https://www.brandlogo.org/wp-content/uploads/2022/07/OpenBSD-Logo.png

Nginx has been the main reverse proxy / load balancer for everything out and inside of my home network. With the claims of OpenBSD being the most secure OS in the world. Well seems like a solid base for you proxy / load balancing needs. This guide will not cover installing OpenBSD and will assume you already have a running version of 7.3 with a network connection.

Guide

  1. Git clone https://github.com/nginx/nginx and cd into the nginx directory

    git clone https://github.com/nginx/nginx && cd nginx

  2. Create "configure" script for building nginx

    #!/bin/sh

# Copyright (C) Igor Sysoev
# Copyright (C) Nginx, Inc.


LC_ALL=C
export LC_ALL

. auto/options
. auto/init
. auto/sources

test -d $NGX_OBJS || mkdir -p $NGX_OBJS

echo > $NGX_AUTO_HEADERS_H
echo > $NGX_AUTOCONF_ERR

echo "#define NGX_CONFIGURE \"$NGX_CONFIGURE\"" > $NGX_AUTO_CONFIG_H


if [ $NGX_DEBUG = YES ]; then
 have=NGX_DEBUG . auto/have
fi


if test -z "$NGX_PLATFORM"; then
 echo "checking for OS"

 NGX_SYSTEM=`uname -s 2>/dev/null`
 NGX_RELEASE=`uname -r 2>/dev/null`
 NGX_MACHINE=`uname -m 2>/dev/null`

 echo " + $NGX_SYSTEM $NGX_RELEASE $NGX_MACHINE"

 NGX_PLATFORM="$NGX_SYSTEM:$NGX_RELEASE:$NGX_MACHINE";

 case "$NGX_SYSTEM" in
     MINGW32_* | MINGW64_* | MSYS_*)
         NGX_PLATFORM=win32
     ;;
 esac

else
 echo "building for $NGX_PLATFORM"
 NGX_SYSTEM=$NGX_PLATFORM
fi

. auto/cc/conf

if [ "$NGX_PLATFORM" != win32 ]; then
 . auto/headers
fi

. auto/os/conf

if [ "$NGX_PLATFORM" != win32 ]; then
 . auto/unix
fi

. auto/threads
. auto/modules
. auto/lib/conf

case ".$NGX_PREFIX" in
 .)
     NGX_PREFIX=${NGX_PREFIX:-/usr/local/nginx}
     have=NGX_PREFIX value="\"$NGX_PREFIX/\"" . auto/define
 ;;

 .!)
     NGX_PREFIX=
 ;;

 *)
     have=NGX_PREFIX value="\"$NGX_PREFIX/\"" . auto/define
 ;;
esac

if [ ".$NGX_CONF_PREFIX" != "." ]; then
 have=NGX_CONF_PREFIX value="\"$NGX_CONF_PREFIX/\"" . auto/define
fi

have=NGX_SBIN_PATH value="\"$NGX_SBIN_PATH\"" . auto/define
have=NGX_CONF_PATH value="\"$NGX_CONF_PATH\"" . auto/define
have=NGX_PID_PATH value="\"$NGX_PID_PATH\"" . auto/define
have=NGX_LOCK_PATH value="\"$NGX_LOCK_PATH\"" . auto/define
have=NGX_ERROR_LOG_PATH value="\"$NGX_ERROR_LOG_PATH\"" . auto/define

if [ ".$NGX_ERROR_LOG_PATH" = "." ]; then
 have=NGX_ERROR_LOG_STDERR . auto/have
fi

have=NGX_HTTP_LOG_PATH value="\"$NGX_HTTP_LOG_PATH\"" . auto/define
have=NGX_HTTP_CLIENT_TEMP_PATH value="\"$NGX_HTTP_CLIENT_TEMP_PATH\""
. auto/define
have=NGX_HTTP_PROXY_TEMP_PATH value="\"$NGX_HTTP_PROXY_TEMP_PATH\""
. auto/define
have=NGX_HTTP_FASTCGI_TEMP_PATH value="\"$NGX_HTTP_FASTCGI_TEMP_PATH\""
. auto/define
have=NGX_HTTP_UWSGI_TEMP_PATH value="\"$NGX_HTTP_UWSGI_TEMP_PATH\""
. auto/define
have=NGX_HTTP_SCGI_TEMP_PATH value="\"$NGX_HTTP_SCGI_TEMP_PATH\""
. auto/define

. auto/make
. auto/lib/make
. auto/install

# STUB
. auto/stubs

have=NGX_USER value="\"$NGX_USER\"" . auto/define
have=NGX_GROUP value="\"$NGX_GROUP\"" . auto/define

if [ ".$NGX_BUILD" != "." ]; then
 have=NGX_BUILD value="\"$NGX_BUILD\"" . auto/define
fi

. auto/summary

  3. Create the build.sh script with the contents below

    #! /bin/sh
./configure --sbin-path=/usr/local/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--with-http_ssl_module \
--http-log-path=/var/log/nginx.log \
--error-log-path=/var/log/nginx-error.log \
--http-fastcgi-temp-path=/var/tmp/fastcgi_tmp \
--http-proxy-temp-path=/var/tmp/proxy_tmp \
--http-client-body-temp-path=/var/tmp/client_body_temp \
--with-http_stub_status_module \
--user=www --group=www \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_image_filter_module=dynamic \
--with-http_gzip_static_module \
--with-http_gunzip_module \
--with-http_perl_module=dynamic \
--with-http_realip_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_xslt_module=dynamic \
--with-mail=dynamic \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--without-pcre2

  4. Install needed dependencies to build

    doas pkg_add pcre libxslt gd
  5. Build nginx by running the build.sh script we created
  6. Once the build completes we can go ahead and run a "make install" to install the build

  7. Create rcctl script in /etc/rc.d/nginx and then enable execute "chmod +x /etc/rc.d/nginx"

    #!/bin/ksh

daemon="/usr/local/sbin/nginx"

. /etc/rc.d/rc.subr

pexp="nginx: master process ${daemon}${daemon_flags:+ ${daemon_flags}}"
rc_stop_signal=QUIT

rc_configtest() {
${daemon} ${daemon_flags} -t
}

rc_cmd $1

  8. Enable and start nginx service

    doas rcctl enable nginx && doas rcctl start nginx
  9. At this point we should be able to open nginx on our browser "http://localhost" and receive the welcome page

Final Notes

Nginx is now deployed and ready to be used on our shiny new OpenBSD 7.4 install. In the next few posts I will cover some very basic configuration files for using nginx as a reverse proxy.