Differences

This shows you the differences between two versions of the page.

--- install:openbsd [2023-08-23 22:27] – Note small bugs in the OpenBSD ports and their fixes fiwswe
+++ install:openbsd [2023-09-09 14:11] (current) – Include a better httpd(8) configuration fiwswe
@@ Line 76: / Line 76: @@
 </code>
-Note: The above is a very generic minimal configuration. You SHOULD probably set DokuWiki up to use HTTPS so that login credentials will be transferred securely. It is fairly easy to do this using e.g. [[https://letsencrypt.org|Let's Encrypt]] and [[https://man.openbsd.org/acme-client.1|acme-client(1)]]. Simply redirect all requests on port 80 to port 443, except for the ACME challenge and change the above ''listen'' statements to port 443 and add the appropriate ''tls {}'' configuration.
+Note: The above is a very generic minimal configuration. It assumes yo can access DokuWiki using the url ''%%http://%%//<your-ip>//%%/dokuwiki/%%'' or locally using ''%%http://localhost/dokuwiki/%%'' You SHOULD probably set DokuWiki up to use HTTPS so that login credentials will be transferred securely. It is fairly easy to do this using e.g. [[https://letsencrypt.org|Let's Encrypt]] and [[https://man.openbsd.org/acme-client.1|acme-client(1)]]. Simply redirect all requests on port 80 to port 443, except for the ACME challenge and change the above ''listen'' statements to port 443 and add the appropriate ''tls {}'' configuration.
+A slightly better configuration which would be accessible using the url ''%%https://%%//<your-hostname>//%%/%%'' (using ''wiki.example.com'' as the hostname for this example) might look like this:
+<code autoconf>
+# Redirect HTTP requests to HTTPS and handle ACME certificate verification
+# requests.
+server "wiki.example.com" {
+	listen on * port 80
+	# Add other hostnames here if you have multiple virtual hosts that
+	# require the same functionality. No need to write extra server {}
+	# blocks for them.
+	# alias "other.host.name"
+	block return 301 "https://$HTTP_HOST$REQUEST_URI"
+	location "/.well-known/acme-challenge/*" {
+		pass
+		root "/acme"
+		request strip 2
+	}
+}
+# This is the server for hosting a DokuWiki website.
+server "wiki.example.com" {
+	# Always use HTTPS so that login credentials are encrypted.
+	listen on * tls port 443
+	tls {
+		# Adjust these paths for the ones your certificate uses.
+		certificate "/etc/ssl/fullchain.pem"
+		key "/etc/ssl/private/privkey.key"
+	}
+	# If you are using the default DokuWiki as installed from the
+	# OpenBSD dokuwiki port then this is your root directory. If
+	# you are using a manual installation, adjust as needed.
+	root "/dokuwiki"
+	# Make sure that https://<hostname>/ works (in addition to
+	# https://<hostname>/doku.php)
+	directory index doku.php
+	# Block some things.
+	# Note: The first matching location statement wins. Thus the
+	# order is important.
+	location "*~" { block }
+	location ".*" { block }
+	location "/data/*" { block }
+	location "/conf/*" { block }
+	location "/bin/*" { block }
+	location "/inc/*" { block }
+	location "/vendor/*" { block }
+	# If nothing was blocked then handle PHP scripts.
+	location "*.php" {
+		# If you are running multiple versions of php-fpm
+		# you may need to adjust the socket path.
+		fastcgi socket "/run/php-fpm.sock"
+	}
+}
+</code>
 Don't forget to check your configuration using ''httpd -n''! If all is well you can start httpd(8) using: