1. 1

    does it support http/2 or http/1.x only ?

    1. 2

      relayd and httpd support HTTP/1.x

      hpack(3) may be included, one day, into relayd or httpd https://github.com/reyk/hpack

      1. 1

        thank you for that info. Hope they get it included in the future!

    1. 2

      Where would access.log be found in this case?

      1. 3

        /var/www/logs/access.log

        default chroot directory is /var/www

        default logdir directory is /logs

        default access log file is access.log

      1. 3

        I never use the default server. A 404 or 500 is just about right.

        The reason is: I don’t want somebody figuring out what the webserver is just by connecting to it by ip address.

        A plain default and virtual domains solves this.

        1. 2

          I like replying with an error when the Host is the IP e.g. http://203.0.113.4

          The default http server will redirect to the default https server e.g. https://203.0.113.4

          The TLS certificate offered will be the first one listed in relayd and it won’t match. If the certificate is accepted, it will 404 error because the document root /var/www/htdocs/203.0.113.4 does not exist.

          1. 1

            When/why is relayd necessary?

            I remember it used to be, perhaps before httpd SNI support. But why now?

            1. 4

              The httpd TLS configuration for the server isn’t aware of the macro $HTTP_HOST which is the host from the HTTP Host header. As such, TLS options are hard-coded in httpd.conf. It won’t be possible to have a default https server for general use unless the TLS server is outsourced to relayd.

        1. 7

          For being the default server, there does seem to be a lot of boilerplate config you still needs in the httpd config file. Why does one need to redefine the MIME types, are they not in there by default?

          1. 2

            Sometimes, the built-in media types are enough: text/css, text/html, text/plain, image/gif, image/png, image/jpeg, image/svg+xml, and application/javascript

            In addition, I merged the following lists:

          1. 3

            What no pictures!

            1. 7

              I’ll add some shortly :D

              Edit: Added some pictures!

              1. 2

                I like the the built-in camera cover, very nice feature (and laptop.)

            1. 4

              Tutorials would be a good resource, but one reason that you don’t find many is that they potentially need to be updated every 6 months - and no one ever seems to keep their tutorials up to date…

              There have been various threads on the OpenBSD misc@ list over the years, but as the developers put so much effort into producing great man pages, that has been the default answer to this issue.

              When I was starting with OpenBSD I already had The Complete FreeBSD by Greg Lehey as a handbook, as my journey with *BSDs started with FreeBSD, and then when I discovered OpenBSD in 2000, it remained a useful resource. FreeBSD still has their handbook some of which will be relevant to OpenBSD partly as both have their roots in 4.4 BSD.

              1. 2

                There are professional tutorials from events.

                1. 2

                  That’s actually one of the reasons I appreciated Burnett’s guide, because he keeps it updated with each new version. I can recommend it to someone with confidence that it’ll apply to the latest OpenBSD release.

                  I’m hoping to introduce some of my more enterprising students to OpenBSD and *nix in general next year, and a clear tutorial can be a solid resource to get them over the initial learning curve of interacting with a non-Windows or non-macOS system.

                  I agree that the manpages are an excellent resource, and a solid tutorial should lead users toward the manpages instead of StackOverflow.

                1. 2

                  Nice, I was actually starting to look at centralising my cloud services on an openbsd computer at home, this could do quite nicely.

                  1. 4

                    Warning: every time I see self-hosted email posted to HN there’s piles of people showing up talking about how bad it went. Esp message delivery not being reliable due to both infrastructure issues and blacklisting. It’s often different people saying it, too, which indicates these problems hit lots of people.

                    1. 5

                      It’s not necessarily trivial, but a lot of the people posting on HN with that kind of comment, when you inquire further, turn out to have been doing mass emailing, things like sending out large-distribution newsletters or transactional emails for a webapp. Deliverability for that kind of email is a whole different ballgame than just running a private email account.

                      For what it’s worth I’ve hosted my own email for about 5 years now and haven’t had any problems.

                      1. 3

                        There were also people that said it worked out fine for them. Just really hit and miss compared to self-hosting a web site or something. Email is often used for important stuff, too. I thought I should give a warning for that reason.

                      2. 4

                        This is a legitimate concern, to which I would like to add my anecdote.

                        I did the following for my personal email address, while looking at what signals rspamd uses for classification. I noticed that replying to a message will lower the spam score, as well as whitelist that message type if configured so.

                        Moreover, a similar mechanism exists in Protonmail’s Spamassassin configuration, as well as Gmail’s own Bayes classifier. This can be seen by inspecting X headers.

                        For this reason, I asked real free-email users (from my address book, not create accounts on free-email just for this) to send me a test email, to which I replied. From then on, my emails have negative spam score on Gmail and Protonmail. I will test with Outlook soon.

                        I don’t have any experience hosting multiple users, because it’s a different game involving privacy laws, tech support, and blacklist politics mentioned in other self-hosting email threads.

                        Edit: spelling and coherence (sry)

                        1. 2

                          I’m not sure yet whether I really want to do email yet, but I’ll definitely be moving http, git and a few other things. In the meantime I still have email with posteo and dismail.