Documentation
OpenBSD 7.4 Installation
The supported OpenBSD 7.4 install path for DesertCMS, including dry-run planning, packages, filesystem layout, httpd, slowcgi, pf, TLS, and validation.
OPENBSD_74_INSTALL.mdOpenBSD 7.4 is the supported production target for DesertCMS.
The installer handles the server-side setup work for the supported OpenBSD deployment model, including package checks, account setup, filesystem layout, pf, httpd, slowcgi, TLS, database initialization, and validation guidance.
Before Installing
You need:
- OpenBSD 7.4 installed.
- A domain pointed at the server.
doasaccess as an administrative user.- The DesertCMS runtime bundle or source tree on the server.
- A planned public root name such as
example-site.
Do not use old provider-specific installation notes. DesertCMS owns the OpenBSD firewall and deployment setup through the supported installer.
Dry Run First
Run the dry-run before applying changes:
perl install/openbsd-install.pl --dry-run --domain example.com --public-root-name example-site
The dry-run prints the package, DNS, TLS, firewall, filesystem, service, and CMS initialization work without mutating the server.
Apply Install
After reviewing the dry-run:
doas perl install/openbsd-install.pl --domain example.com --public-root-name example-site
The installer walks through server-admin creation, package checks, local asset checks, OpenBSD service setup, config writing, database initialization, and temporary CMS admin creation.
The first CMS login is forced to choose a permanent username and password.
Required Packages
The installer checks packages such as:
p5-DBI
p5-DBD-SQLite
p5-IO-Socket-SSL
p5-Net-SSLeay
libvips
p5-HTTP-Daemon
libvips is used for image derivative generation when available.
Filesystem Layout
The normal layout is:
/usr/local/www/desertcms/ application code
/etc/desertcms.conf primary config
/var/desertcms/ private data root
/var/desertcms/originals/ private source assets
/var/desertcms/backups/ backup archives
/var/desertcms/themes/ editable theme state
/var/desertcms/upgrades/ upgrade staging
/var/www/htdocs/example-site/ public static output
/var/www/acme/ ACME challenge root
/var/www/run/desertcms.sock slowcgi socket
The public webroot and private data directories must stay separate.
httpd And slowcgi
The supported deployment uses OpenBSD httpd with FastCGI forwarding to slowcgi.
The installer writes the supported nested FastCGI syntax and sets request body limits for admin uploads:
connection max request body 67108864
This supports uploads up to 64 MB unless a smaller plan upload limit applies.
TLS
The installer uses OpenBSD acme-client for certificates when requested and reuses existing certificates when present.
After any config change:
doas httpd -n
doas rcctl reload httpd
First Login
The installer can create a temporary setup admin:
DESERTCMS_CONFIG=/etc/desertcms.conf perl bin/desertcms-maint.pl create-admin setup-admin
For a production handoff or lost first-login password:
doas su -m _desertcms -c 'env DESERTCMS_CONFIG=/etc/desertcms.conf perl /usr/local/www/desertcms/bin/desertcms-maint.pl reset-admin setup-admin'
Validation
After install:
doas perl /usr/local/www/desertcms/tools/openbsd-validate.pl --domain example.com
Validation checks the app root, config, database, public root, local assets, generated public files, OpenBSD config syntax, service state, and reachable public/admin routes where possible.
Local Asset Audit
Before deployment or release packaging:
perl tools/check-local-assets.pl
Runtime admin and theme assets must be local. Do not depend on remote asset CDNs for core admin behavior.
Manual Recovery Commands
Useful service checks:
doas rcctl restart desertcms_slowcgi
doas httpd -n
doas rcctl reload httpd
Useful CMS commands:
doas su -m _desertcms -c 'env DESERTCMS_CONFIG=/etc/desertcms.conf perl /usr/local/www/desertcms/bin/desertcms-maint.pl rebuild'
doas su -m _desertcms -c 'env DESERTCMS_CONFIG=/etc/desertcms.conf perl /usr/local/www/desertcms/bin/desertcms-maint.pl backup'