broker may vary between platforms, the following being listed below:
* [FreeBSD](deployment/freebsd.html) (coming soon)
* [Linux with Docker](deployment/linux-with-docker.html)
* [Linux without Docker](deployment/linux-without-docker.html)
* [OpenBSD](deployment/openbsd.html)
How to request SSL/TLS certificates and such won't be covered by this guide.

Loading…
Cancel
Save