diff options
| author | marcin mikołajczak <git@mkljczk.pl> | 2024-01-31 22:19:33 +0100 |
|---|---|---|
| committer | marcin mikołajczak <git@mkljczk.pl> | 2024-01-31 22:19:33 +0100 |
| commit | 226e53fdd73e95483efec08d11f6fae217b68f45 (patch) | |
| tree | de3c09b6d5c625d41db8ef6fa54de74f642c2363 /docs/installation/openbsd_en.md | |
| parent | 9363ef53a34c9d96191bccaece76dd4e01f493b6 (diff) | |
| parent | 3b9d991514e53ad8f442ffc674dd9b1422fdc415 (diff) | |
| download | pleroma-226e53fdd73e95483efec08d11f6fae217b68f45.tar.gz pleroma-226e53fdd73e95483efec08d11f6fae217b68f45.zip | |
Merge remote-tracking branch 'origin/develop' into status-notification-type
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
Diffstat (limited to 'docs/installation/openbsd_en.md')
| -rw-r--r-- | docs/installation/openbsd_en.md | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/docs/installation/openbsd_en.md b/docs/installation/openbsd_en.md index c80c8f678..e58e144d2 100644 --- a/docs/installation/openbsd_en.md +++ b/docs/installation/openbsd_en.md @@ -62,7 +62,7 @@ rcctl start postgresql To check that it started properly and didn't fail right after starting, you can run `ps aux | grep postgres`, there should be multiple lines of output. #### httpd -httpd will have three fuctions: +httpd will have three functions: * redirect requests trying to reach the instance over http to the https URL * serve a robots.txt file @@ -195,6 +195,10 @@ rcctl enable relayd rcctl start relayd ``` +##### (Strongly recommended) serve media on another domain + +Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors. + #### pf Enabling and configuring pf is highly recommended. In /etc/pf.conf, insert the following configuration: @@ -221,7 +225,7 @@ pass in quick on $if inet6 proto icmp6 to ($if) icmp6-type { echoreq unreach par pass in quick on $if proto tcp to ($if) port { http https } # relayd/httpd pass in quick on $if proto tcp from $authorized_ssh_clients to ($if) port ssh ``` -Replace *<network interface\>* by your server's network interface name (which you can get with ifconfig). Consider replacing the content of the authorized\_ssh\_clients macro by, for exemple, your home IP address, to avoid SSH connection attempts from bots. +Replace *<network interface\>* by your server's network interface name (which you can get with ifconfig). Consider replacing the content of the authorized\_ssh\_clients macro by, for example, your home IP address, to avoid SSH connection attempts from bots. Check pf's configuration by running `pfctl -nf /etc/pf.conf`, load it with `pfctl -f /etc/pf.conf` and enable pf at boot with `rcctl enable pf`. |