My OpenBSD Home Server "Phobos2"

Page started: 2025-08-30

Draft!

This page is a draft and may be incomplete, incorrect, or just a stub or outline. I've decided to allow myself to put draft pages on my website as an experiment. I'm hoping they will:

Help me address my backlog of article ideas.
Serve as a "living" TODO list of things to work on.
Be useful to myself or others in their incomplete forms.

As always, I'm happy to accept feedback on anything I publish including draft content.

Notes for my OpenBSD setup. Work in progress as I transition my Slackware linux home setup to OpenBSD.

Functions:

My one true home directory for
- Software development
- Working on this website
- Notes (although 95% of those are on the website now)
File storage (ebooks, music, etc.)
Repo hosting
Manual file sync (bin, dotfiles, etc.)
Nightly offsite backups to Tarsnap
Home web server for files, projects, and misc.

Initial setup

I don’t have much here yet. Standard install (hit Enter a lot).

Setup doas for the wheel group.

Packages

Adding OpenBSD packages really couldn’t be much easier:

pkg_add vim

vim - I can use the nvi that ships with OpenBSD, but I’m used to Vim.
colorls - I do find coloring the output of things like directories to be useful.
ruby - I use Ruby quite a bit as a general-purpose scripting language. I’m trying out 3.4.2 and I followed the instructions after adding to make a bunch of symlinks to make it the default system ruby.

TODO: keeping this list on pg 25 of desk notebook

Some nice things

add some pretty colors with ksh PS1 customization and colorls

I started here:

https://nanxiao.me/en/customize-ksh-display-for-openbsd/

And then constumized until I had something that felt familiar and comfortable:

# pretty colors
export PS1='\033[34m\h:\w\$\033[0m '
export LSCOLORS=fxexcxdxbxegedabagacad
alias ls='colorls -G'

TODO: this should be on a separate page: In fact, I’m thinking this whole thing ought to be a collection of pages, really!

httpd

Viewing with $ cat /etc/httpd.conf:

# After changes, test with:
#
#   doas httpd -n
#
# Then soft restart with:
#
#   doas rcctl reload httpd
#

# ============================================================================
# Catch-all for computer - this is the catch-all because it comes first in the
# list: "If a request does not match any server name, it is handled by the
# first defined server section that matches the listening port."
# ============================================================================
server "phobos2" {
    listen on * port 80

    location "*.php" {
        fastcgi socket "/run/php-fpm.sock"
    }
}


# =============================================
# fam-test.ratfactor.com
# =============================================
server "fam-test.ratfactor.com" {
    listen on * port 80

    # Relative to the chroot of /var/www/
    root "/htdocs/famsite"
    directory index "index.php"

    location "*.php" {
            fastcgi socket "/run/php-fpm.sock"
    }

    # allow huge images (giant nasa nebula PNG is 30Mb)
    #                 in bytes:  M  K  B
    connection max request body 50000000
}

Set directory permissions:

phobos2$ doas chown dave /var/www/htdocs

That’s it. The perms look like this:

drwxr-xr-x  4 dave  daemon  512 Sep  6 19:28 htdocs

I was able to create a test htdocs/index.html without changing anything else and serve it from httpd no problem.

PHP, php-fpm

$ doas pkg_add php

I selected v8.4 from the choices. The OpenBSD PHP package comes with PHP-FPM.

Start up php-fpm:

phobos2:~$ rcctl ls off | ag php
php84_fpm
phobos2:~$ man rcctl
phobos2:~$ doas rcctl enable php84_fpm
phobos2:~$ doas rcctl start php84_fpm
php84_fpm(ok)

Note that PHP errors end up in the httpd error log:

$ tail /var/www/logs/error.log

SQLite3 plus PHP’s PDO driver for Sqlite3:

$ doas pkg_add sqlite3 php-pdo_sqlite-8.4.12

If you try to use it now, you’ll get:

PHP Fatal error:  Uncaught PDOException: could not find driver

Since the driver is installed, this error is due to the driver module not having been enabled in php.ini. The OpenBSD package has provided a sample file. It just needs to be copied to the php config directory. PHP-FPM will need to be restarted to pick up this change.

phobos2:~$ doas cp /etc/php-8.4.sample/pdo_sqlite.ini /etc/php-8.4/
phobos2:~$ doas rcctl restart php84_fpm
php84_fpm(ok)
php84_fpm(ok)

File permissions are really important for getting any database files writeable. I put mine in a new data/ directory outside of htdocs/ but inside the chroot for httpd.

In short, I’ve chosen to make myself the owner and allow read/write for the www group.

Here’s the magic sauce to create the new data directory:

$ cd /var/www
$ doas mkdir data
$ doas chown dave data
$ doas chgrp www data
$ chmod g+w data

And here’s creating the SQLite3 database:

$ cd /var/www/data
$ sqlite3 foo.db
sqlite> .read my-new-db-script.sql
...
$ doas chgrp www foo.db
$ chmod g+w foo.db

End result:

$ cd /var/www
$ ls -l
...
drwxrwxr-x   2 dave  www     512 Sep  6 20:54 data

$ cd data
$ ls -l
-rw-rw-r--  1 dave  www  16384 Sep  6 20:54 famsite.db

And my PHP application can now write to it!