OpenBSD httpd 7.0: Web server

nabbisen - Feb 18 '22 - - Dev Community

Summary

OpenBSD httpd

OpenBSD has its own web server called "httpd".

To be frank, it seems to have less conf examples and tutorials. Therefore, some might think it more difficult.

It's, however, simple and minimal with clearly licensed, robust and secure, and thus, to my feelings, it's beautiful.
Also, it becomes more powerful with relayd.

Environment

  • OS: OpenBSD 7.0 amd64

Historical backgrounds

It's possible on OpenBSD to install Nginx, Apache (called "apache-httpd") and Lighttpd.

They are unsupported officially partially because of historical backgrounds.
Nginx disappeared from the official repository at the end of 5.6 release in 2015.
OpenBSD httpd was added then.
Besides, It's also possible to install Caddy web server manually.

✿ ✿ ✿

Tutorial

Prepare a configuration file

httpd.conf is required in order to activate httpd service.
The default path is /etc/httpd.conf .

Prepare /etc/httpd.conf

You can make its conf file by copying a file in /etc/examples:

$ doas cp -p /etc/examples/httpd.conf /etc/
Enter fullscreen mode Exit fullscreen mode

Alternatively, of course, it's OK to create it manually:

# # Fish shell:
# if not test -e /etc/httpd.conf; \
      touch /etc/httpd.conf; \
  end
Enter fullscreen mode Exit fullscreen mode

Edit /etc/httpd.conf

The original conf file is like this

# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $

# [ GLOBAL CONFIGURATION ]
# none

# [ TYPES ]
types {
    include "/usr/share/misc/mime.types"
}

# [ SERVERS ]
server "example.com" {
        listen on * port 80
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
        location * {
                block return 302 "https://$HTTP_HOST$REQUEST_URI"
        }
}

server "example.com" {
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/example.com.fullchain.pem"
                key "/etc/ssl/private/example.com.key"
        }
        location "/pub/*" {
                directory auto index
        }
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
}
Enter fullscreen mode Exit fullscreen mode

(caution) root property in "SERVERS" section means the directories under /var/www . The official document mentions in GLOBAL CONFIGURATION section:

chroot directory
Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.

Now you can modify the conf file to build server as you want:

$ doas nvim /etc/httpd.con
Enter fullscreen mode Exit fullscreen mode

Additional server definitions may be like these:

server "www.https-example.domain" { 
    alias "https-example.domain" 
    listen on * port 80 
    listen on * tls port 443
    tls {
        key         "/etc/ssl/private/www.https-example.domain.key"
        certificate "/etc/ssl/www.https-example.domain.crt"
    }
    root "/htdocs/www.https-example.domain" 
}

server "www.fastcgi-tcp-example.domain" {
    alias "fastcgi-example.domain"
    listen on * port 80
    fastcgi socket tcp 127.0.0.1 8080
}

server "www.fastcgi-unix-socket-example.domain" {
    alias "fastcgi-example.domain"
    listen on * port 80
    fastcgi socket "/run/example/unix_socket.sock"
}
Enter fullscreen mode Exit fullscreen mode

The official document is here .

Make index.html for testing

# mkdir -p /var/www/htdocs/www.https-example.domain
# # if necessary:
# #chown www:www /var/www/htdocs/www.https-example.domain
$ echo "Hello, world. from OpenBSD httpd" > /var/www/www.https-example.domain/index.html
Enter fullscreen mode Exit fullscreen mode

Activate httpd service

Enable httpd:

# rcctl enable httpd
Enter fullscreen mode Exit fullscreen mode

* note: This time /etc/rc.conf.local is created like this:

# cat /etc/rc.conf.local
httpd_flags=
Enter fullscreen mode Exit fullscreen mode

Then start it:

# rcctl start httpd
httpd(ok)
Enter fullscreen mode Exit fullscreen mode

* note: Under the default setting: httpd_flags=NO, # rcctl -f start httpd can start httpd forcely.

Test if the server is listening

$ curl localhost:80
Hello, world. from OpenBSD httpd
Enter fullscreen mode Exit fullscreen mode
✿ ✿ ✿

Conclusion

You can add more servers with /etc/httpd.conf. It will require reloading the daemon with:

$ doas rcctl restart httpd
httpd(ok)
httpd(ok)
Enter fullscreen mode Exit fullscreen mode

Thank you very much for your reading.
Happy serving 🕊

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .