Intro
OpenBSD has its own web server called "httpd".
Backgrounds
It's possible on OpenBSD to install Nginx and Apache (called "apache-httpd").
They are not supported officially, however, because of historical backgrounds.
Nginx disappeared from the official manual at the end of 5.6 release in 2015.
OpenBSD httpd was added then.
It's also possible to install Caddy manually.
To be frank, OpenBSD httpd seems to have less conf examples and tutorials than them.
Therefore, some might think it more difficult.
I love OpenBSD httpd, for it's simple and minimal with clearly licensed, robust and secure, and thus, to my feelings, it's beautiful.
Also, it becomes more powerful with relayd.
Environment
- OS: OpenBSD 6.3 amd64
Procedure
1. Prepare a configuration file
httpd.conf
is required in order to activate httpd service.
The default path is /etc/httpd.conf
.
1-1. Make /etc/httpd.conf
# # Using fish shell:
# if not test -e /etc/httpd.conf; touch /etc/httpd.conf; end
Of course, simply using touch /etc/httpd.conf
or vi /etc/httpd.conf
are all right.
1-2. Edit /etc/httpd.conf
#[ MACROS ]
ext_ip = "127.0.0.1"
# ext_ip = "*" # open to the outside network
# ext_ip = "egress" # open to only the primary IP address of the network interface
# [ GLOBAL CONFIGURATION ]
# none
# [ SERVERS ]
server "default" {
listen on $ext_ip port 80
root "/htdocs/my.domain"
}
# [ TYPES ]
types {
include "/usr/share/misc/mime.types"
}
(caution) root
property in "SERVERS" section means the directories under /var/www
. The official document mentions in GLOBAL CONFIGURATION section:
chroot directory
Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.
Add other server definitions optionally like these:
server "www.https-example.domain" {
alias "https-example.domain"
listen on $ext_ip port 80
listen on $ext_ip tls port 443
tls {
key "/etc/ssl/private/www.https-example.domain.key"
certificate "/etc/ssl/www.https-example.domain.crt"
}
root "/htdocs/www.https-example.domain"
}
server "www.fastcgi-example.domain" {
alias "fastcgi-example.domain"
listen on $ext_ip port 80
fastcgi socket ":{% port-number %}"
}
The official document is here .
1-3. Make index.html for testing
# mkdir -p /var/www/htdocs/my.domain
# chown {% user %}:{% group %} /var/www/htdocs/my.domain # if necessary
$ echo "Hello, world. from OpenBSD httpd" > /var/www/htdocs/my.domain/index.html
2. Activate httpd service
Enable httpd:
# rcctl enable httpd
* note: This time /etc/rc.conf.local
is created like this:
# cat /etc/rc.conf.local
httpd_flags=
And start it:
# rcctl start httpd
httpd(ok)
* note: Under the default setting: httpd_flags=NO
, # rcctl -f start httpd
can start httpd forcely.
3. Test if the server is listening
$ curl localhost:80
Hello, world. from OpenBSD httpd
Outro
Thank you very much for your reading.
Happy serving 🕊
Top comments (16)
tux0r, thank you for the precious information about your practices!
I succeeded in building a Python Django2 server this year, too.
Please let me know if you have should-dos or shouldn't dos on using OpenBSD httpd :)
Hmmm, you mean web server gateway interface is completely different from fast common gateway interface.
Truth sometimes tastes bitter!
I'm in trouble because there are several Python libraries and frameworks I want to use😅
I'll be in search for some solution🤔
Thank you very much!
You can use httpd as a reverse proxy for uwsgi:
uwsgi-docs.readthedocs.io/en/lates...
Hi George,
Thank you for your kind commenting.
It's a happy fact that OpenBSD's httpd is in combination with Python's uwsgi.
With a combination of OpenBSD's httpd and uwsgi/supervisord, I've recently hosted a Wagtail website which is based on Django 😉
If you're interested, here's how I use it in conjunction with Ruby On Rails. httpd only does the ACME-challenges for TLS-certificates:
github.com/basicfeatures/openbsd-r...
Thank you and have a wonderful day!
Hi, cloud69420, thank you for your sharing! Really really great.
I'm happy to know
relayd
definitions and arc
script are used when running Ruby on Rails apps in OpenBSD 😃 Well, I have tried another way, that was with Supervisord. It didn't sit well with my favor 😅reyk/httpd was last updated 3 years ago, 2015 issues are still open, there's no http/2 support, and I'm pretty sure it lacks a lot of other features. Why would anyone want to use it? Security isn't everything.
Hi, Pouya :)
Thank you for your commenting.
It seems the Github repo is inactive although I don't know about the fact, for the releases tags are just about 5.7 base and 5.8 base.
OpenBSD projects have their own official CVS src repository, which is accessible in openbsd.org .
OpenBSD httpd has been recently being updated. For example, the latest release, 6.6, changelog is in openbsd.org/plus66.html .
Well, yes, security isn't everything. It's up to one's values.
As to me, the simplicity, clean licenses and also the difficulty with less examples are the points as well as its security. In a word, I enjoy OpenBSD. lol 😆
Also maybe worth mentioning: openbsd.org/papers/httpd-asiabsdco...
Thank you, again, so much!
Haha, although, of course, I knew it, I haven't read it thoroughly. I will😁
Nice intro. Short and to the point. Thanks.
HJM, thanks, too, for your cheering commenting ☺️
Wonderful article - keep up the good work!
Thank you for your comments cheering me up.
I still spend a happy time with OpenBSD httpd 😊