Basic Webserver (httpd)

Introduction #

OpenBSD comes with a built-in webserver called httpd. In contrast to Redhat (deriviate) Linux distributions, this is not a rebranded version of the Apache webserver. Instead, it’s a very basic webserver that supports FastCGI and TLS. The biggest downside of this server is the lack of gzip compression which results in larger than necessary files being transmitted and the accompanying performance penalty. The idea behind this is very much in line with the larger OpenBSD philosophy that security is top priority and performance may take a hit in achieving that.

The projects goals can be summarized as follows:

  • Static files: Serves static files and directories via optional auto-indexing.
  • FastCGI: Supports asynchronous and direct FastCGI via UNIX socket or TCP/IP.
  • Secure: Non-optional security by running chroot’ed and with privilege separation by default.
  • SSL/TLS: Support secure connections via TLS powered by LibreSSL.
  • Virtual servers: Flexible configuration with support for name- and IP-based virtual servers on IPv4 and IPv6.
  • Reconfiguration: Reload the running configuration without interruption.
  • Logging: Supports per-server logging via local access and error files or via syslog.

Configuration #

There’s a configfile located in /etc/examples/ that you can copy as root:

cp /etc/examples/httpd.conf /etc

Or, you can create new file called httpd.conf in /etc and make it look something like this:

server "www.example.com" {
  listen on * port 80
  root "/htdocs/www.example.com"
}

server "example.com" {
  listen on * port 80
  block return 301 "http://www.example.com$REQUEST_URI"
}

# Include additional MIME types
types {
        include "/usr/share/misc/mime.types"
}
The httpd server is chrooted to /var/www/ so the document root should be in that directory or deeper.

Next, we need to create the documentroot

mkdir -p /var/www/htdocs/www.example.com

We can now check the configuration via:

# httpd -n
configuration ok

Next we need to enable the daemon and after that we can start it.

rcctl enable httpd
rcctl start httpd
In case the httpd daemon is started without being enabled first, the start command returns the following: /etc/rc.d/httpd: need -f to force start since httpd_flags=NO

Add content #

As a quick test, create a file called index.html in the document root:

vi /var/www/htdocs/www.example.com/index.html

Add some HTML:

<html>
    <body>
       Hello World 
    </body>
</html>

Test #

The webserver should be up and running. This can be tested by browsing to the IP address of the server. Now you can add additional content and configure the DNS. Or add SSL support to the configuration.

Tips #

In case you have multiple virtual servers only accessible via SSL, you can redirect all traffic from HTTP to HTTPS via the following configuration snippet:

server "secure-redirect" {
        listen on egress port 80 block return 301 "https://$HTTP_HOST$REQUEST_URI"
}