OpenBSD DNS Server with unbound and nsd

Table of Contents

Introduction

The default installation of OpenBSD comes with both unbound(8) and nsd(8); unbound is a validating, recursive, and caching DNS resolver that provides DNSSEC validation, while nsd is an authoritative name server that holds DNS records. The combination of the two running locally, means that name server lookups (i.e., requests to resolve domain names into IP addresses and vice versa) can be handled locally without being sent upstream to your ISP or another public name server such as Google. This almost completely prevents snooping or tampering …

more ...

Samba Filesharing Server on OpenBSD for macOS Client

Introduction

I do most of my work on one of two MacBooks—a 2014 Air or 2018 Pro—and occasionally on an older model Lenovo ThinkPad running OpenBSD 6.5. Staying synced between the two Macs is trivial as they're both in the cloud but apart from using my own Nextcloud server on an OpenBSD VPS for storing some personal data, I wanted a seamless option for filesharing between the ThinkPad and MacBooks when at home on the local network. This was a relatively pain-free task …

more ...

Time Machine Backups on OpenBSD with Netatalk

Introduction

Apple's automatic backup app Time Machine is a fantastic utility that does hourly, daily, and weekly backups of local snapshots. This enables you to restore the system to a previous state in the event of a catastrophic failure—a somewhat rare occurence on the ever-so-stable macOS. The caveat being that storage is limited to AFP (Apple Filing Protocol) compatible devices like the Apple AirPort Time Capsule. Fortunately, Netatalk provides an open source AFP file server that works flawlessly on OpenBSD, and setup is trivial.

Install Netatalk

Like most …

more ...

Boost Nextcloud Performance with Redis Cache on OpenBSD

Introduction

A PHP memory caching utility such as Redis can significantly decrease load times, speeding up PHP requests by storing compiled files for quicker retrieval.

Install Redis

Both the Redis database and PHP interfacing extension need to be installed:

# pkg_add redis pecl-redis

Add to rc.d to run at startup and then start Redis:

# rcctl enable redis
# rcctl start redis

Redis and Nextcloud Configuration

First, make the directory with appropriate ownership and permissions in the chroot where Redis will create the unix socket file:

# mkdir /var/www/redis
# chown …
more ...

Let's Encrypt HTTPS with acme-client on OpenBSD

Introduction

Since OpenBSD 5.9, the base system comes with acme-client: an open source implementation in C that requests a free HTTPS/TLS certificate from the Let’s Encrypt Certificate Authority. It is really simple to setup and even easier to use. And once your certificate is issued, a cronjob will ensure your website stays TLS encrypted for the remainder of its lifetime.

ACME Setup

Open the file /etc/acme-client.conf in your favourite editor and ensure both instances of the agreement url contain the most up-to-date link. Then …

more ...

OpenBSD Web Server with httpd, MariaDB, PHP and WordPress

Introduction

The ubiquitous LAMP (Linux / Apache / MySQL / PHP) Stack that runs on just about every private or SOHO, and even enterprise level, deployment has scores of guides available across the Internet. If you are establishing your own web server for the first time, you can google "LAMP Stack $linux_flavour" and Google will return thousands of results; many of them up-to-date and accurate enough that you can reliably follow the steps provided to deploy a secure production environment where you can serve anything from your WordPress blog …

more ...