From b31a934a804aed3f35442ceafe2080b0955e7317 Mon Sep 17 00:00:00 2001 From: dcc Date: Wed, 15 May 2024 00:57:23 -0700 Subject: total rebase --- docs/installation/openbsd_en.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) mode change 100755 => 100644 docs/installation/openbsd_en.md (limited to 'docs/installation/openbsd_en.md') diff --git a/docs/installation/openbsd_en.md b/docs/installation/openbsd_en.md old mode 100755 new mode 100644 index c80c8f6..e58e144 --- a/docs/installation/openbsd_en.md +++ b/docs/installation/openbsd_en.md @@ -62,7 +62,7 @@ rcctl start postgresql To check that it started properly and didn't fail right after starting, you can run `ps aux | grep postgres`, there should be multiple lines of output. #### httpd -httpd will have three fuctions: +httpd will have three functions: * redirect requests trying to reach the instance over http to the https URL * serve a robots.txt file @@ -195,6 +195,10 @@ rcctl enable relayd rcctl start relayd ``` +##### (Strongly recommended) serve media on another domain + +Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors. + #### pf Enabling and configuring pf is highly recommended. In /etc/pf.conf, insert the following configuration: @@ -221,7 +225,7 @@ pass in quick on $if inet6 proto icmp6 to ($if) icmp6-type { echoreq unreach par pass in quick on $if proto tcp to ($if) port { http https } # relayd/httpd pass in quick on $if proto tcp from $authorized_ssh_clients to ($if) port ssh ``` -Replace ** by your server's network interface name (which you can get with ifconfig). Consider replacing the content of the authorized\_ssh\_clients macro by, for exemple, your home IP address, to avoid SSH connection attempts from bots. +Replace ** by your server's network interface name (which you can get with ifconfig). Consider replacing the content of the authorized\_ssh\_clients macro by, for example, your home IP address, to avoid SSH connection attempts from bots. Check pf's configuration by running `pfctl -nf /etc/pf.conf`, load it with `pfctl -f /etc/pf.conf` and enable pf at boot with `rcctl enable pf`. -- cgit v1.2.3