BCHS: BSD, C, httpd, SQLite

BCHS is a software stack for web development. It uses a BSD based OS (operating system) as the server's system, in my opinion the best suited OS for servers is OpenBSD because it is designed with code correctness and proactive security in mind, it has it's own software ecosystem made to work best together, software we will be using is httpd, LibreSSL and clang. httpd is OpenBSD's own http server, it is much more minimal than something like nginx or apache, it has everything we need and it's already there. C is the simplest programming language, it's basically just a portable assembly with a set of development tools and libraries. We won't be using SQLite as we're just making a simple static website.

Network

  1. Open ports 80 and 443 on your router.
  2. Enable incoming connections on ports 80 and 443 in your system (OpenBSD) firewall. It's allowed by default.

OpenBSD

  1. doas rcctl enable httpd Start the server on startup automatically.
  2. doas rcctl enable slowcgi Start the slowcgi on startup automatically.
  3. doas rcctl start httpd Start server for now without the need to reboot.
  4. doas rcctl start slowcgi Start slowcgi for now without the need to reboot.
  5. doas vi /etc/httpd.conf Edit httpd config file.
server "http" {
    listen on * port 80 block return 301 "https://$HTTP_HOST$REQUEST_URI"
}
server "https" {
    listen on * tls port 443
    tls {
        certificate "/etc/ssl/lubiak.k.vu.crt"
        key "/etc/ssl/private/lubiak.k.vu.key"
    }
    fastcgi
    root "/cgi-bin/cgi"
}

C

  1. vi ~/cgi/cgi.c Edit the source code of your website.
#include <err.h> /* err(3) */
#include <stdlib.h> /* EXIT_xxxx */
#include <stdio.h> /* puts(3) */
#include <unistd.h> /* pledge(2) */
int main(void)
{
    if (pledge("stdio", NULL) == -1)
        err(EXIT_FAILURE, "pledge");
    puts("Status: 200 OK\r");
    puts("Content-Type: text/html\r");
    puts("\r");
    puts("<!DOCTYPE html>\n");
    puts("<html lang='en'>\n");
    puts("<head>\n");
    puts("<title>BASED WEBSITE</title>\n");
    puts("<meta charset='UTF-8'>\n");
    puts("<meta name='viewport' content='width=device-width, initial-scale=1'>\n");
    puts("</head>\n");
    puts("<body>\n");
    puts("<h1>Hello, world!</h1>\n");
    puts("</body>\n");
    puts("</html>\n");
    return EXIT_SUCCESS;
}
  1. vi ~/cgi/cgi.sh Automate the compilation and deployment of your source code.
#!/bin/sh
cc -static -g -W -Wall -Wextra -o cgi cgi.c
doas install -o www -g www -m 0500 cgi /var/www/cgi-bin

TLS

  1. openssl ecparam -name secp384r1 -genkey -noout -out /etc/ssl/private/lubiak.k.vu.key Generate a NIST/SECG curve over a 384-bit prime field ECDSA key.
  2. openssl req -key /etc/ssl/private/lubiak.k.vu.key -new -out /etc/ssl/private/lubiak.k.vu.csr Generate Certificate Signing Request, if you want to have a certificate signed by a Certificate Authority then give them /etc/ssl/private/lubiak.k.vu.csr and place the received certificate in /etc/ssl/lubiak.k.vu.crt, if you want to sign your certificate yourself (like I did) then go to the next step.
  3. openssl x509 -sha256 -req -days 365 -in /etc/ssl/private/lubiak.k.vu.csr -signkey /etc/ssl/private/lubiak.k.vu.key -out /etc/ssl/lubiak.k.vu.crt Generate a self-signed certificate that expires after 365 days.

Final deploying

  1. sh ~/cgi/cgi.sh Compile and deploy your source code.
  2. doas rcctl restart httpd Restart the httpd server to apply your configuration.

Related

openbsd · c · httpd · website · tls · bchs · ssl-certificate · networking · cgi