nabbisen

Posted on Oct 5, 2018 • Edited on Feb 18, 2022 • Originally published at obsd.solutions

OpenBSD httpd 6.3: Web Server

#openbsd #httpd #web #server

Intro

OpenBSD has its own web server called "httpd".

Backgrounds

It's possible on OpenBSD to install Nginx and Apache (called "apache-httpd").

They are not supported officially, however, because of historical backgrounds.
Nginx disappeared from the official manual at the end of 5.6 release in 2015.
OpenBSD httpd was added then.

It's also possible to install Caddy manually.

To be frank, OpenBSD httpd seems to have less conf examples and tutorials than them.
Therefore, some might think it more difficult.

I love OpenBSD httpd, for it's simple and minimal with clearly licensed, robust and secure, and thus, to my feelings, it's beautiful.
Also, it becomes more powerful with relayd.

✿ ✿ ✿

Environment

OS: OpenBSD 6.3 amd64

Procedure

1. Prepare a configuration file

httpd.conf is required in order to activate httpd service.
The default path is /etc/httpd.conf .

1-1. Make `/etc/httpd.conf`

# # Using fish shell:
# if not test -e /etc/httpd.conf; touch /etc/httpd.conf; end

Of course, simply using touch /etc/httpd.conf or vi /etc/httpd.conf are all right.

1-2. Edit `/etc/httpd.conf`

#[ MACROS ]
ext_ip = "127.0.0.1"
# ext_ip = "*"      # open to the outside network
# ext_ip = "egress" # open to only the primary IP address of the network interface

# [ GLOBAL CONFIGURATION ]
# none

# [ SERVERS ]
server "default" {
    listen on $ext_ip port 80
    root "/htdocs/my.domain"
}

# [ TYPES ]
types {
    include "/usr/share/misc/mime.types"
}

(caution) root property in "SERVERS" section means the directories under /var/www . The official document mentions in GLOBAL CONFIGURATION section:

chroot directory
Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.

Add other server definitions optionally like these:

server "www.https-example.domain" { 
    alias "https-example.domain" 
    listen on $ext_ip port 80 
    listen on $ext_ip tls port 443
    tls {
        key         "/etc/ssl/private/www.https-example.domain.key"
        certificate "/etc/ssl/www.https-example.domain.crt"
    }
    root "/htdocs/www.https-example.domain" 
}

server "www.fastcgi-example.domain" {
    alias "fastcgi-example.domain"
    listen on $ext_ip port 80
    fastcgi socket ":{% port-number %}"
}

The official document is here .

1-3. Make index.html for testing

# mkdir -p /var/www/htdocs/my.domain
# chown {% user %}:{% group %} /var/www/htdocs/my.domain # if necessary
$ echo "Hello, world. from OpenBSD httpd" > /var/www/htdocs/my.domain/index.html

2. Activate httpd service

Enable httpd:

# rcctl enable httpd

* note: This time /etc/rc.conf.local is created like this:

# cat /etc/rc.conf.local
httpd_flags=

And start it:

# rcctl start httpd
httpd(ok)

* note: Under the default setting: httpd_flags=NO, # rcctl -f start httpd can start httpd forcely.

3. Test if the server is listening

$ curl localhost:80
Hello, world. from OpenBSD httpd

✿ ✿ ✿

Outro

Thank you very much for your reading.
Happy serving 🕊

Top comments (16)

nabbisen • Oct 5 '18

tux0r, thank you for the precious information about your practices!
I succeeded in building a Python Django2 server this year, too.
Please let me know if you have should-dos or shouldn't dos on using OpenBSD httpd :)

nabbisen • Oct 6 '18 • Edited

Hmmm, you mean web server gateway interface is completely different from fast common gateway interface.
Truth sometimes tastes bitter!

I'm in trouble because there are several Python libraries and frameworks I want to use😅
I'll be in search for some solution🤔
Thank you very much!

raratiru • Sep 1 '19

You can use httpd as a reverse proxy for uwsgi:

uwsgi-docs.readthedocs.io/en/lates...

nabbisen • Sep 9 '19

Hi George,
Thank you for your kind commenting.
It's a happy fact that OpenBSD's httpd is in combination with Python's uwsgi.

With a combination of OpenBSD's httpd and uwsgi/supervisord, I've recently hosted a Wagtail website which is based on Django 😉

BestFriend101 • Aug 17 '21

If you're interested, here's how I use it in conjunction with Ruby On Rails. httpd only does the ACME-challenges for TLS-certificates:

github.com/basicfeatures/openbsd-r...

Thank you and have a wonderful day!

nabbisen • Aug 20 '21

Hi, cloud69420, thank you for your sharing! Really really great.
I'm happy to know relayd definitions and a rc script are used when running Ruby on Rails apps in OpenBSD 😃 Well, I have tried another way, that was with Supervisord. It didn't sit well with my favor 😅

Pouya Eghbali • Jan 23 '20

reyk/httpd was last updated 3 years ago, 2015 issues are still open, there's no http/2 support, and I'm pretty sure it lacks a lot of other features. Why would anyone want to use it? Security isn't everything.

nabbisen • Jan 28 '20 • Edited

Hi, Pouya :)
Thank you for your commenting.

It seems the Github repo is inactive although I don't know about the fact, for the releases tags are just about 5.7 base and 5.8 base.
OpenBSD projects have their own official CVS src repository, which is accessible in openbsd.org .
OpenBSD httpd has been recently being updated. For example, the latest release, 6.6, changelog is in openbsd.org/plus66.html .

Well, yes, security isn't everything. It's up to one's values.
As to me, the simplicity, clean licenses and also the difficulty with less examples are the points as well as its security. In a word, I enjoy OpenBSD. lol 😆