why- Open BSD .rocks

Configuration syntax (∞)

All OpenBSD daemons config files follow a certain scheme. scheme is similar to pf. Even though there is no clear specification, the unified and readable syntax and vocabulary make OpenBSDs daemons easy to understand.

acme-client.conf

domain why-openbsd.rocks {
  domain key "/etc/ssl/private/why-openbsd.rocks.key"
  domain certificate "/etc/ssl/why-openbsd.rocks.crt"
  domain full chain certificate "/etc/ssl/why-openbsd.rocks.pem"
  challengedir "/var/www/htdocs/challenges/"
  sign with letsencrypt
}

relayd.conf

http protocol https {
	match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
	match request header append "X-Forwarded-By" \
	    value "$SERVER_ADDR:$SERVER_PORT"
	match request header set "Connection" value "close"

	# Various TCP options
	tcp { sack, backlog 128 }

 	tls { no tlsv1.0, ciphers HIGH }
#	tls no session tickets
}

Details: