Title: Hosting Shaarli on OpenBSD
Author: Solène
Date: 19 January 2024
Tags: php openbsd rss
Description: In this article, you will learn how to deploy the PHP
bookmarking service Shaarli on OpenBSD

# Introduction

This guide explains how to install the PHP web service Shaarli on
OpenBSD.

Shaarli is a bookmarking service and RSS feed reader, you can easily
add new links and associate a text / tag and share it with other or
keep each entry private if you prefer.

Shaarli GitHub Project page

# Setup

The software is pretty easy to install using base system httpd and PHP
(included latest version available as of time of writing).

## Deploy Shaarli

Download the latest version of Shaarli available on their GitHub
project.

Shaarli releases on GitHub

Extract the archive and move the directory `Shaarli` in `/var/www/`.

Change the owner of the following directories to the user `www`.  It's
required for Shaarli to work properly.  For security’s sake, don't
chown all the files to Shaarli, it's safer when a program can't modify
itself.

```
chown www /var/www/Shaarli/{cache,data,pagecache,tmp}
```

## Install the packages

We need a few packages to make it work, I'm using php 8.3 in the
example, but you can replace with the current version you want:

```
pkg_add php--%8.3 php-curl--%8.3 php-gd--%8.3 php-intl--%8.3
```

By default, on OpenBSD the PHP modules aren't enabled, you can do it
with:

```
for i in gd curl intl opcache; do ln -s "/etc/php-8.3.sample/${i}.ini" /etc/php-8.3/ ; done
```

Now, enable and start PHP service:

```
rcctl enable php83_fpm
rcctl start php83_fpm
```

If you want Shaarli to be able to do outgoing connections to fetch
remote content, you need to make some changes in the chroot directory
to make it work, everything is explained in the file
`/usr/local/share/doc/pkg-readmes/php-INSTALLED.VERSION`.

## Configure httpd

This guide won't cover the setup for TLS as it's always the same
procedure, and it may depend on how you prefer to generate the TLS
certificates.

Create the file `/etc/httpd.conf` and add the following content, make
sure to replace all the caps text with real values:

```
server "YOUR_HOSTNAME_HERE" {
    listen on * port 80

    # don't rewrite for assets (fonts, images)
    location "/tpl/*" {
        root "/Shaarli/"
    }

    location "/doc/*" {
        root "/Shaarli/"
    }

    location "/cache/*" {
        root "/Shaarli/"
    }

    location "*.php" {
        fastcgi socket "/run/php-fpm.sock"
        root "/Shaarli"
    } 

    location "*index.php*" {
        root "/Shaarli"
        fastcgi socket "/run/php-fpm.sock"
    } 

    location match "/(.*)" {
        request rewrite "/index.php%1"
    }

    location "/*" {
        root "/Shaarli"
    }
}
```

Enable and start httpd

```
rcctl enable httpd
rcctl start httpd
```

## Configure your firewall

If you configured PF to block by default, you have to open the ports 80
and also 443 if you enable HTTPS.

# Installing Shaarli

Now you should have a working Shaarli upon opening
`http://YOUR_HOSTNAME_HERE/index.php/`, all lights should be green, and
you are now able to configure the instance as you wish.

# Conclusion

Shaarli is a really handy piece of software, especially for active RSS
readers who may have a huge stream of news to read.  What's cool is the
share service, and you may allow some people to subscribe to your own
feed.