logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

relayd.conf (3499B)

    

  1. #
  2. # Default relayd.conf file for Pleroma on OpenBSD
  3. # Simple installation instructions:
  4. # 1. Place in /etc
  5. # 2. Replace <ipaddr> with your public IPv4 address
  6. # 3. If using IPv6, uncomment IPv6 lines and replace <ip6addr> with your public IPv6 address
  7. # 4. Replace all occurrences of example.tld with your instance's domain
  8. # 5. Check file using 'doas relayd -n'
  9. # 6. Reload/start relayd
  10. #      # doas rcctl enable relayd
  11. #      # doas rcctl start relayd
  12. #
  14. ext_inet="<ipaddr>"
  15. #ext_inet6="<ip6addr>"
  17. table <pleroma_server> { 127.0.0.1 }
  19. # Uncomment when you want to serve other services than Pleroma.
  20. # In this example tables are used only as way to differentiate between Pleroma and other services.
  21. # Feel free to rename "httpd_server" everywhere to fit your setup.
  22. #table <httpd_server> { 127.0.0.1 }
  24. http protocol pleroma { # Protocol for upstream Pleroma server
  25.     #tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit
  26.     tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
  27.     tls ecdhe "X25519,P-256,P-384,secp521r1" # relayd default+secp521r1
  29.     return error
  31.     # When serving multiple services with different certificates, specify multiple "tls keypair" keywords
  32.     # and add forwards to those services before the block keyword near the bottom of the protocol and relay configurations.
  33.     # The string in quotes must match the fullchain certificate file created by acme-client without the extension.
  34.     # For example:
  35.     # tls keypair "pleroma.example.tld"
  36.     # tls keypair "example.tld"
  37.     tls keypair "example.tld"
  39.     match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
  40.     match request header append "Connection" value "upgrade"
  42.     # When hosting Pleroma on a subdomain, replace example.tld accordingly (not the base domain).
  43.     # From the above example, "example.tld" should be replaced with "pleroma.example.tld" instead.
  44.     pass request quick header "Host" value "example.tld" forward to <pleroma_server>
  46.     # Uncomment when serving media uploads on a different (sub)domain.
  47.     # Keep media proxy disabled, as it will NOT work under relayd/httpd. If you want to also setup media proxy, use nginx instead.
  48.     #pass request quick header "Host" value "media.example.tld" forward to <pleroma_server>
  50.     # When serving multiple services, add the forwards here.
  51.     # Example:
  52.     #pass request quick header "Host" value "example.tld" forward to <httpd_server>
  54.     block
  55. }
  57. relay wwwtls {
  58.     listen on $ext_inet port https tls # Comment to disable listening on IPv4
  60.     protocol pleroma
  62.     forward to <pleroma_server> port 4000 check tcp timeout 500 # Adjust timeout accordingly when relayd returns 502 while Pleroma is running without problems.
  64.     # When serving multiple services, add the forwards here.
  65.     # Example:
  66.     #forward to <httpd_server> port 8080
  67. }
  69. # Uncomment relay block to enable IPv6
  70. #relay wwwtls6 {
  71. #    listen on $ext_inet6 port https tls
  73. #    protocol pleroma
  75. #    forward to <pleroma_server> port 4000 check tcp timeout 500 # Adjust timeout accordingly when relayd returns 502 while Pleroma is running without problems.
  77. #    # When serving multiple services, add the forwards here.
  78. #    # Example:
  79. #    #forward to <httpd_server> port 8080
  80. #}