Installing Mycorrhiza on OpenBSD
Mycorrhiza is an excellent wiki, and it's the same software that runs this very website! First, install it on OpenBSD by running # pkg_add mycorrhiza. You can find more details on mycorrhiza.wiki, but instead of using httpd and relayd, I'm using Nginx.
(Thank you to Solene for writing a tutorial on Nginx on OpenBSD.)
Installing Betula on OpenBSD
Betula is a bookmarking service just like Pinboard, but it's built for a single person. Just like Mycorrhiza, it's designed to be easy to deploy. It can also talk to the fediverse!
-
First, follow Betula's installation instructions to build the binary. Copy the binary from
go/bin/betulato/usr/local/bin/betula. -
Create a directory called
/var/betulawhich will hold the SQLite file. -
Run Betula when the computer starts using cron:
@reboot /usr/local/bin/betula /var/betula/links.betulaNote: Perhaps I can turn this into a package by taking inspiration from Mycorrhiza's Makefile?
Nginx configuration
http {
include mime.types;
default_type application/octet-stream;
index index.html index.htm;
...
keepalive_timeout 65;
gzip on;
server_tokens off;
# Mycorrhiza
server {
listen 443 ssl;
http2 on;
server_name jagtalon.net;
ssl_certificate /etc/ssl/jagtalon.net.crt;
ssl_certificate_key /etc/ssl/private/jagtalon.net.key;
location / {
proxy_pass http://127.0.0.1:1737;
add_header Onion-Location http://q4yjadza5ad62fie7jx36vcrpyqzjjafo2bbrxkbcaufevrhhkhey6ad.onion$request_uri;
}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
}
# Betula
server {
listen 443 ssl;
http2 on;
server_name links.jagtalon.net;
ssl_certificate /etc/ssl/jagtalon.net.crt;
ssl_certificate_key /etc/ssl/private/jagtalon.net.key;
location / {
proxy_pass http://127.0.0.1:1738;
proxy_set_header Host $host;
add_header Onion-Location http://ciyhhtxwyouczbqlganda6ndppahz5uspzha6wr5s3wa4sgvrn3i72id.onion$request_uri;
}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
}
# SSL for Mycorrhiza
server {
listen 80;
server_name jagtalon.net;
root /htdocs/;
location /.well-known/acme-challenge/ {
rewrite ^/.well-known/acme-challenge/(.*) /$1 break;
root /acme;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# SSL for Betula
server {
listen 80;
server_name links.jagtalon.net;
root /htdocs/;
location /.well-known/acme-challenge/ {
rewrite ^/.well-known/acme-challenge/(.*) /$1 break;
root /acme;
}
location / {
return 301 https://$server_name$request_uri;
}
}
}Cron for renewing SSL certificates
@daily acme-client -v jagtalon.net && rcctl restart nginx
This is the configuration that I have for /etc/acme-client.conf:
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain jagtalon.net {
alternative names { www.jagtalon.net,jagtalon.com,www.jagtalon.com,old.jagtalon.net,links.jagtalon.net }
domain key "/etc/ssl/private/jagtalon.net.key"
domain certificate "/etc/ssl/jagtalon.net.crt-bak"
domain full chain certificate "/etc/ssl/jagtalon.net.fullchain.pem"
sign with letsencrypt
}Anti-copyright. Everything is in the public domain. Feel free to copy and adapt anything on this website.