Example OpenBSD 6.1 httpd.conf for SNI

I just wanted to share a pointer on how I have
setup httpd/SNI in OpenBSD 6.1 to work with HTTPS redirect and
acme-client. I used the following httpd.conf which works well:

# $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $

server “example.com” {
listen on * port 80
listen on :: port 80
alias secure.example,com
alias www.example.com

log { access “example.com-access.log”, error “example.com-error.log” }

location “/.well-known/acme-challenge/*” {
root “/htdocs/example.com/acme”
root strip 2
}
location “/*” {
block return 301 “https://$SERVER_NAME$REQUEST_URI”
}
}

server “example.com” {
listen on * tls port 443
listen on :: tls port 443
alias secure.example.com
alias www.example.com

log { access “example.com-sslaccess.log”, error “example.com-sslerror.log” }

tls certificate “/etc/ssl/example.com.fullchain.pem”
tls key “/etc/ssl/private/example.com.key.pem”

directory { index “index.php” }
location “*.php” { fastcgi socket “/run/php-fpm.sock” }

root “/htdocs/example.com/”
}

Leave a Reply

Your email address will not be published. Required fields are marked *