a secure web server

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

a secure web server

Arthur Bela
I want to use a secure web server on OpenBSD.

It would serve only static html filest, no cgi, no php, etc.

It just have to be secure, no need to be fast, just secure [only using
it with https].

What would be the best web server software?

nginx?
apache?
lighthttpd?

Thank you for any proposals.

Have a nice day!

Reply | Threaded
Open this post in threaded view
|

Re: a secure web server

Jordi Espasa Clofent-5
http://www.openbsd.org/faq/faq1.html#Included

"Our improved and secured version of the Apache 1.3 web server. The
OpenBSD team has added default chrooting, privilege revocation, and
other security-related improvements. Also includes mod_ssl and DSO
support. "

The httpd included by default in the system is exactly what your are
looking for.
;)

--
I must not fear. Fear is the mind-killer. Fear is the little-death that
brings total obliteration. I will face my fear. I will permit it to pass
over me and through me. And when it has gone past I will turn the inner
eye to see its path. Where the fear has gone there will be nothing. Only
I will remain.

Bene Gesserit Litany Against Fear.

Reply | Threaded
Open this post in threaded view
|

Re: a secure web server

Dave Wilson-10
In reply to this post by Arthur Bela
On 24/05/2010 11:44, Jozsi Vadkan wrote:

> I want to use a secure web server on OpenBSD.
>
> It would serve only static html filest, no cgi, no php, etc.
>
> It just have to be secure, no need to be fast, just secure [only using
> it with https].
>
> What would be the best web server software?
>
> nginx?
> apache?
> lighthttpd?
>
> Thank you for any proposals.
>
> Have a nice day!
>

Handily, there happens to be just such a web server that comes as part
of the standard OpenBSD install. Secure, chrooted, supports SSL, sane
defaults out of the box. See man httpd(8), or take a look at
http://www.openbsd.org/cgi-bin/man.cgi?query=httpd

http://www.openbsd.org/faq/faq10.html#HTTPS will also help, and deals
specifically with setting up an SSL-enabled server.

As a side note, might I humbly recommend that in future a certain amount
of Googling, or even just browsing around the FAQ by hand, might bring
better results than just asking this list, which generally prefers to
focus on more complex issues, ie ones not already well-documented in the
man pages, the FAQ, and answered repeatedly in the archives of this list.

Cheers,

Si1entDave

--

Yes, I know, I've just defeated my own argument by giving him his
answers on a platter, and thus reinforcing said behaviour, but what the
hell, its a nice sunny day here in Coventry. I'm in a good mood :-)

Reply | Threaded
Open this post in threaded view
|

Re: a secure web server

Francesco Vollero
In reply to this post by Arthur Bela
Il 24/05/10 12.44, Jozsi Vadkan ha scritto:
> I want to use a secure web server on OpenBSD.
>
>    
It's a real generalistic idea.
> It would serve only static html filest, no cgi, no php, etc.
>
> It just have to be secure, no need to be fast, just secure [only using
> it with https].
>
>    
What you mean with "secure"?
Not vulnerable to any attacks?
Can resist to DDoS of thousands machines?
Noone found that you set "asd" or "asdasd" as root password?

> What would be the best web server software?
>
> nginx?
>    
It's a reverse proxy and referring to proxy definition implement a light
webserver. Have a small footprint and someone[1] say fast because
implement nonblocking I/O.
> apache?
>    
maybe yes, but it's more than you need
> lighthttpd?
>    
better no.
> Thank you for any proposals.
>
> Have a nice day!
>
>    
[1] https://calomel.org/nginx.html