loading...
Cover image for Setting Up OpenBSD's httpd Web Server

Setting Up OpenBSD's httpd Web Server

nabbisen profile image Heddi Nabbisen Updated on ・3 min read

Intro

OpenBSD has its own web server called "httpd".


Backgrounds

It's possible on OpenBSD to install Nginx and Apache (called "apache-httpd").

They are not supported officially, however, because of historical backgrounds.
Nginx disappeared from the official manual at the end of 5.6 release in 2015.
OpenBSD httpd was added then.

It's also possible to install Caddy manually.


To be frank, OpenBSD httpd seems to have less code examples and tutorials than
Nginx, a powerful server serving dynamically, or Caddy, an elegant server serving static files.
Therefore, some might think it more difficult.

I love OpenBSD httpd, for it's simple and minimal with clearly licensed, robust and secure, and thus, to my feelings, it's beautiful.
Also, it becomes more powerful with relayd.

✿ ✿ ✿

Environment

  • OS: OpenBSD 6.3 amd64

Procedure

1. Prepare a configuration file

httpd.conf is required in order to activate httpd service.
The default path is /etc/httpd.conf .

1-1. Make /etc/httpd.conf
# # Using fish shell:
# if test -e /etc/httpd.conf; touch /etc/httpd.conf; end

Of course, simply using touch /etc/httpd.conf or vi /etc/httpd.conf are all right.

1-2. Edit /etc/httpd.conf
#[ MACROS ]
ext_ip = "127.0.0.1"
# ext_ip = "*"      # open to the outside network
# ext_ip = "egress" # open to only the primary IP address of the network interface

# [ GLOBAL CONFIGURATION ]
# none

# [ SERVERS ]
server "default" {
    listen on $ext_ip port 80
    root "/htdocs/my.domain"
}

# [ TYPES ]
types {
    include "/usr/share/misc/mime.types"
}

(caution) root property in "SERVERS" section means the directories under /var/www . The official document mentions in GLOBAL CONFIGURATION section:

chroot directory
Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.

Add other server definitions optionally like these:

server "www.https-example.domain" { 
    alias "https-example.domain" 
    listen on $ext_ip port 80 
    listen on $ext_ip tls port 443
    tls {
        key         "/etc/ssl/private/www.https-example.domain.key"
        certificate "/etc/ssl/www.https-example.domain.crt"
    }
    root "/htdocs/www.https-example.domain" 
}

server "www.fastcgi-example.domain" {
    alias "fastcgi-example.domain"
    listen on $ext_ip port 80
    fastcgi socket ":{% port-number %}"
}

The official document is here .

1-3. Make index.html for testing
# mkdir -p /var/www/htdocs/my.domain
# chown {% user %}:{% group %} /var/www/htdocs/my.domain # if necessary
$ echo "Hello, world. from OpenBSD httpd" > /var/www/htdocs/my.domain/index.html

2. Activate httpd service

Enable httpd:

# rcctl enable httpd

* note: This time /etc/rc.conf.local is created like this:

# cat /etc/rc.conf.local
httpd_flags=

And start it:

# rcctl start httpd
httpd(ok)

* note: Under the default setting: httpd_flags=NO, # rcctl -f start httpd can start httpd forcely.

3. Test if the server is listening

$ curl localhost:80
Hello, world. from OpenBSD httpd
✿ ✿ ✿

Outro

Thank you very much for your reading.
Happy serving 🕊

Posted on by:

nabbisen profile

Heddi Nabbisen

@nabbisen

An ICT designer/developer and a security monk. "With a cool brain and a warm heart", I am challenging unsolved problems in our society. I use OpenBSD/Rust/etc.

Discussion

pic
Editor guide
 

reyk/httpd was last updated 3 years ago, 2015 issues are still open, there's no http/2 support, and I'm pretty sure it lacks a lot of other features. Why would anyone want to use it? Security isn't everything.

 

Hi, Pouya :)
Thank you for your commenting.

It seems the Github repo is inactive although I don't know about the fact, for the releases tags are just about 5.7 base and 5.8 base.
OpenBSD projects have their own official CVS src repository, which is accessible in openbsd.org .
OpenBSD httpd has been recently being updated. For example, the latest release, 6.6, changelog is in openbsd.org/plus66.html .

Well, yes, security isn't everything. It's up to one's values.
As to me, the simplicity, clean licenses and also the difficulty with less examples are the points as well as its security. In a word, I enjoy OpenBSD. lol 😆

 

I find OpenBSD httpd to be the less annoying nginx. I serve a couple of FastCGI applications and a PHP script over mine. Works without any problems.

 

tux0r, thank you for the precious information about your practices!
I succeeded in building a Python Django2 server this year, too.
Please let me know if you have should-dos or shouldn't dos on using OpenBSD httpd :)

 

Don't use Python behind it. WSGI is a completely different concept.

Hmmm, you mean web server gateway interface is completely different from fast common gateway interface.
Truth sometimes tastes bitter!

I'm in trouble because there are several Python libraries and frameworks I want to use😅
I'll be in search for some solution🤔
Thank you very much!

You can use httpd as a reverse proxy for uwsgi:

uwsgi-docs.readthedocs.io/en/lates...

Hi George,
Thank you for your kind commenting.
It's a happy fact that OpenBSD's httpd is in combination with Python's uwsgi.

With a combination of OpenBSD's httpd and uwsgi/supervisord, I've recently hosted a Wagtail website which is based on Django 😉

 

Wonderful article - keep up the good work!

 

Thank you for your comments cheering me up.
I still spend a happy time with OpenBSD httpd 😊

 

Nice intro. Short and to the point. Thanks.

 

HJM, thanks, too, for your cheering commenting ☺️