This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
openbsd:openhttpd [2019/11/21 13:21] jrmu removed |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | Setting up OpenBSD's default web server, openhttpd, is relatively simple. Start off by copying the example file in /etc/examples/httpd.conf: | ||
| - | <code> | ||
| - | $ doas cp /etc/examples/httpd.conf /etc/httpd.conf | ||
| - | </code> | ||
| - | |||
| - | Here is what /etc/httpd.conf contains: | ||
| - | |||
| - | <code> | ||
| - | server "example.com" { | ||
| - | listen on * port 80 | ||
| - | location "/.well-known/acme-challenge/*" { | ||
| - | root "/acme" | ||
| - | request strip 2 | ||
| - | } | ||
| - | location * { | ||
| - | block return 302 "https://$HTTP_HOST$REQUEST_URI" | ||
| - | } | ||
| - | } | ||
| - | |||
| - | server "example.com" { | ||
| - | listen on * tls port 443 | ||
| - | tls { | ||
| - | certificate "/etc/ssl/example.com.fullchain.pem" | ||
| - | key "/etc/ssl/private/example.com.key" | ||
| - | } | ||
| - | location "/pub/*" { | ||
| - | directory auto index | ||
| - | } | ||
| - | location "/.well-known/acme-challenge/*" { | ||
| - | root "/acme" | ||
| - | request strip 2 | ||
| - | } | ||
| - | } | ||
| - | </code> | ||
| - | |||
| - | You must replace example.com everywhere with your domain name. | ||
| - | |||
| - | Simply enable and start the web server: | ||
| - | |||
| - | <code> | ||
| - | $ doas rcctl enable httpd | ||
| - | $ doas rcctl start httpd | ||
| - | </code> | ||
| - | |||
| - | Make sure pf allows incoming http connections by putting this line into /etc/pf.conf: | ||
| - | |||
| - | <code> | ||
| - | pass in proto tcp to port {http https} | ||
| - | </code> | ||
| - | |||
| - | Then, reload the pf rulesets: | ||
| - | |||
| - | <code> | ||
| - | $ doas pfctl -f /etc/pf.conf | ||
| - | </code> | ||
| - | |||
| - | At this point, you should test to see if the web server is working on port 80. This test should be run on some other computer besides the web server (your local workstation is fine). Make sure you have curl installed: | ||
| - | |||
| - | <code> | ||
| - | $ doas pkg_add curl | ||
| - | $ curl example.com | ||
| - | </code> | ||
| - | |||
| - | You should a response similar to the one below: | ||
| - | |||
| - | <code> | ||
| - | <!DOCTYPE html> | ||
| - | <html> | ||
| - | <head> | ||
| - | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> | ||
| - | <title>302 Found</title> | ||
| - | <style type="text/css"><!-- | ||
| - | body { background-color: white; color: black; font-family: 'Comic Sans | ||
| - | MS', 'Chalkboard SE', 'Comic Neue', sans-serif; } | ||
| - | hr { border: 0; border-bottom: 1px dashed; } | ||
| - | |||
| - | --></style> | ||
| - | </head> | ||
| - | <body> | ||
| - | <h1>302 Found</h1> | ||
| - | <hr> | ||
| - | <address>OpenBSD httpd</address> | ||
| - | </body> | ||
| - | </html> | ||
| - | </code> | ||
| - | |||
| - | Now you will almost certainly want openhttpd to use an SSL cert, so follow the [[openbsd:acme-client|acme-client]] instructions, then reset your web server: | ||
| - | |||
| - | <code> | ||
| - | $ doas rcctl restart httpd | ||
| - | </code> | ||
| - | |||
| - | To test if your web server is working and has a correct SSL cert, run: | ||
| - | |||
| - | <code> | ||
| - | $ openssl s_client -connect example.com:443 | ||
| - | </code> | ||
| - | |||
| - | You should see the correct SSL subject and issuer: | ||
| - | |||
| - | <code> | ||
| - | subject=/CN=example.com | ||
| - | issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 | ||
| - | </code> | ||