Setting up Web Servers
Installing and configuring NGINX, httpd
(the default web server on OpenBSD), and Caddy involves distinct steps tailored to each server's unique features and configuration mechanisms. Each server offers a lightweight, high-performance alternative to Apache, with NGINX and Caddy also providing easy configuration for reverse proxy and automatic HTTPS.
NGINX
Installation
-
FreeBSD: Use the package manager to install NGINX:
pkg install nginx
Enable NGINX to start at boot by adding
nginx_enable="YES"
to/etc/rc.conf
. -
Rocky Linux/Debian Linux: Install NGINX using the package manager:
- Rocky Linux:
dnf install nginx
- Debian Linux:
apt install nginx
Enable NGINX to start on boot with
systemctl enable nginx
. - Rocky Linux:
Configuration
The main configuration file for NGINX is typically located at /usr/local/etc/nginx/nginx.conf
on FreeBSD, and /etc/nginx/nginx.conf
on both Debian Linux and Rocky Linux. Key points to configure include:
- server block: Defines server and site-specific configuration. Adjust
server_name
(your domain name), and thelocation
block to specify how to process requests for different resources. - listen: Specifies the IP address and port (usually
listen 80;
for HTTP andlisten 443 ssl;
for HTTPS). - root: The directory from which NGINX serves files.
After making changes, test the configuration with nginx -t
and reload NGINX with service nginx reload
on FreeBSD or systemctl reload nginx
on Linux.
OpenBSD's httpd
Installation
httpd
is included by default in OpenBSD; no installation is necessary.
Configuration
httpd
uses /etc/httpd.conf
for its configuration. A simple configuration to serve static content might look like:
server "www.example.com" {
listen on * port 80
root "/htdocs/www.example.com"
}
Replace "www.example.com"
with your domain and /htdocs/www.example.com
with the path to your web content. After editing, restart httpd
with rcctl restart httpd
.
Caddy
Installation
Caddy is known for its simplicity and automatic HTTPS via Let's Encrypt.
-
Generic Installation: Download Caddy from the official website or use a package manager if available for your system. Caddy provides a convenient script for Linux:
curl -s https://getcaddy.com | bash
Configuration
Caddy uses a Caddyfile for configuration, typically located in /etc/caddy/Caddyfile
or directly in the directory from which you run Caddy. A basic configuration to serve a site with automatic HTTPS might be as simple as:
www.example.com {
root * /var/www/html
file_server
}
Replace www.example.com
with your domain and /var/www/html
with the path to your web content. Start Caddy with caddy run
if running manually, or set it up as a service for automatic startup.
Securing Web Servers
Regardless of the web server, follow best practices for security:
- Update often: Keep your web server and system software up-to-date.
- Minimize permissions: Ensure that the web server process has only the necessary permissions on files and directories it serves or writes to.
- Configure HTTPS: Use TLS for secure connections. NGINX and Caddy support HTTPS configuration directly. For
httpd
on OpenBSD, useacme-client
for automatic Let's Encrypt certificates.
NGINX, OpenBSD's httpd
, and Caddy offer robust, efficient alternatives for serving web content and applications. Each has its configuration style and strengths, from the simplicity and automatic HTTPS of Caddy to the performance and flexibility of NGINX and the security focus of OpenBSD's httpd
. Proper installation and configuration ensure that your web services are efficient, secure, and reliable.