OpenBSD httpd Installation on FreeBSD

Note: This has been tested on FreeBSD 14.1.

Directory Mapping

FreeBSD applies other directory conventions than OpenBSD. In FreeBSD, add-ons are placed in /usr/local. OpenBSD does not do that. Since OpenBSD httpd is build for OpenBSD, the httpd documentation (including the man pages installed on FreeBSD) refer to OpenBSD paths. The obhttpd package is patched to adhere to the FreeBSD directory structure.

Install and Enable OpenBSD httpd (obhttpd):

doas pkg install obhttpd
doas sysrc obhttpd_enable="YES"

Initial httpd.conf:

This configuration file sets up a default virtual server to catch all requests which do not point to separately configured virtual servers. These requests certainly come from web attackers maliciously probing the hosts open HTTP port. The default server drops requests silently and does not send responses. It also does not generate log entries. Thus any request spam is handled with low effort.

doas vim /usr/local/etc/obhttpd.conf

public_ip4="<public_ipv4>"
public_ip6="<public_ipv6>"

chroot "/usr/local/www"
logdir "/var/log/obhttpd"

server "default" {
        listen on $public_ip4 port 80
        listen on $public_ip6 port 80
        block drop
        no log
}

Starting the HTTP Server

doas obhttpd -n && service obhttpd start

Opening pf Ports:

If the pf firewall is configured as outlined in FIXME, then add the following firewall rules to the pf configuration.

doas vim /etc/pf.conf

# allow HTTP and HTTPS in
pass in on $public_if proto tcp to port { 80 443 }

Add a Virtual Server for Domain Parking

mkdir /usr/local/www/blanksite

doas vim /usr/local/etc/obhttpd.conf

server "<server_name_1>" {
        listen on $public_ip4 port 80
        listen on $public_ip6 port 80

        alias "www.<server_name_1>"
        alias "<server_name_2>"
        alias "www.<server_name_2>"
        <...>
        alias "<server_name_n>"
        alias "www.<server_name_n>"

        root "/blanksite"
        directory index index.html
        location "*" {
                request rewrite "/index.html" 
        }
        no log
}

doas vim /usr/local/www/blanksite/index.html

<!DOCTYPE html>
<html>
<head>
<title>This page is intentionally left blank</title>
</head>
<body>
This page is intentionally left blank.
</body>
</html>

Start httpd

doas obhttpd -n && service obhttpd restart

Done.