💾 Archived View for jagtalon.net › server-config.gmi captured on 2024-02-05 at 09:28:28. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

Home

OpenBSD Server Config

I'm slowly learning how to run and manage my servers. Here are the configurations that I'm using right now on this machine. It's mostly a reference for myself in case I forget anything.

Gemini Server: /etc/gmid.conf

Manual

$ cat /etc/gmid.conf                                                                                                                     
user "_gmid"
chroot "/var/gemini"

types {
        include "/usr/share/misc/mime.types"
}

# https://gmid.omarpolo.com/quickstart.html

server "jagtalon.net" {
	cert "/etc/ssl/jagtalon.net.fullchain.pem"
	key  "/etc/ssl/private/jagtalon.net.key"
	root "/website-gmi"
}

server "jagtalon.com" {
	cert "/etc/ssl/jagtalon.net.fullchain.pem"
	key  "/etc/ssl/private/jagtalon.net.key"
	root "/website-gmi"
}

server "ofdi7adzugxpr2sm6hebzvyj653ya2yqxtvq4mgdcwts2bs2n72tf2yd.onion" {
	cert "/etc/ssl/ofdi7adzugxpr2sm6hebzvyj653ya2yqxtvq4mgdcwts2bs2n72tf2yd.onion.pem"
	key  "/etc/ssl/private/ofdi7adzugxpr2sm6hebzvyj653ya2yqxtvq4mgdcwts2bs2n72tf2yd.onion.key"
	root "/website-gmi"
}

IRC bouncer: ~/.config/pounce/oftc.conf

Manual

$ cat /home/jag/.config/pounce/oftc.conf                                                                                
# Name of this server
local-host = hello.jagtalon.net

# We're connecting to OFTC
host = irc.oftc.net

# Authentication for people connecting to this server
# See https://git.causal.agency/pounce/about/pounce.1#Generating_Client_Certificates
local-pass = REDACTED

# Authentication for connecting to OFTC
client-cert = /home/jag/client.pem
nick = jagtalon

httpd service: /etc/httpd.conf

Manual

$ cat /etc/httpd.conf                                                                                                   
types {
	include "/usr/share/misc/mime.types"
}

# ONION SERVICE
# This is the hidden service that you're currently reading this on.
# Content lives in /htdocs/website and this waits for connections from Tor (127.0.0.1)
server "onion" {
	listen on 127.0.0.1 port 80
	root "/htdocs/website"
	directory auto index
}

# JAGTALON.COM
# Any connection to jagtalon.com or www.jagtalon.com is redirected to jagtalon.net
server "jagtalon.com" {
	listen on * port 80
	alias "www.jagtalon.com"
	location * {
		block return 302 "https://jagtalon.net$REQUEST_URI"
	}
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

server "jagtalon.com" {
	listen on * tls port 443
	alias "www.jagtalon.com"
	tls {
		certificate "/etc/ssl/jagtalon.net.fullchain.pem"
		key "/etc/ssl/private/jagtalon.net.key"
	}
	location * {
		block return 302 "https://jagtalon.net$REQUEST_URI"
	}
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

# JAGTALON.NET
# Any requests for jagtalon.net will be served content stored in /htdocs/jagtalon.com
# (I know, it's confusing.)
server "jagtalon.net" {
	listen on * port 80
	alias "www.jagtalon.net"
	location * {
		block return 302 "https://jagtalon.net$REQUEST_URI"
	}
	
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

server "jagtalon.net" {
	listen on * tls port 443
	alias "www.jagtalon.net"
	tls {
		certificate "/etc/ssl/jagtalon.net.fullchain.pem"
		key "/etc/ssl/private/jagtalon.net.key"
	}
	root "/htdocs/jagtalon.com"
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

Tor service: /etc/tor/torrc

Manual

$ cat /etc/tor/torrc

# ONION SERVICE
# Listen on port 80 and forward the traffic to 127.0.0.1:80.
HiddenServiceDir /var/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 1965 127.0.0.1:1965

# TOR RELAY
# Tor relay configuration. This sets up a guard/middle relay.
Nickname      jagtalon
ContactInfo   jag@aangat.lahat.computer
ORPort        9001
ExitRelay     0
SocksPort     0
Log notice    syslog
DataDirectory /var/tor
User          _tor
RunAsDaemon   1

ControlPort 9051
CookieAuthentication 1
DisableDebuggerAttachment 0

MyFamily CFCDF9E03DCEBB3028E8BD61E5CB5534D6D659D7,5BC56646F05946B893CEA284E62B1FFF70CF99F1,5589C16812A8E9C5BF1EB25EEC8060B877E24F56

Contact

jag@aangat.lahat.computer

@jag@weirder.earth