wiki.yonderly.org

User Tools

Site Tools

Trace: 4get_openbsd
4get_openbsd

Table of Contents

4get on OpenBSD

this is a guide showing how to install 4get on OpenBSD, and host it with httpd(8).

dependencies

git

git is needed to clone the source repositories of php-apcu and 4get. 

doas pkg_add git

php

simply install the php package. you probably want to select the latest (last listed) version when it prompts you. this will also provide php-fpm. 

doas pkg_add php

this guide will assume 8.2 as the php version. do not just copy the given commands; adjust them as needed.

4get's php module dependencies include mbstring, imagemagick, apcu, and curl.

mbstring

php-mbstring is built into the php binaries distributed by OpenBSD.

imagemagick

imagemagick, the library itself, is provided by the package ImageMagick. note that imagemagick requires libraries provided by the xbase root tarball. if you did not select it during the installation process of OpenBSD, you can download it from a mirror and extract it.

the php module is provided by the pecl*-imagick package. install it for your php version. 

pkg_add pecl82-imagick

curl

php-curl is provided by the php-curl package. install the latest available for your php version. 

pkg_add php-curl-8.2.27

php runs in the webserver chroot (/var/www) for security. curl will look for /etc/ssl/cert.pem, a file that contains the public keys of certificate authorities so that it can verify https connections, but will be unable to find it since it is in the actual root (/).

create /var/www/etc/ssl/ and copy cert.pem into it. 

mkdir -p /var/www/etc/ssl
cp /etc/ssl/cert.pem

apcu

apcu is not provided in ports system or built into php, so you must either install it through pecl or compile it yourself. pecl doesn't seem to work properly and can't see apcu's required libraries (and I don't know how to make it work), so I will show to manually compile it.

as a non-root user, run the following commands. 

doas pkg_add autoconf pcre2
you will be asked to make a selection as to the version of autoconf to install. select the latest version (the last on the list). as of now, the latest version is autoconf-2.72p0. the version of autoconf installed is information you will need later. 
git clone https://github.com/krakjoe/apcu
cd apcu
now run phpize. it is provided by php. put your own autoconf version in place of 2.72.
AUTOCONF_VERSION=2.72 phpize
now run the just-now generated ./configure script.
./configure
there will be a lot of output, but the last line should say “creating config.h”.
installed earlier, pcre2.h is required by apcu, but the compiler can't find it, so we will just copy it to the source directory. (if you know how to do it properly please edit the article).
cp /usr/local/include/pcre2.h ./
now we compile and install it. 
make
doas make install
to enable the module in php, we must modify the php configuration.
either modify /etc/php-8.2.ini directly, OR create /etc/php-8.2/apcu.ini.
/etc/php-8.2.ini
...
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
extension=apcu
...
/etc/php-8.2/apcu.ini
extension=apcu
make sure php is still working properly by running it.
php
if you get no errors everything is probably in working order.

httpd.conf

you will need a new server block in your httpd.conf for 4get. for this guide, I will be using the domain search.yonderly.org.

bash
server "search.yonderly.org" {
 listen on egress port http
 listen on egress tls port https
 
 tls {
  certificate "/etc/ssl/search.yonderly.org.crt"
  key "/etc/ssl/private/search.yonderly.org.key"
 }
 
 location "/.well-known/acme-challenge/*" {
  root "/acme"
  request strip 2
 }
 
 root "/4get"
 
 location "/" {
  request rewrite "/index.php"
 
  fastcgi socket "/run/php-fpm.sock"
 }
 location match "^([^\.]+)$" {
  request rewrite "/%1.php"
 
  fastcgi socket "/run/php-fpm.sock"
 }
 
 location "/data" { block drop }
}

acme-client.conf

for tls, OpenBSD provides acme-client, which allows easy creation of certificates for domains. we will use Let's Encrypt as our certificate provider.

/etc/acme-client.conf
authority letsencrypt {
 api url "https://acme-v02.api.letsencrypt.org/directory"
 account key "/etc/acme/letsencrypt-privkey.pem"
}
domain search.yonderly.org {
 domain key "/etc/ssl/private/search.yonderly.org.key"
 domain full chain certificate "/etc/ssl/private/search.yonderly.org.crt"
 sign with letsencrypt
}

4get

go to /var/www/ and clone 4get's repository. 

cd /var/www
git clone https://git.lolcat.ca/lolcat/4get

it will now sit at /var/www/4get, accessible as /4get by httpd.

you also need to set the permissions of icons/. 

chmod -R 777 ./icons/

finalizing

there are a few last steps before 4get is public.

daemons

if you haven't enable php*_fpm and httpd, you will need to do so. 

rcctl enable php82_fpm
rcctl enable httpd

then, bring up or restart them. 

rcctl restart php82_fpm
rcctl restart httpd

the website should now be accessible through http.

acme-client

the certificates defined in httpd.conf and acme-client.conf haven't been generated, so https is not available. acme-client needs to be run. 

acme-client -v search.yonderly.org

now that the certificates are generated, restart httpd so it uses them. 

rcctl restart httpd

the website should now be accessible through https.

cronjob

to prevent the website's certificate from becoming obsolete, it is good practice to create a cron job to check and create the certificate. 

doas crontab -e

go to the bottom of the file and enter in a new line:

crontab
...
~  *  *  *  *  acme-client search.yonderly.org

this will make the system run acme-client every hour for search.yonderly.org.

, ,
4get_openbsd.txt · Last modified: 2025/04/20 11:34 by ethan
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki