Installing Mycorrhiza on OpenBSD
Mycorrhiza is an excellent wiki, and it's the same software that runs this very website! First, install it on OpenBSD by running # pkg_add mycorrhiza
. You can find more details on mycorrhiza.wiki, but instead of using httpd
and relayd
, I'm using Nginx.
(Thank you to Solene for writing a tutorial on Nginx on OpenBSD.)
Installing Betula on OpenBSD
Betula is a bookmarking service just like Pinboard, but it's built for a single person. Just like Mycorrhiza, it's designed to be easy to deploy. It can also talk to the fediverse!
-
First, follow Betula's installation instructions to build the binary. Copy the binary from
go/bin/betula
to/usr/local/bin/betula
. -
Create a directory called
/var/betula
which will hold the SQLite file. -
Run Betula when the computer starts using cron:
@reboot /usr/local/bin/betula /var/betula/links.betula
Note: Perhaps I can turn this into a package by taking inspiration from Mycorrhiza's Makefile?
Nginx configuration
http {
include mime.types;
default_type application/octet-stream;
index index.html index.htm;
...
keepalive_timeout 65;
gzip on;
server_tokens off;
# Mycorrhiza
server {
listen 443 ssl;
http2 on;
server_name jagtalon.net;
ssl_certificate /etc/ssl/jagtalon.net.crt;
ssl_certificate_key /etc/ssl/private/jagtalon.net.key;
location / {
proxy_pass http://127.0.0.1:1737;
add_header Onion-Location http://q4yjadza5ad62fie7jx36vcrpyqzjjafo2bbrxkbcaufevrhhkhey6ad.onion$request_uri;
}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
}
# Betula
server {
listen 443 ssl;
http2 on;
server_name links.jagtalon.net;
ssl_certificate /etc/ssl/jagtalon.net.crt;
ssl_certificate_key /etc/ssl/private/jagtalon.net.key;
location / {
proxy_pass http://127.0.0.1:1738;
proxy_set_header Host $host;
add_header Onion-Location http://ciyhhtxwyouczbqlganda6ndppahz5uspzha6wr5s3wa4sgvrn3i72id.onion$request_uri;
}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
}
# Durian
server {
listen 443 ssl;
http2 on;
server_name durian-distro.org;
root /var/www/htdocs/durian-distro.org;
add_header Onion-Location http://j3rcq2et2mbop4ftzgvcu4pt2wjoij7nyhvnhehe36ge4hebxkhvunyd.onion$request_uri;
ssl_certificate /etc/ssl/jagtalon.net.crt;
ssl_certificate_key /etc/ssl/private/jagtalon.net.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
}
server {
listen 80;
server_name localhost;
root /var/www/htdocs/durian-distro.org;
}
# SSL for Mycorrhiza
server {
listen 80;
server_name jagtalon.net;
location /.well-known/acme-challenge/ {
rewrite ^/.well-known/acme-challenge/(.*) /$1 break;
root /acme;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# SSL for Betula
server {
listen 80;
server_name links.jagtalon.net;
location /.well-known/acme-challenge/ {
rewrite ^/.well-known/acme-challenge/(.*) /$1 break;
root /acme;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# SSL for Durian
server {
listen 80;
server_name durian-distro.org;
location /.well-known/acme-challenge/ {
rewrite ^/.well-known/acme-challenge/(.*) /$1 break;
root /acme;
}
location / {
return 301 https://$server_name$request_uri;
}
}
}
Cron for renewing SSL certificates
@daily acme-client -v jagtalon.net && ln -fs /etc/ssl/jagtalon.net.fullchain.pem /etc/ssl/jagtalon.net.crt && rcctl restart nginx
This is the configuration that I have for /etc/acme-client.conf
:
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain jagtalon.net {
alternative names { www.jagtalon.net,jagtalon.com,www.jagtalon.com,links.jagtalon.net,durian-distro.org }
domain key "/etc/ssl/private/jagtalon.net.key"
domain certificate "/etc/ssl/jagtalon.net.crt"
domain full chain certificate "/etc/ssl/jagtalon.net.fullchain.pem"
sign with letsencrypt
}
No copyright. This website is marked with CC0 1.0. Do whatever you the fuck you want with anything in here. Steal, copy, distribute, modify, even sell the contents of this website.
-
Mastodon: @jag@weirder.earth and @durian@ni.hil.ist
-
Contact: jag@aangat.lahat.computer
-
Donations: Ko-Fi
-
Photos: Flickr
-
Zines and masks: Durian Distro
-
Bookmarks: Bookmarks