Own Web Server
Table of Contents
I want to host this site (
ohio.araw.xyz) in a server that I physically have with me.
Simply put, a server is just like any other computer, with lots of functionalities, like providing services or serving files to other computers (clients, as they are called in this context) that access it.
In my use case, I will use it to host the HTML files of this site, and serve it to you, visitors, through your device/s (clients).
The server will actually be an old laptop that’s just lying around here. And it’s not actually mine. The MSI Wind Netbook belongs to Isya, and I got her permission to use it for this project.
Specifications of the Machine
- Bluetooth 2.0
- CPU: 1.66-GHZ Intel Atom N280
- Display size: 10.2"
- Graphics card: Intel GMA 950
- Hard drive size: 80Gb
- Hard drive speed: 5,400rpm
- Hard drive type: SATA hard drive
- Native resolution: 1024x600
- Operating system (OS, default): MS Windows XP Home
- Ports (excluding USB): VGA, Microphone, Headphone, Ethernet
- RAM: 2Gb
- Weight: 1.45 kg (3.2 lbs)
- Wifi: 802.11b/g
By today’s standards, it’s an old machine. If the numbers don’t make sense to you, just look at the OS: it shipped with Windows XP!
Back in the day, Windows XP received many praises for its performance. These days, though, it’s vulnerable to a lot of cyberattacks, more so that Microsoft has stopped supporting it since 2014. And yet, some institutions still use it. If their computers are connected to the Internet, they are exposed to black hat hackers.
… but works fine.
Just because it’s old doesn’t mean it’s no longer valuable. For its age, its quick to boot up. It would likely improve if and when the hard drive is replaced with a solid state drive, although, doing so is really unnecessary.
In its current state, it “runs out of breath” trying to run modern applications with its very limiting hardware.
The next best thing is to refurbish it into something that isn’t resource intensive. This project will also be a learning process for me on how to manage my own small server.
A suitable operating system
To many system administrators (sysadmin), a suitable operating system (OS) could mean many different things.
I’m no sysadmin by profession, so the OS I want running in this homebrew server shall be stable, requires minimal maintenance, and is (relatively) easy to set up.
It shouldn’t require much effort, knowing that my use case—serving static files of small personal website—is simple enough.
At the moment, I have considered these two OS, because they still have support for 32-bit architecture (which this laptop has), and meet my requirements above:
I also have experience in using both, albeit in a 64-bit architecture.
Using OpenBSD as a server
OpenBSD is a fully functional, Unix-like OS based on Berkeley Networking Release 2 (Net/2) and 4.4BSD-Lite.
For now, I choose OpenBSD as a server because it’s simpler to set up. As a result of its simplicity, it’s also hailed as one of the most secure OS out there.
Before anything else, a disclaimer: While I’ll do my best to update this document, assume that the most recent documentation there is can be found over at the OpenBSD website. Their manual pages contain the details needed to operate a machine running on OpenBSD, and is entirely available offline on a base install.
Installing OpenBSD on bare metal
If you’re new to the system, I highly recommend to go over the OpenBSD FAQ - Installation Guide at least once.
I downloaded the image from a Debian-based system, through the terminal, so most of the commands here are based on that.
1. Download the installer
curl -OJ http://mirror.rise.ph/pub/OpenBSD/6.9/i386/install69.img
2. Create Install Media in Flash Drive
Plug in the USB stick.
The following command assumes that the disk is recognized as
df -h, or
lsblk commands, as root if need be.
sudo dd if=install*.img of=/dev/sdc1 bs=1M
dd utility copies the standard input
if (or input file) to the standard output
of (or output file, which, in this case, is the USB drive).
bs stands for block size, and we set it to 1 megabyte.
In my case, the successful output is:
450+0 records in 450+0 records out 471859200 bytes (472 MB, 450 MiB) copied, 31.9492 s, 14.8 MB/s
3. Proceed with the Installation.
Insert the USB drive into the machine. Boot from the USB drive.
On the prompt, select **(i)**nstall and answer the questions.
The default answers are sane. Most of my choices are the default ones.
Below is an incomplete list of questions during the installation, that I put here to remind my FutureSelf of the choice I made:
DNS domain name? araw.xyz
Do you want the X Window System to be started by xenodm(1)? no2
Which disk contains the install media? sd03
Directory does not contain SHA256.sig. Continue without verification? yes
Reboot after installation.
Then login as root.
rcctl enable apmd rcctl set apmd flags -a -z 7 rcctl start apmd
apmd is Advanced Power Management Daemon.
-a option means BIOS-initiated suspend or standby requests are ignored if the system is connected to line current (plugged) and not running from batteries.
-z option means to automatically suspend the system if no AC is connected and the estimated battery life is equal or below
Add username to
echo 'permit yourUserName' > /etc/doas.conf
Reboot to make the changes.
Set up wi-fi and ethernet networks
Before doing anything else, it’s important to be connected to the internet.
This is to update any firmwares (using
fw_update) and patches (using
Most OpenBSD developers recommend using ethernet if it’s available. It’s reliable and secure.
Network interfaces are named by taking the shorthand version of the network card.
This laptop has
re(4), i.e. Realtek 8139C+/8169/816xS/811xS/8168/810xE 10/100/Gigabit Ethernet device.
To set it up, I created a file
/etc/hostname.re0 using vi4, and put these two lines in:
To make the file
/etc/hostname.re0 belong to the
root (the super user) and
wheel, and to set the necessary permissions, I entered these commands as root:
chown root:wheel /etc/hostname.re0 chmod 0640 /etc/hostname.re0
Activate the ethernet connection by entering this as root:
If successful, it’s possible now to update the firmwares. Enter as root:
This laptop has wi-fi capabilities, but isn’t immediately compatible due to firmware issues.
As mentioned, firmware can be updated by
fw_update if ethernet connection was successful.
Otherwise, skip to the next section to get the firmware updates.
This laptop has
ath(4), i.e. Atheros IEEE 802.11a/b/g wireless network device with GPIO.
To set up the wifi, I created a file
/etc/hostname.athn0 as root and input these following lines:
nwid myHomeWiFi wpakey p@s&w0rD dhcp up
Like with the ethernet, specify that the file belongs to
wheel, set the permissions, and activate the connection by entering the following lines, as root:
chown root:wheel /etc/hostname.athn0 chmod 0640 /etc/hostname.athn0 sh /etc/netstart
Installing the needed firmware (from another device)
Not everything might work as expected. Ethernet might not work out of the box. Wi-fi is unlikely to work, too, if the firmwares aren’t updated. If you find yourself in this situation, there’s another solution: get the firmware files from another computer that’s connected to the internet.
- On your OpenBSD machine,
fw_updatewill determine the firmwares needed which are:
- On the other device (the one connected to the internet), I downloaded the firmwared files from http://firmware.openbsd.org.
However, the USB drive to which I would save these must be formatted as FAT32.
(OpenBSD can’t natively read ext4 or NTFS partitions.)
- There are different ways to format a USB drive to FAT32, depending on the platform you’re doing the formatting on.
In my Debian-like system, I installed
sudo apt install dosfstools
- I plugged in and located the USB drive by running this in terminal:
In my case, it’s
- Unmount the USB drive, because it can’t be formatted when mounted:
sudo umount /dev/sdc
- I created a new partition table, which will be
sudo parted /dev/sdc --script -- mklabel msdos
- I specified that the whole drive must be of FAT32 file system, primary partition type:
sudo parted /dev/sdb --script -- mkpart primary fat32 1MiB 100%
- Format the drive to FAT32:
sudo mkfs.fat -F 32 -I /dev/sdc
- (Optional) To check if the device has been partitioned correctly:
sudo parted /dev/sdc --script print
- There are different ways to format a USB drive to FAT32, depending on the platform you’re doing the formatting on. In my Debian-like system, I installed
- Insert the USB drive that has now the firmware files to the OpenBSD machine.
As root, enter
diskutil list. The USB drive will appear to have several partitions, e.g. sd1c.
- Create a mount point under /mnt (as root):
- Mount the USB (as root):
mount /dev/sd1i /mnt/usb
- Once mounted, install the firmware manually (as root):
fw_update -p /mnt/usb
In this laptop, I’m going install several binaries from the ports, namely git (version control system), and neovim (text editor). To install in one go, enter as root:
pkg_add git neovim
SSH Server and Client
In order for the client to connect to the server, a user account must be created on the server. During OpenBSD install, I had already created a user.
Now, to set up the SSH5:
Before generating, be sure to check first whether there are any existing ones.
ls -al ~/.ssh to do that.
Check the listing to see if public SSH key (sometimes referred to as “pubkey”) already exists.
To generate a new key:
- Enter this in the terminal:
ssh-keygen -t ed25519 -a 100
-t ed25519option specifies the type of key;
-a 100option specifies the number of key derivation function rounds used.
- Follow the prompts. I left the defaults as they are, but feel free to configure for your use case.
- In order to add key, start the ssh-agent in the background.
eval "$(ssh-agent -s)"
- Add the SSH private key to the ssh-agent.
- When going to the remote server using SSH, you’ll be prompted for a password everytime.
Instead of that, we can use the SSH key.
Copy that into the remote server:
This will prompt you one last time for the password of the server. If successful, the server will no longer prompt you for password everytime you SSH into it.
Server Side (the OpenBSD machine)
A few tweaks are needed to make SSH a pleasant experience.
- Login—or SSH into—the server:
# find PasswordAuthentication, comment it out, # and turn 'yes' to 'no' # so bad actors can't login even if they know the passwd PasswordAuthentication no # find PermitRootLogin, comment it out, # and turn 'no' to 'yes' # so rsync can access the root when syncing files PermitRootLogin yes
Web Server on OpenBSD
Now we’re at the heart of this project: to make this old laptop a working server for this site. Let’s start by configuring httpd, the native HTTP daemon in the OpenBSD.
Enable HTTPS with acme-client(1) and Let’s Encrypt
Add HTTP security headers with relayd(8)
Other Noteworthy Inconveniences
In this section, I’ll discuss the obstacles that I had to go through.
LAN Ports problem
At the time of writing, our internet service provider is PLDT Home Fibr. Subscription comes with an actual telephone and a router. The router has four LAN ports.
To improve the reach to the second floor of our home, we connected another router (Xiaomi brand) to LAN port 1. This second router has been working well since.
By default, LAN ports 2, 3, and 4 are disabled. I didn’t know that. When first setting up the ethernet connection for the OpenBSD machine, it wasn’t detecting anything.
During troubleshoot, I tried the three remaining ports with different ethernets that were available to me at the time. None of this approaches worked.
- Always read the official documentations. In the case of OpenBSD, their man pages are superb, and is available already in the base install. Be patient to go through them.
- Check with your internet service provider whether some things need to be done first, before setting up a homebrew server.
It’s just a server that provides the exact copy of data from another server. Usually to provide a means of redundancy. ↩︎
Since this is going to be a server, I don’t need graphical user interface. ↩︎
The USB drive. This might be different for every other machine. At any point during the installation, type
?to list the possible choices. ↩︎
vi is a text editor already present in the base install of OpenBSD. I’m familiar with it, but ultimately I’ll use (neo)vim. ↩︎
The SSH (secure shell) protocol uses encryption to secure the connection between a client and a server. All user authentication, commands, ouput, and file transfers are encrypted to protect against attacks in the network. For more info: https://www.ssh.com ↩︎
Comments, suggestions? Email me at
Helpful? Consider supporting me.