OpenBSD Web server setup

Table of contents

  1. acme-client(1)
  2. httpd(8)
  3. crontab(1)
  4. Now what?

acme-client(1)

acme-client(1) lets us have HTTPS.

Create the certificate directories:

	# mkdir -p -m 700 /etc/ssl/private
	# mkdir -p -m 755 /var/www/acme
	

Edit /etc/acme-client.conf; the configuration file. Replace mydomain with your domain.

	authority letsencrypt {
		api url "https://acme-v02.api.letsencrypt.org/directory"
		account key "/etc/ssl/private/letsencrypt.key"
	}

	domain mydomain.com {
		domain key "/etc/ssl/private/mydomain.com.key"
		domain certificate "/etc/ssl/mydomain.com.crt"
		domain full chain certificate "/etc/ssl/mydomain.com.pem"
		sign with letsencrypt
	}
	

httpd(8)

OpenBSD already ships with a web server: httpd. You need to specify the following things:

Create the website's root directory. It should normally reside under /var/www/htdocs.

	# mkdir -p /var/www/htdocs/mydomain.com
	

The following configuration will suffice for now. With it you have HTTP and HTTPS for your website and it redirects HTTP to HTTPS automatically. If you want to learn more or see what other options and settings are available, read the man page for httpd.conf. Inside /etc/httpd.conf we'll write the following:

	server "mydomain.com" {
		listen on * port 80
		root "/htdocs/mydomain.com"
		location "/.well-known/acme-challenge/*" {
			root "/acme"
			request strip 2
		}
		block return 301 "https://mydomain.com$REQUEST_URI"
	}

	server "mydomain.com" {
		listen on * tls port 443
		root "/htdocs/mydomain.com"
		tls {
			certificate "/etc/ssl/mydomain.com.pem"
			key "/etc/ssl/private/mydomain.com.key"
		}
		location "/.well-known/acme-challenge/*" {
			root "/acme"
			request strip 2
		}
	}
	

Test to see if the configuration is correct:

	# httpd -n
	

Generate the TLS certificates:

	# acme-client -v mydomain.com
	

(Re)start the web server:

	# rcctl restart httpd
	

crontab(1)

TLS certificates expire after a few months so new certificates need to be generated when they expire. In order to avoid having to remember this and having to manually generate them, a cronjob will do it automatically:

	# crontab -e
	

Append the following line:

	0 0 * * * acme-client -v mydomain.com && rcctl reload httpd
	

Now what?

If you want to host more than one website in the future, or add a subdomain for your website, you simply repeat the same process again (yes, you'll have to repeat things).

You've now got everything you need to start building your own website(s)! I won't be teaching you how to do that though, so get outta here and use your own creativity.