DEV Community

Cover image for OpenBSD httpd 6.3: Web Server
nabbisen
nabbisen

Posted on • Edited on • Originally published at obsd.solutions

OpenBSD httpd 6.3: Web Server

Intro

OpenBSD has its own web server called "httpd".


Backgrounds

It's possible on OpenBSD to install Nginx and Apache (called "apache-httpd").

They are not supported officially, however, because of historical backgrounds.
Nginx disappeared from the official manual at the end of 5.6 release in 2015.
OpenBSD httpd was added then.

It's also possible to install Caddy manually.


To be frank, OpenBSD httpd seems to have less conf examples and tutorials than them.
Therefore, some might think it more difficult.

I love OpenBSD httpd, for it's simple and minimal with clearly licensed, robust and secure, and thus, to my feelings, it's beautiful.
Also, it becomes more powerful with relayd.

✿ ✿ ✿

Environment

  • OS: OpenBSD 6.3 amd64

Procedure

1. Prepare a configuration file

httpd.conf is required in order to activate httpd service.
The default path is /etc/httpd.conf .

1-1. Make /etc/httpd.conf

# # Using fish shell:
# if not test -e /etc/httpd.conf; touch /etc/httpd.conf; end
Enter fullscreen mode Exit fullscreen mode

Of course, simply using touch /etc/httpd.conf or vi /etc/httpd.conf are all right.

1-2. Edit /etc/httpd.conf

#[ MACROS ]
ext_ip = "127.0.0.1"
# ext_ip = "*"      # open to the outside network
# ext_ip = "egress" # open to only the primary IP address of the network interface

# [ GLOBAL CONFIGURATION ]
# none

# [ SERVERS ]
server "default" {
    listen on $ext_ip port 80
    root "/htdocs/my.domain"
}

# [ TYPES ]
types {
    include "/usr/share/misc/mime.types"
}
Enter fullscreen mode Exit fullscreen mode

(caution) root property in "SERVERS" section means the directories under /var/www . The official document mentions in GLOBAL CONFIGURATION section:

chroot directory
Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.

Add other server definitions optionally like these:

server "www.https-example.domain" { 
    alias "https-example.domain" 
    listen on $ext_ip port 80 
    listen on $ext_ip tls port 443
    tls {
        key         "/etc/ssl/private/www.https-example.domain.key"
        certificate "/etc/ssl/www.https-example.domain.crt"
    }
    root "/htdocs/www.https-example.domain" 
}

server "www.fastcgi-example.domain" {
    alias "fastcgi-example.domain"
    listen on $ext_ip port 80
    fastcgi socket ":{% port-number %}"
}
Enter fullscreen mode Exit fullscreen mode

The official document is here .

1-3. Make index.html for testing

# mkdir -p /var/www/htdocs/my.domain
# chown {% user %}:{% group %} /var/www/htdocs/my.domain # if necessary
$ echo "Hello, world. from OpenBSD httpd" > /var/www/htdocs/my.domain/index.html
Enter fullscreen mode Exit fullscreen mode

2. Activate httpd service

Enable httpd:

# rcctl enable httpd
Enter fullscreen mode Exit fullscreen mode

* note: This time /etc/rc.conf.local is created like this:

# cat /etc/rc.conf.local
httpd_flags=
Enter fullscreen mode Exit fullscreen mode

And start it:

# rcctl start httpd
httpd(ok)
Enter fullscreen mode Exit fullscreen mode

* note: Under the default setting: httpd_flags=NO, # rcctl -f start httpd can start httpd forcely.

3. Test if the server is listening

$ curl localhost:80
Hello, world. from OpenBSD httpd
Enter fullscreen mode Exit fullscreen mode
✿ ✿ ✿

Outro

Thank you very much for your reading.
Happy serving 🕊

Top comments (16)

Collapse
 
nabbisen profile image
nabbisen

tux0r, thank you for the precious information about your practices!
I succeeded in building a Python Django2 server this year, too.
Please let me know if you have should-dos or shouldn't dos on using OpenBSD httpd :)

 
nabbisen profile image
nabbisen • Edited

Hmmm, you mean web server gateway interface is completely different from fast common gateway interface.
Truth sometimes tastes bitter!

I'm in trouble because there are several Python libraries and frameworks I want to use😅
I'll be in search for some solution🤔
Thank you very much!

Thread Thread
 
raratiru profile image
raratiru

You can use httpd as a reverse proxy for uwsgi:

uwsgi-docs.readthedocs.io/en/lates...

Thread Thread
 
nabbisen profile image
nabbisen

Hi George,
Thank you for your kind commenting.
It's a happy fact that OpenBSD's httpd is in combination with Python's uwsgi.

With a combination of OpenBSD's httpd and uwsgi/supervisord, I've recently hosted a Wagtail website which is based on Django 😉

Collapse
 
bestfriend101 profile image
BestFriend101

If you're interested, here's how I use it in conjunction with Ruby On Rails. httpd only does the ACME-challenges for TLS-certificates:

github.com/basicfeatures/openbsd-r...

Thank you and have a wonderful day!

Collapse
 
nabbisen profile image
nabbisen

Hi, cloud69420, thank you for your sharing! Really really great.
I'm happy to know relayd definitions and a rc script are used when running Ruby on Rails apps in OpenBSD 😃 Well, I have tried another way, that was with Supervisord. It didn't sit well with my favor 😅

Collapse
 
pouyae profile image
Pouya Eghbali

reyk/httpd was last updated 3 years ago, 2015 issues are still open, there's no http/2 support, and I'm pretty sure it lacks a lot of other features. Why would anyone want to use it? Security isn't everything.

Collapse
 
nabbisen profile image
nabbisen • Edited

Hi, Pouya :)
Thank you for your commenting.

It seems the Github repo is inactive although I don't know about the fact, for the releases tags are just about 5.7 base and 5.8 base.
OpenBSD projects have their own official CVS src repository, which is accessible in openbsd.org .
OpenBSD httpd has been recently being updated. For example, the latest release, 6.6, changelog is in openbsd.org/plus66.html .

Well, yes, security isn't everything. It's up to one's values.
As to me, the simplicity, clean licenses and also the difficulty with less examples are the points as well as its security. In a word, I enjoy OpenBSD. lol 😆

Collapse
 
bestfriend101 profile image
BestFriend101

Also maybe worth mentioning: openbsd.org/papers/httpd-asiabsdco...

Collapse
 
nabbisen profile image
nabbisen

Thank you, again, so much!
Haha, although, of course, I knew it, I haven't read it thoroughly. I will😁

Collapse
 
hammondmason profile image
HJM

Nice intro. Short and to the point. Thanks.

Collapse
 
nabbisen profile image
nabbisen

HJM, thanks, too, for your cheering commenting ☺️

Collapse
 
anon987654321 profile image
anon987654321

Wonderful article - keep up the good work!

Collapse
 
nabbisen profile image
nabbisen

Thank you for your comments cheering me up.
I still spend a happy time with OpenBSD httpd 😊