Setting up Web Servers

Installing and configuring NGINX, httpd (the default web server on OpenBSD), and Caddy involves distinct steps tailored to each server's unique features and configuration mechanisms. Each server offers a lightweight, high-performance alternative to Apache, with NGINX and Caddy also providing easy configuration for reverse proxy and automatic HTTPS.

NGINX

Installation

FreeBSD: Use the package manager to install NGINX:
```
pkg install nginx
```
Enable NGINX to start at boot by adding nginx_enable="YES" to /etc/rc.conf.
Rocky Linux/Debian Linux: Install NGINX using the package manager:
- Rocky Linux:
```
dnf install nginx
```
- Debian Linux:
```
apt install nginx
```
Enable NGINX to start on boot with systemctl enable nginx.

Configuration

The main configuration file for NGINX is typically located at /usr/local/etc/nginx/nginx.conf on FreeBSD, and /etc/nginx/nginx.conf on both Debian Linux and Rocky Linux. Key points to configure include:

server block: Defines server and site-specific configuration. Adjust server_name (your domain name), and the location block to specify how to process requests for different resources.
listen: Specifies the IP address and port (usually listen 80; for HTTP and listen 443 ssl; for HTTPS).
root: The directory from which NGINX serves files.

After making changes, test the configuration with nginx -t and reload NGINX with service nginx reload on FreeBSD or systemctl reload nginx on Linux.

OpenBSD's httpd

Installation

httpd is included by default in OpenBSD; no installation is necessary.

Configuration

httpd uses /etc/httpd.conf for its configuration. A simple configuration to serve static content might look like:

server "www.example.com" {
    listen on * port 80
    root "/htdocs/www.example.com"
}

Replace "www.example.com" with your domain and /htdocs/www.example.com with the path to your web content. After editing, restart httpd with rcctl restart httpd.

Caddy

Installation

Caddy is known for its simplicity and automatic HTTPS via Let's Encrypt.

Generic Installation: Download Caddy from the official website or use a package manager if available for your system. Caddy provides a convenient script for Linux:
```
curl -s https://getcaddy.com | bash
```

Configuration

Caddy uses a Caddyfile for configuration, typically located in /etc/caddy/Caddyfile or directly in the directory from which you run Caddy. A basic configuration to serve a site with automatic HTTPS might be as simple as:

www.example.com {
    root * /var/www/html
    file_server
}

Replace www.example.com with your domain and /var/www/html with the path to your web content. Start Caddy with caddy run if running manually, or set it up as a service for automatic startup.

Securing Web Servers

Regardless of the web server, follow best practices for security:

Update often: Keep your web server and system software up-to-date.
Minimize permissions: Ensure that the web server process has only the necessary permissions on files and directories it serves or writes to.
Configure HTTPS: Use TLS for secure connections. NGINX and Caddy support HTTPS configuration directly. For httpd on OpenBSD, use acme-client for automatic Let's Encrypt certificates.

NGINX, OpenBSD's httpd, and Caddy offer robust, efficient alternatives for serving web content and applications. Each has its configuration style and strengths, from the simplicity and automatic HTTPS of Caddy to the performance and flexibility of NGINX and the security focus of OpenBSD's httpd. Proper installation and configuration ensure that your web services are efficient, secure, and reliable.

Everything is a file, the book.