commit 9b1573bcf5206f9e3b943d1fc9e7007ca7871e9a parent a8103703f0d19927a9d8b3667644ba8b4e6e1026 Author: Overseer <overseer@lilly.qualityretro.net> Date: Tue, 15 Jan 2019 04:33:03 +0000 very rough notes Committer: Robbie D <git@robertdherb.com> Diffstat:
set-up-openbsd-server.md | | | 27 | +++++++++++++++++++++++++++ |
1 file changed, 27 insertions(+), 0 deletions(-)
diff --git a/set-up-openbsd-server.md b/set-up-openbsd-server.md @@ -0,0 +1,27 @@ +echo "https://ftp.openbsd.org/pub/OpenBSD" > /etc/installurl #Changed in 6.4? +syspatch +pkg_add vim +Add user with `adduser(8)` +Change root password +Edit /etc/ssh/sshd_config and set PermitRootLogin=no +Add mail aliases to /etc/mail/aliases +Read `man afterboot` +Read `man httpd` and `man httpd.conf`, they're very clearly written +Certbot says it doesn't work with OpenBSD, but it really totally does. +`pkg_add certbot` then `certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com` +(I prefer redirecting all www requests to the root domain) +block return 301 +`rcctl enable httpd` + +# Still to do + +Document Switch to key based auth +Read `man mail` +Add tmux.conf +restart sshd +set up pf +configure doas +Look in /usr/local/share/doc/pkg-readmes for extra documentation. (nextcloud) + + +NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. (See ntp.org)