Update/add OpenBSD config files

1 files changed, 44 insertions, 0 deletions

diff --git a/installation/openbsd/relayd.conf b/installation/openbsd/relayd.conf
new file mode 100644
index 000000000..31c2c1129
--- /dev/null
+++ b/installation/openbsd/relayd.conf
@@ -0,0 +1,44 @@
+#
+# Default relayd.conf file for Pleroma on OpenBSD
+# Simple installation instructions:
+# 1. Place in /etc
+# 2. Replace <ipaddr> with your public IPv4 address
+# 3. If using IPv6i, uncomment IPv6 lines and replace <ip6addr> with your public IPv6 address
+# 4. Check file using 'doas relayd -n'
+# 5. Reload/start relayd
+#      # doas rcctl enable relayd
+#      # doas rcctl start relayd
+#
+
+ext_inet="<ipaddr>"
+#ext_inet6="<ip6addr>"
+
+table <pleroma_server> { 127.0.0.1 }
+table <httpd_server> { 127.0.0.1 }
+
+http protocol plerup { # Protocol for upstream pleroma server
+    #tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit
+    tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA0-POLY1305"
+    tls ecdhe secp384r1
+
+    # Forward some paths to the local server (as pleroma won't respond to them as you might want)
+    pass request quick path "/robots.txt" forward to <httpd_server>
+
+    # Append a bunch of headers
+    match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictl required by pleroma but adding them won't hurt
+    match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
+
+    match request header append "Connection" value "upgrade"
+
+}
+
+relay wwwtls {
+    listen on $ext_inet port https tls # Comment to disable listening on IPv4
+#    listen on $ext_inet6 port https tls # Comment to disable listening on IPv6
+
+    protocol plerup
+
+    forward to <pleroma_server> port 4000 check http "/" code 200
+    forward to <httpd_server> port 80 check http "/robots.txt" code 200
+}
+