Install the OpenBSD VM on the Linux host:
# virsh pool-list --all --details
Name State Autostart Persistent Capacity Allocation Available
----------------------------------------------------------------------------------
data-libvirt running yes yes 468.45 GiB 180.09 GiB 288.36 GiB
--- bava !5106 ~ % osinfo-query os | grep openbsd | tail -1
openbsd5.8 | OpenBSD 5.8 | 5.8 | http://openbsd.org/openbsd/5.8
$ curl https://fastly.cdn.openbsd.org/pub/OpenBSD/6.2/amd64/install62.iso -o ~/Downloads/openbsd-install62.iso
# xhost local:root
# virt-install \
--name=openbsd62 \
--disk pool=data-libvirt,cache=none,format=qcow2,size=20 \
--os-variant=openbsd5.8 \
--cdrom $HOME/Downloads/openbsd-install62.iso \
--vcpus=1 \
--ram=512 \
--graphics spice \
--network bridge=br0
We configure the guest with the IP address 10.0.0.80.
Remember to remove the CD after guest installation:
# virsh change-media openbsd62 /home/paulgorman/Downloads/openbsd-install62.iso --eject
Configure the new OpenBSD guest as a web server, and also to provide resolving DNS for one other host (10.0.0.10).
Edit /var/unbound/etc/unbound.conf:
server:
interface: 10.0.0.80
access-control: 10.0.0.10 allow
Note the existence of /etc/examples/httpd.conf and the man page httpd.conf(5).
Edit /etc/httpd.conf:
#
# Macros
#
ext_addr="127.0.0.1"
#
# Global Options
#
prefork 3
types {
include "/usr/share/misc/mime.types"
}
#
# Servers
#
server "example.com" {
listen on $ext_addr port 80
listen on $ext_addr port 443
root "/example.com"
tls certificate "/etc/ssl/letsencrypt/fullchain.pem"
tls key "/etc/ssl/letsencrypt/private/privkey.pem"
directory {
auto index,
index "index.html"
}
location "/private/*" {
authenticate with "/htpasswd"
directory index "index.php"
}
location "/.well-known/acme-challenge/*" {
root {
"/acme"
strip 2
}
}
}
Enable and start the services:
# rcctl enable unbound
# rcctl start unbound
# rcctl enable httpd
# rcctl start httpd
Sun Nov 5 10:58:05 EST 2017