The main usage for the droplet should be a webserver. And my webserver of choice is nginx.

For the time being I'll go with the nginx-lite variant. Later I might use another package or build nginx by the port system.

remote> sudo pkg install nginx-lite

The webserver should start when the system is started, so enable it in rc.conf

remote> sudo vim /etc/rc.conf

And start the webserver with sudo service nginx start. If the proper DNS entry is pointing at your server you should see an (error) page when acessing

Since I plan to serve at least two different sites from the same installation, I'll split up the nginx-config in a base config and site specific files

remote> cd /usr/local/etc/nginx
remote> sudo mkdir sites-available
remote> sudo mkdir sites-enabled
remote> sudo vim nginx.conf
user  www;
worker_processes  1;

# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# for more info. 
error_log  /var/log/nginx/error.log;

# pid        logs/;

events {
    worker_connections  1024;

http {
    # Basic Settings

    include       mime.types;
    default_type  application/octet-stream;

    # access log is deliberatly turned off
    # log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    # access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    # Gzip Settings

    gzip  on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 2;
    gzip_buffers 16 8k;
    gzip_http_verison 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    # SSL Setttings

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # dropping SSLv3
    ssl_prefer_server_ciphers on;
    ssl_session_cache builtin:1000 shared:SSL:10m;

    # Virual Host Configs
    include /usr/local/etc/nginx/sites-enabled/*

Reloading the service should be sucessful.

remote> sudo service nginx reload
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful

But reloading the site will not even show an error page since there is no host config. So let's create one:

remote> cd /usr/local/etc/nginx/sites-available
remote> sudo vim default.conf
server {

    listen 80 default_server;
    listen [::]:80;
    server_name _; # an invalid name that will never trigger on a real host name

    server_name_in_redirect off;

    location / {
        root   /usr/local/www/default;
        index  index.html index.htm;


We need to link the site in sites-enabled

remote> cd ../sites-enabled
remote> ln -s ../sites-available/default.conf

And of cause we should add an index.html in the right location and adjust the owner and group

remote> cd /usr/local/
remote> sudo mkdir www
remote> cd www
remote> sudo mkdir default
remote> sudo chown www:www default
remote> cd default
remote> sudo -u www vim index.html
            body {
                padding: 7em 10em;
                background-color: #eee;
                font-family: sans-serif;
                color: #222; }
            h1 { margin-bottom: 1.5em; }
        <p>But is here nothing to see?</p>
        <p>Not yet.</p>
        <p>Check back later.</p>
        <p>I a month or a year or two</p>

Reloading the service and revisiting the site in the browser should now show a simple page.

Last edited on 2018-02-28