OpenBsd server

[PapaParrot]

I am planning to start a server powered with OpenBsd.
So am wondering who else has actual experience with Open Bsd powered
server, any thing special I may need to know, etc.
I am experimenting first using localhost, and all ready ran into some problems
installing php, and maria db , don't have my details handy at the moment, but
in a nut shell, a tutorial I was using showed some scripts that need to be in the
httpd.conf file, but it was not to clear on exactly where, in any event , when I
pasted the code in, it broke the "httpd.conf" and it would not start. I will post the
details shortly.
My thoughts are maybe the tutorial was not as good as it looked, so any pointers
to a good tutorial, would be appreciated.
There are a lot of them in my search results, I have not yet read each one, ...
So any way, for now that is about it.
One last note , I plan to install phpBB, as a forum software, has anyone else done
this ? If there is any suggestions for a different forum software, I am open to other ideas.
Thanks
PS, I have some additional thoughts, ideas,...but will get into that later.

[PapaParrot]

This is the tutorial I was using last night:
( I do notice, it is a little "old", I am using OpenBsd 6.1, don't know if that is why
it would not work for me)
https://www.rootbsd.net/kb/339/Insta...penBSD-59.html

This is the code, it says to add to my httpd.conf:

Quote:

Create and edit /etc/httpd.conf if it doesn't already exist and add the following code:

Code:

server "default" {
        listen on egress port 80
}

types {
        text/css                css
        text/html               html htm
        text/txt                txt
        image/gif               gif
        image/jpeg              jpeg jpg
        image/png               png
        application/javascript  js
        application/xml         xml
}

at the end of the tutorial, it also says to add this:

Quote:

Set index.php as the default index page by adding this under the above code, ensuring it is still inside the "default" server block:

Code:

directory {
    index "index.php"
}

========================
My actual httpd.conf file, and it works fine for just regular html, (index.html)

Code:

# $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $

#
# Macros
#
ext_addr="*"

#
# Global Options
#
# prefork 3

#
# Servers
#

# A minimal default server
server "default" {
	listen on $ext_addr port 80
}
### This is where I added to code from the tutorial
### Then the additional 
#directory {
 #  index "index.php"
#}
# Of course I did not have the # comment symbols,  in the actual code, the lines were not
#commented out. 





# Include MIME types instead of the built-in ones
types {
	include "/usr/share/misc/mime.types"
}

Just to clarify, this is what I had, but when I restart httpd, it fails, with no error message,
other then "failed".

Code:

# $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $

#
# Macros
#
ext_addr="*"

#
# Global Options
#
# prefork 3

#
# Servers
#

# A minimal default server
server "default" {
	listen on $ext_addr port 80
}
server "default" {
        listen on egress port 80
}

types {
        text/css                css
        text/html               html htm
        text/txt                txt
        image/gif               gif
        image/jpeg              jpeg jpg
        image/png               png
        application/javascript  js
        application/xml         xml
}
directory {
    index "index.php"
}





# Include MIME types instead of the built-in ones
types {
	include "/usr/share/misc/mime.types"
}

Thanks

[jggimi]

I've run plenty of servers. More specifically, your questions are about running Web servers, one type of server among thousands.

Your second http.conf file has two default sections, which is a likely reason why it fails. Error messages are logged in /var/log/daemon and can also be output directly to your terminal (or X terminal) with the -d option of rcctl(8), assuming you are using this tool when you start or restart the daemon.

[PapaParrot]

Thanks, and yes, it will be a web server, sorry I didn't think to specify that.
---------- edited --------
thanks , using the -d option gave me enough information to find and fix the
lines as needed, it now does access the index.php .
------- edited -----------
This is what my httpd.conf is now:

Code:

# $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $

#
# Macros
#
ext_addr="*"
#
# Global Options
#
# prefork 3

#
# Servers
#

# A minimal default server

server "default" {
        listen on $ext_addr port 80
directory {
    index "index.php"
	} 
	location "*.php" {
		fastcgi socket "/run/php-fpm.sock"
	}
}


types {
        text/css                css
        text/html               html htm
        text/txt                txt
        image/gif               gif
        image/jpeg              jpeg jpg
        image/png               png
        application/javascript  js
        application/xml         xml

}

It still is very minimal, but works, the index.php displays as expected.
Thanks again

[PapaParrot]

However, ran into some problems installing phpmyadmin:

=================
In any event the basic "site" is working fine. I have all ways had problems understanding
setting up the data base,phpmyadmin, etc. It is not really a problem with OpenBsd,
OpenBsd is working great, the problem is just me. I don't remember what I did on the Linux server, but did have similar problems with my initial setup. Anyway, I don't think fixing it
will be the same as it was on the other OS, any way, I am finding enough documentation,
just need to read more of it

[jggimi]

Per the error messages shown, a MySQL database system is not available. There are three possible reasons: it's not installed, it's not running, or it's not provisioned properly.

[jggimi]

I've never used phpMyAdmin, so don't have specific advice. It has a run dependency of mariadb-client. You will need to install and provision mariadb-server on this local system or provision a connection to your MySQL/MariaDB database system if it is running on another platform.

[PapaParrot]

Thanks jggimi for the response,
I have decided not to use "phpmyadmin", there probably is no need for it.

So any way, I decided to try "sqlite3", installed it, how ever I am having problems
accessing it as well.
This is the error I get:

Code:

Connection failed: SQLSTATE[HY000] [14] unable to open database file

Did some searches on the error message, and there are results, but nothing I could
make sense of, in any event still trying to find more info,...

Code:

man sqlite3

has a lot of info, but did not see anything that even gives me a clue,
it is mostly good for the commands, etc.
I did start a data base, it is in : /home/garry/mybb.db
I am guessing some where else, needs to be configured, but so far have no idea where.
Thanks for taking the time to read and reply.

[jggimi]

I'd like to point out two things which may be helpful to you.

1. Your web server, httpd(8), is acting as a browser connector only. Your PHP application is connected via php-fpm, using FastCGI.

2. Just like httpd(), by default php-fpm uses /var/www as a chroot. See chroot(8) and chroot(2) for what this means. The end result is that your PHP database connection, if on the local system, must be stored inside this chroot directory structure.

[PapaParrot]

Thanks,
Yes I have read this also in some other docs, but for some reason am still
not grasping some thing, ...............

[jggimi]

Here's a "graphic" of the typical web application that uses PHP and FastCGI - there are three services:

Code:

[Web server] - [php-fpm] - [database engine]

The connections between these services can be via network, or can be via filesystem sockets.

• The network connections can be real - these services can be on different servers.
• The network connections can use a loopback connection if the services are on the same server.
• Same-server connections can also use "Unix domain" TCP sockets via the filesystem. This is a common way to do same-server interconnections which avoids some overhead and use filesystem permissions for security at the same time.

If filesytem connections are being used, then the database file must reside within the chroot structure, since php-fpm is chrooted.

What is a chroot? Simply, it is a restriction which assigns a directory as "/" to a process. In this case, php-fpm uses "/var/www" as its "/" directory, just as the web server httpd(8) does.

If you create a SQLite database in /var/www/GarryR/databases/database.file.db php-fpm sees that file as /GarryR/databases/database.file.db. Due to the chroot, php-fpm cannot access anything in your filesystem outside of /var/www.

(It's a little confusing because php-fpm uses /etc/php-fpm.conf, which is outside the chroot structure. It reads that file during its initialization phase, before it starts its chrooted child processes.)

[PapaParrot]

Ok, thanks, now that is more clear, also I was beginning to think it needed to some thing
like that.
Actually on mine at this time only seems to access what is in the "htdocs" dir,...

Code:

$ cd /var/www/htdocs/
$ ls
Xindex.php  index.html  mybb.db
bgplg       index.php   phpMyAdmin
images      mybb

In fact last night I tried creating a data base there:/var/www/htdocs/
How ever still could not access it.
I can access "index.html", that is all ways easy. But for example, if index.html is
not in "htdocs", like /var/www/index.html (for example ) does not work.
The same, I was able to access index.php, as long as it is in "htdocs", how ever
last night something else I changed, broke that again, no php can be accessed, I think it was some change I made
in 'httpd.conf', but have not really started looking at everything yet today.
Another "to clarify" for example, when the "mybb" and/or the "phpMyAdmin" were out side
of the htdocs, but inside :/var/www/ , I could not access the "install.php" nor "setup.php", but
when I placed them (the entire dir,with files and subdirs), when I placed the in 'htdocs' , I could
access the php documents,etc. How ever, as shown previously, the "install.php", needs to access the data base, to do the installation,.. It does make sense to me, now that I need to have the data base in " /var/www/htdocs/ " I think,....

Quote:

(It's a little confusing because php-fpm uses /etc/php-fpm.conf, which is outside the chroot structure. It reads that file during its initialization phase, before it starts its chrooted child processes.)

Also read this , last night :

Quote:

from:http://php.net/manual/en/install.unix.openbsd.php

Common Problems ¶

Apache and Nginx are no longer the default server on OpenBSD, but they can both be easily found in ports and packages. The new default server is also called 'httpd'.
The default install of httpd runs inside a » chroot(2) jail, which will restrict PHP scripts to accessing files under /var/www. You will therefore need to create a /var/www/tmp directory for PHP session files to be stored, or use an alternative session backend. In addition, database sockets need to be placed inside the jail or listen on the localhost interface. If you use network functions, some files from /etc such as /etc/resolv.conf and /etc/services will need to be moved into /var/www/etc. The OpenBSD PEAR package automatically installs into the correct chroot directories.
The OpenBSD 5.7+ package for the » gd extension requires XFree86 to be installed. This can be added post-installation (See OpenBSD FAQ#4) by adding the xbase.tgz file set.

So any way, I will just keep trying, eventually it will work. Thanks

[jggimi]

Note your httpd.conf - and the file name for the php-fpm Unix domain socket file:

Code:

		fastcgi socket "/run/php-fpm.sock"

You will find this socket file in /var/www/run.

For additional clarity, I'll point you to these two parts of the httpd.conf(5) man page:

Quote:

chroot directory

Set the chroot(2) directory. If not specified, it defaults to /var/www, the home directory of the www user.

Quote:

root option

Configure the document root and options for the request path. Valid options are:

directory

Set the document root of the server. The directory is a pathname within the chroot(2) root directory of httpd. If not specified, it defaults to /htdocs....

[PapaParrot]

Ok, thanks,
How ever:

Quote:

You will find this socket file in /var/www/run.

No, it is not there,

Code:

$ cd /var/www/run
$ ls
$

Even with 'ls -f' the /run dir is empty. also as root it is empty ..... I understand it needs to be there, How do I
find/or create it, to put it there ?

On the "chroot", so should I run a command like this:

Code:

# chroot directory /var/www

or do I need that
in the httpd.conf file ?
IE:

Code:

directory  {
root /var/www
#or alternatively  root /var/www/htdocs ????
    index "index.php"
        } 
        location "*.php" {
                fastcgi socket "/run/php-fpm.sock"
        }
}

This is what is confusing me, it seems contradictory,
1 says:

Quote:

If not specified, it defaults to /var/www

and the other:

Quote:

If not specified, it defaults to /htdocs....

I read that in the manual last night, so I have not really specified it,
not sure how or where I would do that,... apparently it defaults to /htdocs
thanks

[jggimi]

My point was that your initially posted httpd.conf did not specify chroot or root values. Your chroot was "/var/www" and your document root was "/htdocs" under the chroot, or "/var/www/htdocs" -- which you have stated is where your server found its documents.

You don't need to add or change these, necessarily. I was trying to answer your question regarding your htdocs directory, and at the same time explain why your web server uses /var/www for all its files, and will use /var/www/htdocs as the default root document directory for any server you configure.

--- edited to add ---

If the file isn't in /var/www/run, then perhaps there's a /var/www/htdocs/run directory. I don't have access to an operational server at the moment, since I'm at $DAYJOB behind the Great Corporate Firewall (TM) without direct Internet access. But that socket file is how php-fpm connects with the web server.

[PapaParrot]

Ok, thanks , then I will leave that alone ,... I wonder why there is no

Quote:

fastcgi socket "/run/php-fpm.sock"

That seems to be a problem,

[jggimi]

It only exists while the connection is established and running, Garry.

FYI, this socket file is defined by default in /etc/php-fpm.conf - at least with php 5.6.30 on OpenBSD 6.1, which is what I just checked.

[PapaParrot]

Ok, thanks...
also :

Quote:

FYI, this socket file is defined by default in /etc/php-fpm.conf

Yes I found that,

Code:

; Note: This value is mandatory.
listen = /var/www/run/php-fpm.sock

and also noticed this:

Code:

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever 
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot = /var/www

For now I am leaving it as "default" (not set)

[jggimi]

The default as shipped in the OpenBSD package is chrooted:

Code:

; Default Value: not set
chroot = /var/www

This is done in a patch file of the OpenBSD port. (/usr/ports/lang/php/5.6/patches/patch-sapi_fpm_php-fpm_conf_in)

• Why do you think that might be set this way for OpenBSD?
• What is the value of configuring a chroot?

[PapaParrot]

So , in other words it should be like this:

Code:

; Default Value: not set
chroot = /var/www

????

I miss understood , when it says :

Quote:

; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set

And it was like you show,

Code:

; Default Value: not set
chroot = /var/www

So I thought that meant it should have the ( so that it
is not set, and I added the ( Confused , thinking I maybe I had changed it
before,and did not remember.

Quote:

Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...)

and

Quote:

Why do you think that might be set this way for OpenBSD?
What is the value of configuring a chroot?

Well I understand that it is for security, so any way, that is what I want,
to have it "set" the way it is supposed to be,...
======================
I think at this point my best option is to delete everything I installed, all the php,and data base packages, etc. and start over.
Thanks for taking the time on this,

Quote:

jggimi>>--- edited to add ---

If the file isn't in /var/www/run, then perhaps there's a /var/www/htdocs/run directory. I don't have access to an operational server at the moment, since I'm at $DAYJOB behind the Great Corporate Firewall (TM) without direct Internet access. But that socket file is how php-fpm connects with the web server.

This leads to 2 thoughts, first one, I am retired, so no "$DAYJOB", how ever with 18 parrots, of different species, and at this time 8 new babies, that all need to still be "spoon fed", I need to take of them first, then cleaning the "bird house",etc. it is "full time",....
"operational server",... When I started my linux server, a real server online, I first tried doing it on my home PC using "localhost" similar to what I am doing with OpenBsd now.
I had similar problems, on the "home PC" and localhost,...
Finally I decided to just go ahead and "rent" the server, I found a company that I could afford
and started the server, all they did is install the linux version I requested, and sent me a message with my info for ssh / sftp access. They are NOT a "hosting service", and the rest
was up to me, installing the php,database,etc. Setting up the website, domain names etc,...
To shorten a long story, everything went much smoother then it had when I was trying on
the "home PC" , localhost.
I need to think about it some more, and still want to make one more try at this , just on
my PC and localhost, howver I am thinking it will be easier on the real server, ... any way
my babies are all crying, so I need to run,...
thanks