paritybit.ca

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE
commit 90b38e801627d5d0d4495310680431d7ba337097
parent 5df18d4f01edcab097d1a4f385429aae7a317055
Author: Jake Bauer <jbauer@paritybit.ca>
Date:   Tue, 16 Feb 2021 23:35:15 -0500

Complete blog post draft

Diffstat:

Mhttp/pages/blog/migrating-from-nginx-to-openbsd-httpd-and-relayd.md | 59++++++++++++++++++++++++++++++++++++++++++++++++++++++-----


1 file changed, 54 insertions(+), 5 deletions(-)

diff --git a/http/pages/blog/migrating-from-nginx-to-openbsd-httpd-and-relayd.md b/http/pages/blog/migrating-from-nginx-to-openbsd-httpd-and-relayd.md
@@ -1,6 +1,6 @@
-## Migrating from Nginx to OpenBSD's httpd and relayd
+## Migrating from nginx to OpenBSD's httpd and relayd
 
-[//]: # "Detailing how I migrated my Debian 10 server running Nginx to OpenBSD with httpd and relayd."
+[//]: # "Detailing how I migrated my Debian 10 server running nginx to OpenBSD with httpd and relayd."
 
 [//]: # "main.min.css"
 
@@ -12,9 +12,25 @@
  <b>Last Updated:</b> [DATE]
 </div>
 
-After getting some experience administrating OpenBSD for the two mail servers I
-run, I wanted to explore more of the operating system. I had briefly heard about
-relayd and httpd from some things around the net.
+<figure>
+    <a href="/img/openbsd-logo.png"><img src="/img/openbsd-logo.png" alt="The OpenBSD logo."/></a>
+    <figcaption>This logo is subject to the license at: <a href="https://www.openbsd.org/art4.html">openbsd.org</a></figcaption>
+</figure>
+
+Having set up my mail server on OpenBSD, I've been very satisfied with the
+cohesiveness of the operating system; it has been a breeze to administrate.
+Since certbot just stopped working randomly on my previous server running Debian
+10 and nginx, I took it as an opportunity to try out OpenBSD for hosting my
+website and reverse proxy. OpenBSD includes two daemons written by the OpenBSD
+developers—httpd and relayd—for just those purposes. They also provide
+acme-client as an alternative to certbot. All of this was done on OpenBSD 6.8.
+
+Below is my httpd configuration. This contains configurations for renewing the
+TLS certificate as well as serving both
+[www.paritybit.ca](https://www.paritybit.ca) and
+[ftp.paritybit.ca](https://ftp.paritybit.ca) with redirects as needed. If I
+wanted to, I could also split these into separate config files and use the
+`include` directive.
 
 ```
 types {
@@ -76,6 +92,28 @@ server "ftp.paritybit.ca" {
 }
 ```
 
+In the above configuration, there are two `location match` directives in the
+[www.paritybit.ca](https://www.paritybit.ca) server. The first matches any
+request for a path ending in `.html` and rewrites the request to serve the
+webpages from the `html` subdirectory as opposed to trying to find them in the
+root folder of the website.
+
+The second matches any request which doesn't have a file extension and appends
+`.html` to the requested resource path. This allows me to replicate nginx's
+`try_files` command where one can tell it to search for files which look like
+`$DOCUMENT_URI.html` and it means that users don't have to type out the `.html`
+extension when visiting a page on my site.
+
+Below is my relayd configuration. I run multiple services from one IP so I need
+to reverse proxy incoming connections to various services on my network. As with
+nginx's reverse proxying, relayd can handle the TLS connections to each of my
+services. I could also reverse proxy the connections to port 80 and redirect
+them using relayd, but I felt it was simpler to just let the webserver handle
+those directly.
+
+The reverse proxy for Gemini at the bottom of the configuration is just for
+accessing it within my network because of my internal DNS configuration.
+
 ```
 ext_addr = 10.0.0.20
 table <pleroma> { 10.0.0.7 }
@@ -180,3 +218,14 @@ relay gemini {
 	forward to <gemini> port 1965 check tcp
 }
 ```
+
+There is a lot of extra configuration for the HTTP services for setting things
+like Content Security Policy and other security headers (what a mess the Web has
+become...). I used the [Pleroma installation guide for
+OpenBSD](https://docs.pleroma.social/backend/installation/openbsd_en/) as a
+reference for the CSPs needed for that service.
+
+As usual, the tools provided by the OpenBSD developers are a breeze to configure
+and administrate. Plus the comprehensive, accurate, and complete documentation
+provided with the system means that I don't have to scour the internet for help
+only to find outdated tutorials or complicated documentation.