Dave's OpenBSD Blog #7: OpenBSD httpd (basics)

Created: 2024-11-14

Go back to my OpenBSD page for more entries.

Here comes the fun part! I love that OpenBSD includes its own Web server, httpd, as part of the base system.

I tried to piece things together from the man pages and some scattered web searches (OpenBSD info is still possible to search for even in 2024, unlike Linux). But then I re-discovered the wonderful OpenBSD Handbook. Here’s the httpd section:

https://www.openbsdhandbook.com/services/webserver/basic_webserver/

Update: And I just found https://httpd.rocks/ which focuses specifically on httpd setup.

Here we go. First off, we need a configuration file:

willard2$ doas vi /etc/httpd.conf

Here’s the contents of httpd.conf as written:

server "willard.ratfactor.com" {
    listen on * port 80
}

You can check the configuration without actually using it:

willard2$ doas httpd -n
configuration OK

Then we enable the daemon and start it:

rcctl enable httpd
rcctl start httpd

Now when I use a browser to hit my server, I it works!

403 Forbidden OpenBSD httpd

The 403 error is because I don’t have permission to view anything in the default directory. In this case specifically, the default page (index.html) doesn’t exist.

First I’m going to sort out some permissions, then I’ll create my Hello World page.

Web content (htdocs) permissions

I still don’t have a canonical answer for this, but it seems to me that having myself and the daemon in the same group would be a decent way to allow both it and myself to access the files.

Here’s the user for the httpd daemon:

willard2$ ps aux | grep httpd
root     98082  0.0  0.2  1588  2084 ??  Ip      4:07PM    0:00.01 /usr/sbin/httpd
www      46254  0.0  0.3  1448  3044 ??  Ipc     4:07PM    0:00.01 httpd: server (httpd)
www      28279  0.0  0.3  1520  3308 ??  Ipc     4:07PM    0:00.01 httpd: server (httpd)
www      37744  0.0  0.3  1516  3296 ??  Ipc     4:07PM    0:00.02 httpd: server (httpd)
www       8010  0.0  0.3  1572  3224 ??  Ipc     4:07PM    0:00.01 httpd: logger (httpd)

And the groups for the www user are:

willard2$ groups www
www

So httpd runs as the www user in the www group.

I’ll set the group for the root Web directory to www and give write permission for that directory to anyone in the group:

willard2$ doas chgrp www /var/www/htdocs
willard2$ doas chmod g+w /var/www/htdocs

And now I need to put myself in that group. (Note that I disconnect from the session and log back in to pick up the new group permission):

willard2$ doas user mod -G www dave
dave wheel
willard2$ ^D
Connection to willard.ratfactor.com closed.
$ ssh willard.ratfactor.com
...
willard2$ groups
dave wheel www

Let’s see if that worked. Can I can create a file in the directory?:

willard2$ cd /var/www/htdocs/
willard2$ touch foo
willard2$ ls -l foo
-rw-r--r--  1 dave  www  0 Nov 15 16:45 foo

Looks good.

Hello World (index.html)

With the permissions sorted out, let’s try a first page:

willard2$ echo "<html><body>hello!</body></html>" > index.html

Wonderful. I can serve static content, which will take care of 99% of my needs.

Next

Next things to figure out:

  • redirects (httpd 301 and 302)

  • mild URL rewriting

  • fastcgi + PHP?

For the first two, I expect to find my answers in the man page:

https://man.openbsd.org/httpd.conf.5

For the third, I have a couple bookmarks, but I’m not 100% sure which one will be the most useful.

PHP has a question mark behind it because I’ve gone around in nearly endless circles about which language I’d like to use to implement some of the few dynamic backend services on my website. I know PHP really well from decades of using it at day jobs and though I’ve written plenty of CGI applications in other languages, I really would be a lot more productive if I just swallowed my pride and went with PHP.