**Contents**
[[!toc levels=4]]
# How to run a webserver on NetBSD
First of all, logging as `root` is required thus you can install packages and
edit system configuration files.
If you want to install packages to NetBSD, you can do this in several different
ways, using pkgsrc, pkgin or pkg\_add. Please see the
[[chapter about installing additional software|guide/boot]] in the guide.
There are several HTTP daemons. The following text will introduce
[bozotic HTTP server](http://www.eterna.com.au/bozohttpd/) and
[Apache HTTP server](http://httpd.apache.org/).
## bozotic HTTP server
`bozohttpd` is a small and secure HTTP 1.1 server shipped with NetBSD
(`/usr/libexec/httpd`) by default. It's very simple and there isn't even a
configuration file. But it only provides the most basic features.
### Register the daemon
#### Run with inetd
`bozohttpd` can be run with `inetd`, and you need to register it to `inetd`.
Daemons hosted by `inetd` is registered at `/etc/inetd.conf`. `inetd.conf` is an
ascii file containing one service per line, and several fields per line. The
basic layout is:
service-name socket-type protocol wait/nowait user:group server-program arguments
In this case(handling HTTP requests), the basic format is:
http stream tcp nowait:600 nobody FULL_PATH_OF_DAEMON DAEMON_NAME_AND_ARGUMENTS
Append this to `/etc/inetd.conf` (assuming that your files are located in
`/var/www`):
http stream tcp nowait:600 nobody /usr/libexec/httpd httpd /var/www
Telling `inetd` to reload the file makes `httpd` work immediately. You may run
the following command:
# /etc/rc.d/inetd reload
Reloading inetd config files.
Here are the frequently used options:
* `-X`: Enables directory indexing.
* `-c CGI_BIN_PATH`: Enables the CGI/1.1 interface.
To get more information about options, see `bozohttpd(8)`.
#### Run in standalone mode
`bozohttpd` can be run without `inetd`. You have to add `-b` to the parameters
to enable daemon mode.
/usr/libexec/httpd -b /var/www
Because listening ports under 1024 requires root privilege, and running a
webserver with root privilege is unsafe, you may want to change the user to
`nobody` after initializing sockets. The command argument for this is
`-U USERNAME`.
Now the command line looks like this:
/usr/libexec/httpd -b -U nobody /var/www
To make `bozohttpd` run when the system boots, you have to activate it in your
rc.local(5) by setting `httpd=YES`. Arguments you want to pass can be set with
the `httpd_flags` variable, e.g. acitvating bozohttpd with directory indexing
would result in:
httpd=YES
httpd_flags="-X"
### Examples
* Use PHP parser(`/usr/pkg/bin/php`) to parse `.php` files in `/var/www`:
`httpd -C .php /usr/pkg/bin/php /var/www` (you need php installed)
* Enable directory listing to share files via HTTP: `httpd -x PATH_TO_SHARE`
* Run CGI programs(`/var/cgi`): `httpd -c /var/cgi /var/www`
## Apache HTTP server
The [Apache HTTP server](http://httpd.apache.org/) is a widely-used open source
HTTP server. Apache is a powerful HTTP server, which can be extended by loading
dynamic shared object (DSO).
### Install
You have to install Apache, it is not shipped with NetBSD. You can do this by
executing `pkgin install apache`, `cd /usr/pkgsrc/www/apache; make install` or
by using pkg\_add:
# pkg_add apache-2.4.3
pkg_add: Warning: package `apache-2.4.3' was built for a platform:
pkg_add: NetBSD/i386 6.0 (pkg) vs. NetBSD/i386 6.0.1 (this host)
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-autoindex.conf to /usr/pkg/etc/httpd/httpd-autoindex.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-dav.conf to /usr/pkg/etc/httpd/httpd-dav.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-default.conf to /usr/pkg/etc/httpd/httpd-default.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-info.conf to /usr/pkg/etc/httpd/httpd-info.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-languages.conf to /usr/pkg/etc/httpd/httpd-languages.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-manual.conf to /usr/pkg/etc/httpd/httpd-manual.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-mpm.conf to /usr/pkg/etc/httpd/httpd-mpm.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-multilang-errordoc.conf to /usr/pkg/etc/httpd/httpd-multilang-errordoc.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-ssl.conf to /usr/pkg/etc/httpd/httpd-ssl.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-userdir.conf to /usr/pkg/etc/httpd/httpd-userdir.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/extra/httpd-vhosts.conf to /usr/pkg/etc/httpd/httpd-vhosts.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/httpd.conf to /usr/pkg/etc/httpd/httpd.conf
apache-2.4.3: copying /usr/pkg/share/examples/httpd/magic to /usr/pkg/etc/httpd/magic
apache-2.4.3: copying /usr/pkg/share/examples/httpd/mime.types to /usr/pkg/etc/httpd/mime.types
===========================================================================
The following files should be created for apache-2.4.3:
/etc/rc.d/apache (m=0755)
[/usr/pkg/share/examples/rc.d/apache]
===========================================================================
===========================================================================
$NetBSD: how_to_setup_a_webserver.mdwn,v 1.2 2013/03/14 23:44:47 jdf Exp $
After apache-2.4.3, --enable-mpms-shared='event prefork worker' is
passed to configure script, then three multi-process model is built
and you can select the model in configuraton file.
The mod_cgi.so module conflicts with non-prefork multi-process model,
and mod_cgi.so module is not built anymore.
You can use mod_cgid.so module instead.
===========================================================================
### Register the daemon
The main tool to control the service of Apache is `apachectl`. To make it work
like normal services, supporting commands such as `/etc/rc.d/apache stop`, you
need to copy the script provided by Apache to `/etc/rc.d/apache`:
# cp /usr/pkg/share/examples/rc.d/apache /etc/rc.d
To make Apache run when system boots, you may set the rc variable `apache` to
`yes`. This can be done by creating `/etc/rc.conf.d/apache` and insert the
following text to the file:
apache=yes
or writing this line into your rc.conf(5) directly.
You can also run this to start Apache immediately:
# /etc/rc.d/apache start
Starting apache.
or:
# apachectl start
To see whether the server is started successfully, you can visit
`http://127.0.0.1`. The dafault page is:
It works!
Another way to check the daemon status:
# /etc/rc.d/apache status
apache is running as pid 1574.
Note: Since version 2.0, Apache doesn't support `inetd` operation mode anymore.
Running Apache with `inetd` is not supported.
### Configuration
Apache has lots of features, so it uses a configuration
file(`/usr/pkg/etc/httpd/httpd.conf`). The general structure of this document
is:
KEY VALUES
KEY VALUES
Here are the frequently used options:
* `DocumentRoot "WEB_ROOT"` The directory out of which you will serve your
documents. By default, all requests are taken from this directory.
* `ErrorDocument ERROR_CODE RESULT` Customizable error responses: the
`ERROR_CODE` can be 404 / 403 / etc, the `RESULT` can be a URL or a plain
text message.
* `ServerAdmin MAIL_ADDRESS` The address to which problems with the server
should be emailed. This address appears on some server-generated pages, such
as error documents.
To check the syntax, you may run:
NetBSD# apachectl configtest
Syntax OK
#### DSO
Apache is a modular program where the administrator can choose the functionality
to include in the server by selecting a set of modules (DSO). Apache's DSOs are
located in `/usr/pkg/lib/httpd`.
# cd /usr/pkg/lib/httpd
# ls
httpd.exp mod_authz_owner.so mod_ext_filter.so mod_mpm_worker.so mod_session_cookie.so
mod_access_compat.so mod_authz_user.so mod_file_cache.so mod_negotiation.so mod_session_dbd.so
mod_actions.so mod_autoindex.so mod_filter.so mod_proxy.so mod_setenvif.so
mod_alias.so mod_buffer.so mod_headers.so mod_proxy_ajp.so mod_slotmem_plain.so
mod_allowmethods.so mod_cache.so mod_heartbeat.so mod_proxy_balancer.so mod_slotmem_shm.so
mod_asis.so mod_cache_disk.so mod_heartmonitor.so mod_proxy_connect.so mod_socache_dbm.so
mod_auth_basic.so mod_cgid.so mod_include.so mod_proxy_express.so mod_socache_memcache.so
mod_auth_digest.so mod_charset_lite.so mod_info.so mod_proxy_fcgi.so mod_socache_shmcb.so
mod_auth_form.so mod_data.so mod_lbmethod_bybusyness.so mod_proxy_fdpass.so mod_speling.so
mod_authn_anon.so mod_dav.so mod_lbmethod_byrequests.so mod_proxy_ftp.so mod_ssl.so
mod_authn_core.so mod_dav_fs.so mod_lbmethod_bytraffic.so mod_proxy_http.so mod_status.so
mod_authn_dbd.so mod_dav_lock.so mod_lbmethod_heartbeat.so mod_proxy_scgi.so mod_substitute.so
mod_authn_dbm.so mod_dbd.so mod_log_config.so mod_ratelimit.so mod_unique_id.so
mod_authn_file.so mod_deflate.so mod_log_debug.so mod_reflector.so mod_unixd.so
mod_authn_socache.so mod_dialup.so mod_log_forensic.so mod_remoteip.so mod_userdir.so
mod_authz_core.so mod_dir.so mod_logio.so mod_reqtimeout.so mod_usertrack.so
mod_authz_dbd.so mod_dumpio.so mod_mime.so mod_request.so mod_version.so
mod_authz_dbm.so mod_echo.so mod_mime_magic.so mod_rewrite.so mod_vhost_alias.so
mod_authz_groupfile.so mod_env.so mod_mpm_event.so mod_sed.so mod_watchdog.so
mod_authz_host.so mod_expires.so mod_mpm_prefork.so mod_session.so
Write `LoadModule MODULE FILENAME` in the configuration file, and the specific
module will be loaded when Apache starts. You can also configure the module in
this way:
KEY VALUES
Run the following commands to apply the configuration:
NetBSD# /etc/rc.d/apache reload
or:
NetBSD# apachectl graceful
To get full manual, visit `/usr/pkg/share/httpd/manual`.
#### Run CGI
For security ressons, Apache doesn't permit executing CGI programs by default.
Uncomment the following line to `httpd.conf` to permit Apache executing CGI:
LoadModule cgid_module lib/httpd/mod_cgid.so
The next step is telling Apache which directory is set aside for CGI programs.
Apache will assume that every file in this directory is a CGI program, and will
attempt to execute it, when that particular resource is requested by a client.
The syntax is:
ScriptAlias URL_PATH FILE_PATH_OR_DIRECTORY_PATH
For example:
ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/
The CGI programs should be given executing permission. Modify the permission in
this way:
chmod a+x CGI_FILE_PATH
#### Run PHP
The PHP module is not included by default. Run the following command to obtain
the Apache module (or its pkgin and pkgsrc equivalents).
# pkg_add -v "ap24-php5*"
You should load the PHP module in `httpd.conf`. Append the following lines to
`httpd.conf`:
LoadModule php5_module lib/httpd/mod_php5.so
AddHandler application/x-httpd-php .php
Maybe you want `.php` instead of `.html` to be your default page. You may append
the following line:
DirectoryIndex index.php index.html
You can write the following lines as a php file and visit it to check whether
PHP works correctly. Don't forget to reload the configuration before testing.
If you want to configure PHP, use the following syntax:
php_value NAME VALUE
php_flag NAME on|off
php_admin_value NAME VALUE
php_admin_flag NAME on|off
#### Further reading
You should also have a look at the excellent online documentation of Apache: