Differences

This shows you the differences between two versions of the page.

--- 4get_openbsd [2025/02/09 03:45] – ethan
+++ 4get_openbsd [2025/04/20 11:34] (current) – ethan
@@ Line 1: / Line 1: @@
 ======4get on OpenBSD======
-this is a guide showing how to install [[https://git.lolcat.ca/lolcat/4get/|4get]] on [[OpenBSD]], and host it with [[https://man.openbsd.org/httpd|httpd(8)]].
+this is a guide showing how to install [[https://git.lolcat.ca/lolcat/4get/|4get]] on [[https://openbsd.org|OpenBSD]], and host it with [[https://man.openbsd.org/httpd|httpd(8)]].
 =====dependencies=====
 ====git====
@@ Line 31: / Line 31: @@
 <code bash>
 pkg_add php-curl-8.2.27
+</code>
+php runs in the webserver chroot (/var/www) for security. curl will look for /etc/ssl/cert.pem, a file that contains the public keys of certificate authorities so that it can verify https connections, but will be unable to find it since it is in the actual root (/).
+create /var/www/etc/ssl/ and copy cert.pem into it.
+<code bash>
+mkdir -p /var/www/etc/ssl
+cp /etc/ssl/cert.pem
 </code>
@@ Line 85: / Line 93: @@
 <file /etc/httpd.conf bash>
 server "search.yonderly.org" {
- listen on egress port https
+ listen on egress port http
+ listen on egress tls port https
  tls {
@@ Line 127: / Line 136: @@
 }
 </file>
+=====4get=====
+go to /var/www/ and clone 4get's repository.
+<code bash>
+cd /var/www
+git clone https://git.lolcat.ca/lolcat/4get
+</code>
+it will now sit at /var/www/4get, accessible as /4get by httpd.
+you also need to set the permissions of icons/.
+<code bash>
+chmod -R 777 ./icons/
+</code>
+=====finalizing=====
+there are a few last steps before 4get is public.
+====daemons====
+if you haven't enable php*_fpm and httpd, you will need to do so.
+<code bash>
+rcctl enable php82_fpm
+rcctl enable httpd
+</code>
+then, bring up or restart them.
+<code bash>
+rcctl restart php82_fpm
+rcctl restart httpd
+</code>
+the website should now be accessible through http.
+====acme-client====
+the certificates defined in httpd.conf and acme-client.conf haven't been generated, so https is not available. acme-client needs to be run.
+<code bash>
+acme-client -v search.yonderly.org
+</code>
+now that the certificates are generated, restart httpd so it uses them.
+<code bash>
+rcctl restart httpd
+</code>
+the website should now be accessible through https.
+===cronjob===
+to prevent the website's certificate from becoming obsolete, it is good practice to create a cron job to check and create the certificate.
+<code bash>
+doas crontab -e
+</code>
+go to the bottom of the file and enter in a new line:
+<file bash crontab>
+...
+~  *  *  *  *  acme-client search.yonderly.org
+</file>
+this will make the system run acme-client every hour for search.yonderly.org.
+{{tag>openbsd www httpd}}