Documentation

OpenBSD 7.4 Installation

The supported OpenBSD 7.4 install path for DesertCMS, including dry-run planning, packages, filesystem layout, httpd, slowcgi, pf, TLS, and validation.

Source: OPENBSD_74_INSTALL.md

OpenBSD 7.4 is the supported production target for DesertCMS.

The installer handles the server-side setup work for the supported OpenBSD deployment model, including package checks, account setup, filesystem layout, pf, httpd, slowcgi, TLS, database initialization, and validation guidance.

Before Installing

You need:

  • OpenBSD 7.4 installed.
  • A domain pointed at the server.
  • doas access as an administrative user.
  • The DesertCMS runtime bundle or source tree on the server.
  • A planned public root name such as example-site.

Do not use old provider-specific installation notes. DesertCMS owns the OpenBSD firewall and deployment setup through the supported installer.

Dry Run First

Run the dry-run before applying changes:

perl install/openbsd-install.pl --dry-run --domain example.com --public-root-name example-site

The dry-run prints the package, DNS, TLS, firewall, filesystem, service, and CMS initialization work without mutating the server.

Apply Install

After reviewing the dry-run:

doas perl install/openbsd-install.pl --domain example.com --public-root-name example-site

The installer walks through server-admin creation, package checks, local asset checks, OpenBSD service setup, config writing, database initialization, and temporary CMS admin creation.

The first CMS login is forced to choose a permanent username and password.

Required Packages

The installer checks packages such as:

p5-DBI
p5-DBD-SQLite
p5-IO-Socket-SSL
p5-Net-SSLeay
libvips
p5-HTTP-Daemon

libvips is used for image derivative generation when available.

Filesystem Layout

The normal layout is:

/usr/local/www/desertcms/          application code
/etc/desertcms.conf                primary config
/var/desertcms/                    private data root
/var/desertcms/originals/          private source assets
/var/desertcms/backups/            backup archives
/var/desertcms/themes/             editable theme state
/var/desertcms/upgrades/           upgrade staging
/var/www/htdocs/example-site/      public static output
/var/www/acme/                     ACME challenge root
/var/www/run/desertcms.sock        slowcgi socket

The public webroot and private data directories must stay separate.

httpd And slowcgi

The supported deployment uses OpenBSD httpd with FastCGI forwarding to slowcgi.

The installer writes the supported nested FastCGI syntax and sets request body limits for admin uploads:

connection max request body 67108864

This supports uploads up to 64 MB unless a smaller plan upload limit applies.

TLS

The installer uses OpenBSD acme-client for certificates when requested and reuses existing certificates when present.

After any config change:

doas httpd -n
doas rcctl reload httpd

First Login

The installer can create a temporary setup admin:

DESERTCMS_CONFIG=/etc/desertcms.conf perl bin/desertcms-maint.pl create-admin setup-admin

For a production handoff or lost first-login password:

doas su -m _desertcms -c 'env DESERTCMS_CONFIG=/etc/desertcms.conf perl /usr/local/www/desertcms/bin/desertcms-maint.pl reset-admin setup-admin'

Validation

After install:

doas perl /usr/local/www/desertcms/tools/openbsd-validate.pl --domain example.com

Validation checks the app root, config, database, public root, local assets, generated public files, OpenBSD config syntax, service state, and reachable public/admin routes where possible.

Local Asset Audit

Before deployment or release packaging:

perl tools/check-local-assets.pl

Runtime admin and theme assets must be local. Do not depend on remote asset CDNs for core admin behavior.

Manual Recovery Commands

Useful service checks:

doas rcctl restart desertcms_slowcgi
doas httpd -n
doas rcctl reload httpd

Useful CMS commands:

doas su -m _desertcms -c 'env DESERTCMS_CONFIG=/etc/desertcms.conf perl /usr/local/www/desertcms/bin/desertcms-maint.pl rebuild'
doas su -m _desertcms -c 'env DESERTCMS_CONFIG=/etc/desertcms.conf perl /usr/local/www/desertcms/bin/desertcms-maint.pl backup'