Subtle breaking changes (#17)

This is mainly to facilitate accessiblity of the deployment documentation.

Co-authored-by: Aoi K <admin@kyoko-project.wer.ee>
Reviewed-on: #17
Reviewed-by: James Mills <james@mills.io>
Co-authored-by: Aoi Koizumi (古泉 あおい) <novaburst@noreply@mills.io>
Co-committed-by: Aoi Koizumi (古泉 あおい) <novaburst@noreply@mills.io>

deployment/linux-with-docker.md

@@ -0,0 +1,56 @@
+---
+title: Deployment on Linux w/ Docker
+---
+
+# Deployment on Linux with Docker
+
+## Requirements
+* A VPS or VM publically accessible
+* A domain name
+* DNS hosted on Cloudflare
+* A cup of coffee (or your favourite beverage)
+
+## DNS Setup
+* Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
+* Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
+* Visit Cloudflare panel and point `salty.yourdomain.com` to the public-routable IP address of your system, ensure proxy is checked.
+* Grab your API key from the Cloudflare interface, you'll need this shortly.
+* Add an SRV record for Salty service discovery
+  * Type: `SRV`
+  * Name: `yourdomain.com`
+  * Service: `_salty`
+  * Protocol: `TCP`
+  * TTL: `3600` (One hour)
+  * Priority: `0` (highest)
+  * Weight: `0`
+  * Port: `443`
+  * Target: `salty.yourdomain.com`
+* And another for Salty avatar discovery
+  * Type: `SRV`
+  * Name: `yourdomain.com`
+  * Service: `_avatars`
+  * Protocol: `TCP`
+  * TTL: `3600` (One hour)
+  * Priority: `0` (highest)
+  * Weight: `0`
+  * Port: `443`
+  * Target: `salty.yourdomain.com`
+* Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
+
+## Infrastructure Setup
+* Install docker on your VPS/VM.
+* Create an operator user with `wheel` or `sudo` group as well as `docker` group.
+* Run: `docker swarm init`, you've now created a single node Docker Swarm cluster.
+* Run: `docker network create -d overlay traefik`, this will create the network needed for Traefik and Salty to communicate.
+* Run: `docker stack deploy -c traefik.yml traefik`, this will deploy the traefik stack.
+* Give Traefik a few minutes to warm up. Tail the logs with `docker logs -f traefik_traefik.1.someid` to ensure there are no errors
+* Run: `docker stack deploy -c salty.yml salty`
+* Run: `watch docker stack ps salty --no-trunc` to ensure the stack comes up and reaches running state
+* Run: `docker logs -f salty_salty.1.someid` to verify the service is up
+* If there are no issues, you should be able to visit `https://salty.yourdomain.com` and view the PWA
+* Grab another cup
+
+You will find example Docker Swarm stacks (docker-compose yaml) in [stacks](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/stacks)
+
+* [salty.yml](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/stacks/salty.yml)
+* [traefik.yml](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/stacks/traefik.yml)

deployment/linux-without-docker.md

@@ -0,0 +1,87 @@
+---
+title: Deployment on Linux w/o Docker
+---
+
+# Deployment on Linux without Docker
+
+Note: this guide is based on [Alpine Linux](https://alpinelinux.org) setups, but you may use them for other distributions as well.
+
+## Requirements
+* A VPS or VM publically accessible
+* A domain name
+* DNS hosted on Cloudflare (or your preferred registrar)
+* The [Go](https://go.dev) toolchain
+* A cup of your favourite beverage ([mine](https://kyoko-project.wer.ee/~akoizumi/) is tea :D)
+
+## DNS Setup
+* Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
+* Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
+* Visit Cloudflare panel and point `yoursalty.domain.com` to the public-routable IP address of your system, ensure proxy is checked.
+* Grab your API key from the Cloudflare interface, you'll need this shortly.
+* Add an SRV record for Salty service discovery
+  * Type: `SRV`
+  * Name: `yourdomain.com`
+  * Service: `_salty`
+  * Protocol: `TCP`
+  * TTL: `3600` (One hour)
+  * Priority: `0` (highest)
+  * Weight: `0`
+  * Port: `443`
+  * Target: `salty.yourdomain.com`
+* And another for Salty avatar discovery
+  * Type: `SRV`
+  * Name: `yourdomain.com`
+  * Service: `_avatars`
+  * Protocol: `TCP`
+  * TTL: `3600` (One hour)
+  * Priority: `0` (highest)
+  * Weight: `0`
+  * Port: `443`
+  * Target: `salty.yourdomain.com`
+* Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
+
+## Infrastructure Setup
+* Run: `apk add go nginx` to install the web server/reverse proxy and the toolchain
+* Use the following snippet and then add it to `nginx`'s configuration file:
+
+```
+server {
+	listen 80;
+	listen [::]:80;
+	server_name salty.yourdomain.com;
+	
+	return 301 https://$host$request_url;
+}
+
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name salty.yourdomain.com;
+	
+	ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
+	ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
+	
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+	}
+}
+```
+* Run: `go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest` to install the broker/webapp, ideally as its own user (i.e. `_salty`)
+* Use the following snippet for OpenRC:
+
+```
+#!/sbin/openrc-run
+
+depend() {
+	need net
+	use dns
+}
+
+command="/path/to/saltyd"
+command_args="--base-url salty.yourdomain.com --bind 0.0.0.0:8000 --primary-domain yourdomain.com --store bitcask://path/to/saltyd_directory/saltyim.db --data /path/to/saltyd_directory/data"
+command_background=true
+command_user="_salty:_salty"
+procname="saltyd"
+```
+* Run: `rc-update add saltyd default` and `rc-service saltyd start` to get `saltyd` running
+* If there are no issues, you should be able to visit `https://salty.yourdomain.com` and view the PWA

deployment/openbsd.md

@@ -0,0 +1,89 @@
+---
+title: Deployment in OpenBSD
+---
+
+# Deployment in OpenBSD
+
+## Requirements
+
+* A VPS or VM publically accessible
+* A domain name
+* DNS hosted on Cloudflare (or your preferred registrar)
+* The [Go](https://go.dev) toolchain
+A cup of your favourite beverage ([mine](https://kyoko-project.wer.ee/~akoizumi/) is tea :D)
+
+## DNS Setup
+
+* Update and configure your VPS/VM how you prefer. Hardening and configuration are out of the scope for this guide.
+* Ensure ports 80 and 443 (TCP) are open via IPTables, NFTables, or UFW, however you choose to open them.
+* Visit Cloudflare panel and point yoursalty.domain.com to the public-routable IP address of your system, ensure proxy is checked.
+* Grab your API key from the Cloudflare interface, you’ll need this shortly.
+* Add an SRV record for Salty service discovery
+  * Type: `SRV`
+  * Name: `yourdomain.com`
+  * Service: `_salty`
+  * Protocol: `TCP`
+  * TTL: `3600` (One hour)
+  * Priority: `0` (highest)
+  * Weight: `0`
+  * Port: `443`
+  * Target: `salty.yourdomain.com`
+* And another for Salty avatar discovery
+  * Type: `SRV`
+  * Name: `yourdomain.com`
+  * Service: `_avatars`
+  * Protocol: `TCP`
+  * TTL: `3600` (One hour)
+  * Priority: `0` (highest)
+  * Weight: `0`
+  * Port: `443`
+  * Target: `salty.yourdomain.com`
+* Grab a coffee (or your favourite beverage) and wait a few minutes as DNS can take a bit.
+
+## Infrastructure Setup
+* Run: `pkg_add go nginx` to install the web server/reverse proxy and the toolchain
+* Use the following snippet and then add it to `nginx`'s configuration file:
+
+```nginx
+server {
+	listen 80;
+	listen [::]:80;
+	server_name salty.yourdomain.com;
+	
+	return 301 https://$host$request_url;
+}
+
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name salty.yourdomain.com;
+	
+	ssl_certificate /path/to/salty.yourdomain.com/fullchain.pem; # If you use certbot or dehydrated, use the right paths
+	ssl_certificate_key /path/to/salty.yourdomain.com/privkey.pem; # Same as above
+	
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+	}
+}
+```
+* Run: `go install go.mills.io/saltyim/saltyim/cmd/saltyd@latest` to install the broker/webapp, ideally as its own user (i.e. `_salty`)
+* Use the following snippet for `/etc/rc.d/saltyd`:
+
+```shell
+#!/bin/ksh
+daemon="/usr/local/salty/saltyd"
+daemon_user="_saltyd"
+daemon_flags="-b 0.0.0.0:8000 -d /path/to/salty/data -u https://salty.yourdomain.com -p yourdomain.com -s bitcask://path/to/salty/salty.db"
+
+. /etc/rc.d/rc.subr
+
+rc_bg=YES
+rc_reload=NO
+
+rc_cmd "$1"
+```
+
+The script has to have the execution bit set (mode 0755)
+
+* Run: `rcctl enable saltyd nginx` and `rcctl start saltyd nginx` to get `saltyd` and `nginx` running.
+* If there are no issues, you should be able to visit `https://salty.yourdomain.com` and view the PWA

instructions.md

@@ -37,4 +37,11 @@ go install go.mills.io/salty/cmd/salty-keygen@latest
 
 
 ## Server-side
-This part is covered in the [Deployment guide](https://git.mills.io/saltyim/saltyim/src/branch/master/docs/Deployment.md)
+Deployment of a `saltyd` broker may vary between platforms, the following being listed below:
+
+* [FreeBSD](deployment/freebsd.html) (coming soon)
+* [Linux with Docker](deployment/linux-with-docker.html)
+* [Linux without Docker](deployment/linux-without-docker.html)
+* [OpenBSD](deployment/openbsd.html)
+
+How to request SSL/TLS certificates and such won't be covered by this guide.