Summary
OpenBSD httpd
OpenBSD has its own web server called “httpd”.
To be frank, it seems to have less conf examples and tutorials. Therefore, some might think it more difficult.
It’s, however, simple and minimal with clearly licensed, robust and secure, and thus, to my feelings, it’s beautiful. Also, it becomes more powerful with relayd.
Environment
- OS: OpenBSD 7.0 amd64
Historical backgrounds
It’s possible on OpenBSD to install Nginx, Apache (called “apache-httpd”) and Lighttpd.
They are unsupported officially partially because of historical backgrounds. Nginx disappeared from the official repository at the end of 5.6 release in 2015. OpenBSD httpd was added then. Besides, It’s also possible to install Caddy web server manually.
Tutorial
Prepare a configuration file
httpd.conf is required in order to activate httpd service.
The default path is /etc/httpd.conf .
Prepare /etc/httpd.conf
You can make its conf file by copying a file in /etc/examples:
$ doas cp -p /etc/examples/httpd.conf /etc/
Alternatively, of course, it’s OK to create it manually:
# # Fish shell:
# if not test -e /etc/httpd.conf; \
touch /etc/httpd.conf; \
end
Edit /etc/httpd.conf
The original conf file is like this
# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $
# [ GLOBAL CONFIGURATION ]
# none
# [ TYPES ]
types {
include "/usr/share/misc/mime.types"
}
# [ SERVERS ]
server "example.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
server "example.com" {
listen on * tls port 443
tls {
certificate "/etc/ssl/example.com.fullchain.pem"
key "/etc/ssl/private/example.com.key"
}
location "/pub/*" {
directory auto index
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
}
(caution) root property in “SERVERS” section means the directories under /var/www . The official document mentions in GLOBAL CONFIGURATION section:
chroot directory Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.
Now you can modify the conf file to build server as you want:
$ doas nvim /etc/httpd.con
Additional server definitions may be like these:
server "www.https-example.domain" {
alias "https-example.domain"
listen on * port 80
listen on * tls port 443
tls {
key "/etc/ssl/private/www.https-example.domain.key"
certificate "/etc/ssl/www.https-example.domain.crt"
}
root "/htdocs/www.https-example.domain"
}
server "www.fastcgi-tcp-example.domain" {
alias "fastcgi-example.domain"
listen on * port 80
fastcgi socket tcp 127.0.0.1 8080
}
server "www.fastcgi-unix-socket-example.domain" {
alias "fastcgi-example.domain"
listen on * port 80
fastcgi socket "/run/example/unix_socket.sock"
}
The official document is here .
Make index.html for testing
# mkdir -p /var/www/htdocs/www.https-example.domain
# # if necessary:
# #chown www:www /var/www/htdocs/www.https-example.domain
$ echo "Hello, world. from OpenBSD httpd" > /var/www/www.https-example.domain/index.html
Activate httpd service
Enable httpd:
# rcctl enable httpd
* note: This time /etc/rc.conf.local is created like this:
# cat /etc/rc.conf.local
httpd_flags=
Then start it:
# rcctl start httpd
httpd(ok)
* note: Under the default setting: httpd_flags=NO, # rcctl -f start httpd can start httpd forcely.
Test if the server is listening
$ curl localhost:80
Hello, world. from OpenBSD httpd
Conclusion
You can add more servers with /etc/httpd.conf. It will require reloading the daemon with:
$ doas rcctl restart httpd
httpd(ok)
httpd(ok)
Thank you very much for your reading. Happy serving 🕊