======4get on OpenBSD======
this is a guide showing how to install [[https://git.lolcat.ca/lolcat/4get/|4get]] on [[https://openbsd.org|OpenBSD]], and host it with [[https://man.openbsd.org/httpd|httpd(8)]].
=====dependencies=====
====git====
git is needed to clone the source repositories of php-apcu and 4get.
doas pkg_add git
====php====
simply install the php package. you probably want to select the latest (last listed) version when it prompts you. this will also provide php-fpm.
doas pkg_add php
**this guide will assume 8.2 as the php version. do not just copy the given commands; adjust them as needed.**
4get's php module dependencies include //mbstring//, //imagemagick//, //apcu//, and //curl//.
===mbstring===
//php-mbstring// is built into the php binaries distributed by OpenBSD.
===imagemagick===
//imagemagick//, the library itself, is provided by the package //ImageMagick//. note that imagemagick requires libraries provided by the xbase root tarball. if you did not select it during the installation process of OpenBSD, you can download it from a mirror and extract it.
the php module is provided by the pecl*-imagick package. install it for your php version.
pkg_add pecl82-imagick
===curl===
//php-curl// is provided by the php-curl package. install the latest available for your php version.
pkg_add php-curl-8.2.27
php runs in the webserver chroot (/var/www) for security. curl will look for /etc/ssl/cert.pem, a file that contains the public keys of certificate authorities so that it can verify https connections, but will be unable to find it since it is in the actual root (/).
create /var/www/etc/ssl/ and copy cert.pem into it.
mkdir -p /var/www/etc/ssl
cp /etc/ssl/cert.pem
===apcu===
//apcu// is not provided in ports system or built into php, so you must either install it through [[https://pecl.php.net/|pecl]] or compile it yourself. pecl doesn't seem to work properly and can't see apcu's required libraries (and I don't know how to make it work), so I will show to manually compile it.
as a non-root user, run the following commands.
doas pkg_add autoconf pcre2
> you will be asked to make a selection as to the version of autoconf to install. select the latest version (the last on the list). as of now, the latest version is autoconf-2.72p0. the version of autoconf installed is information you will need later.
git clone https://github.com/krakjoe/apcu
cd apcu
> now run phpize. it is provided by php. put your own autoconf version in place of 2.72.
AUTOCONF_VERSION=2.72 phpize
> now run the just-now generated ./configure script.
./configure
> there will be a lot of output, but the last line should say "creating config.h".
> installed earlier, pcre2.h is required by //apcu//, but the compiler can't find it, so we will just copy it to the source directory. (if you know how to do it properly please edit the article).
cp /usr/local/include/pcre2.h ./
> now we compile and install it.
make
doas make install
> to enable the module in php, we must modify the php configuration.
> either modify /etc/php-8.2.ini directly, OR create /etc/php-8.2/apcu.ini.
...
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
extension=apcu
...
extension=apcu
> make sure php is still working properly by running it.
php
> if you get no errors everything is probably in working order.
=====httpd.conf=====
you will need a new server block in your [[https://man.openbsd.org/httpd.conf|httpd.conf]] for 4get. for this guide, I will be using the domain [[http://search.yonderly.org|search.yonderly.org]].
server "search.yonderly.org" {
listen on egress port http
listen on egress tls port https
tls {
certificate "/etc/ssl/search.yonderly.org.crt"
key "/etc/ssl/private/search.yonderly.org.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
root "/4get"
location "/" {
request rewrite "/index.php"
fastcgi socket "/run/php-fpm.sock"
}
location match "^([^\.]+)$" {
request rewrite "/%1.php"
fastcgi socket "/run/php-fpm.sock"
}
location "/data" { block drop }
}
=====acme-client.conf=====
for tls, OpenBSD provides [[https://man.openbsd.org/acme-client|acme-client]], which allows easy creation of certificates for domains. we will use Let's Encrypt as our certificate provider.
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
domain search.yonderly.org {
domain key "/etc/ssl/private/search.yonderly.org.key"
domain full chain certificate "/etc/ssl/private/search.yonderly.org.crt"
sign with letsencrypt
}
=====4get=====
go to /var/www/ and clone 4get's repository.
cd /var/www
git clone https://git.lolcat.ca/lolcat/4get
it will now sit at /var/www/4get, accessible as /4get by httpd.
you also need to set the permissions of icons/.
chmod -R 777 ./icons/
=====finalizing=====
there are a few last steps before 4get is public.
====daemons====
if you haven't enable php*_fpm and httpd, you will need to do so.
rcctl enable php82_fpm
rcctl enable httpd
then, bring up or restart them.
rcctl restart php82_fpm
rcctl restart httpd
the website should now be accessible through http.
====acme-client====
the certificates defined in httpd.conf and acme-client.conf haven't been generated, so https is not available. acme-client needs to be run.
acme-client -v search.yonderly.org
now that the certificates are generated, restart httpd so it uses them.
rcctl restart httpd
the website should now be accessible through https.
===cronjob===
to prevent the website's certificate from becoming obsolete, it is good practice to create a cron job to check and create the certificate.
doas crontab -e
go to the bottom of the file and enter in a new line:
...
~ * * * * acme-client search.yonderly.org
this will make the system run acme-client every hour for search.yonderly.org.
{{tag>openbsd www httpd}}