This is an old revision of the document!
Setting up OpenBSD's default web server, openhttpd, is relatively simple. Start off by copying the example file in /etc/examples/httpd.conf:
$ doas cp /etc/examples/httpd.conf /etc/httpd.conf
Here is what /etc/httpd.conf contains:
server "example.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
server "example.com" {
listen on * tls port 443
tls {
certificate "/etc/ssl/example.com.fullchain.pem"
key "/etc/ssl/private/example.com.key"
}
location "/pub/*" {
directory auto index
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
}
You must replace example.com everywhere with your domain name.
Simply enable and start the web server:
$ doas rcctl enable httpd $ doas rcctl start httpd
Make sure pf allows incoming http connections:
pass in proto tcp to port {http https}
Now you will almost certainly want openhttpd to use an SSL cert, so follow the acme-client instructions, then reset your web server:
$ doas rcctl restart httpd
To test if your web server is working and has a correct SSL cert, run:
$ openssl s_client -connect example.com:443
You should see the correct SSL subject and issuer:
subject=/CN=test.ircnow.org issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3