OpenBSD httpd 7.0: Web server

created
( modified )
@nabbisen

Summary

OpenBSD httpd

OpenBSD has its own web server called “httpd”.

To be frank, it seems to have less conf examples and tutorials. Therefore, some might think it more difficult.

It’s, however, simple and minimal with clearly licensed, robust and secure, and thus, to my feelings, it’s beautiful. Also, it becomes more powerful with relayd.

Environment

  • OS: OpenBSD 7.0 amd64

Historical backgrounds

It’s possible on OpenBSD to install Nginx, Apache (called “apache-httpd”) and Lighttpd.

They are unsupported officially partially because of historical backgrounds. Nginx disappeared from the official repository at the end of 5.6 release in 2015. OpenBSD httpd was added then. Besides, It’s also possible to install Caddy web server manually.

✿ ✿ ✿

Tutorial

Prepare a configuration file

httpd.conf is required in order to activate httpd service. The default path is /etc/httpd.conf .

Prepare /etc/httpd.conf

You can make its conf file by copying a file in /etc/examples:

$ doas cp -p /etc/examples/httpd.conf /etc/

Alternatively, of course, it’s OK to create it manually:

# # Fish shell:
# if not test -e /etc/httpd.conf; \
      touch /etc/httpd.conf; \
  end

Edit /etc/httpd.conf

The original conf file is like this

# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $

# [ GLOBAL CONFIGURATION ]
# none

# [ TYPES ]
types {
    include "/usr/share/misc/mime.types"
}

# [ SERVERS ]
server "example.com" {
        listen on * port 80
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
        location * {
                block return 302 "https://$HTTP_HOST$REQUEST_URI"
        }
}

server "example.com" {
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/example.com.fullchain.pem"
                key "/etc/ssl/private/example.com.key"
        }
        location "/pub/*" {
                directory auto index
        }
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
}

(caution) root property in “SERVERS” section means the directories under /var/www . The official document mentions in GLOBAL CONFIGURATION section:

chroot directory Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.

Now you can modify the conf file to build server as you want:

$ doas nvim /etc/httpd.con

Additional server definitions may be like these:

server "www.https-example.domain" { 
    alias "https-example.domain" 
    listen on * port 80 
    listen on * tls port 443
    tls {
        key         "/etc/ssl/private/www.https-example.domain.key"
        certificate "/etc/ssl/www.https-example.domain.crt"
    }
    root "/htdocs/www.https-example.domain" 
}

server "www.fastcgi-tcp-example.domain" {
    alias "fastcgi-example.domain"
    listen on * port 80
    fastcgi socket tcp 127.0.0.1 8080
}

server "www.fastcgi-unix-socket-example.domain" {
    alias "fastcgi-example.domain"
    listen on * port 80
    fastcgi socket "/run/example/unix_socket.sock"
}

The official document is here .

Make index.html for testing

# mkdir -p /var/www/htdocs/www.https-example.domain
# # if necessary:
# #chown www:www /var/www/htdocs/www.https-example.domain
$ echo "Hello, world. from OpenBSD httpd" > /var/www/www.https-example.domain/index.html

Activate httpd service

Enable httpd:

# rcctl enable httpd

* note: This time /etc/rc.conf.local is created like this:

# cat /etc/rc.conf.local
httpd_flags=

Then start it:

# rcctl start httpd
httpd(ok)

* note: Under the default setting: httpd_flags=NO, # rcctl -f start httpd can start httpd forcely.

Test if the server is listening

$ curl localhost:80
Hello, world. from OpenBSD httpd
✿ ✿ ✿

Conclusion

You can add more servers with /etc/httpd.conf. It will require reloading the daemon with:

$ doas rcctl restart httpd
httpd(ok)
httpd(ok)

Thank you very much for your reading. Happy serving 🕊

Series

OpenBSD httpd
  1. OpenBSD httpd 6.3: Web server
  2. OpenBSD httpd 7.0: Web server
  3. OpenBSD httpd 7.3: Web server

Comments or feedbacks are welcomed and appreciated.