This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
openbsd:openhttpd [2019/11/10 11:46] jrmu |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | Setting up OpenBSD's default web server, openhttpd, is relatively simple. Start off by copying the example file in /etc/examples/httpd.conf: | ||
- | <code> | ||
- | $ doas cp /etc/examples/httpd.conf /etc/httpd.conf | ||
- | </code> | ||
- | |||
- | Here is what /etc/httpd.conf contains: | ||
- | |||
- | <code> | ||
- | server "example.com" { | ||
- | listen on * port 80 | ||
- | location "/.well-known/acme-challenge/*" { | ||
- | root "/acme" | ||
- | request strip 2 | ||
- | } | ||
- | location * { | ||
- | block return 302 "https://$HTTP_HOST$REQUEST_URI" | ||
- | } | ||
- | } | ||
- | |||
- | server "example.com" { | ||
- | listen on * tls port 443 | ||
- | tls { | ||
- | certificate "/etc/ssl/example.com.fullchain.pem" | ||
- | key "/etc/ssl/private/example.com.key" | ||
- | } | ||
- | location "/pub/*" { | ||
- | directory auto index | ||
- | } | ||
- | location "/.well-known/acme-challenge/*" { | ||
- | root "/acme" | ||
- | request strip 2 | ||
- | } | ||
- | } | ||
- | </code> | ||
- | |||
- | You must replace example.com everywhere with your domain name. | ||
- | |||
- | Simply enable and start the web server: | ||
- | |||
- | <code> | ||
- | $ doas rcctl enable httpd | ||
- | $ doas rcctl start httpd | ||
- | </code> | ||
- | |||
- | Make sure pf allows incoming http connections: | ||
- | |||
- | <code> | ||
- | pass in proto tcp to port {http https} | ||
- | </code> | ||
- | |||
- | Now you will almost certainly want openhttpd to use an SSL cert, so follow the [[openbsd:acme-client|acme-client]] instructions, then reset your web server: | ||
- | |||
- | <code> | ||
- | $ doas rcctl restart httpd | ||
- | </code> | ||
- | |||
- | To test if your web server is working and has a correct SSL cert, run: | ||
- | |||
- | <code> | ||
- | $ openssl s_client -connect example.com:443 | ||
- | <code> | ||
- | |||
- | You should see the correct SSL subject and issuer: | ||
- | |||
- | <code> | ||
- | subject=/CN=test.ircnow.org | ||
- | issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 | ||
- | </code> |