pleroma

commit: ee25acea6d87c036d195c69430bd2e92ea56bd52
parent 79c5ca05c9956a3dbbc4faf4c71054f57622b458
Author: Phantasm <phantasm@centrum.cz>
Date:   Sun, 24 Nov 2024 23:43:55 +0100

docs openbsd: Fix nginx acme challenges, automatic certificate renewals in proper places

Diffstat:
M
docs/installation/openbsd_en.md
27
+++++++++++++++++++--------

1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/docs/installation/openbsd_en.md b/docs/installation/openbsd_en.md
@@ -121,7 +121,7 @@ In another SSH session or a tmux window, check that it is working properly by ru
 ### Configuring acme-client
 
 acme-client is used to get SSL/TLS certificates from Let's Encrypt.
-Insert the following configuration in /etc/acme-client.conf and replace `example.tld` with your domain:
+Insert the following configuration in `/etc/acme-client.conf` and replace `example.tld` with your domain:
 
 ```
 #
@@ -150,12 +150,6 @@ Check the configuration:
 # acme-client -n
 ```
 
-Add auto-renewal by adding acme-client to `/etc/weekly.local`, replace `example.tld` with your domain:
-
-```
-echo "acme-client example.tld >> /etc/weekly.local
-```
-
 ### Configuring the Web server
 
 Pleroma supports two Web servers:
@@ -181,7 +175,8 @@ http {
         ...
         server_name example.tld; # Replace with your domain
 
-        location ~ /.well-known/acme-challenge {
+        location /.well-known/acme-challenge {
+            rewrite ^/.well-known/acme-challenge/(.*) /$1 break;
             root /var/www/acme;
         }
     }
@@ -195,6 +190,12 @@ Start the nginx service and acquire certificates:
 # acme-client example.tld
 ```
 
+Add certificate auto-renewal by adding acme-client to `/etc/weekly.local`, replace `example.tld` with your domain:
+
+```
+# echo "acme-client example.tld && rcctl reload nginx" >> /etc/weekly.local
+```
+
 OpenBSD's default nginx configuration does not contain an include directive, which is typically used for multiple sites.
 Therefore, you will need to first create the required directory as follows:
 
@@ -246,6 +247,8 @@ If the configuration is correct, you can now enable and reload the nginx service
 
 #### httpd
 
+***Skip this section when using nginx***
+
 httpd will have two functions:
 
   * redirect requests trying to reach the instance over http to the https URL
@@ -275,6 +278,8 @@ If the configuration is correct, enable and start the `httpd` service:
 
 #### relayd
 
+***Skip this section when using nginx***
+
 relayd will be used as the reverse proxy sitting in front of pleroma.
 
 As root, copy `/home/_pleroma/pleroma/installation/openbsd/relayd.conf` to `/etc/relayd.conf`, or modify the existing one.
@@ -299,6 +304,12 @@ If the configuration is correct, enable and start the `relayd` service:
 # rcctl start relayd
 ```
 
+Add certificate auto-renewal by adding acme-client to `/etc/weekly.local`, replace `example.tld` with your domain:
+
+```
+# echo "acme-client example.tld && rcctl reload relayd" >> /etc/weekly.local
+```
+
 #### (Strongly recommended) serve media on another domain
 
 Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.