Apache - Ernest G. Wilson II's FreeBSD Pages

Apache on FreeBSD 6.2

Prerequisites:	FreeBSD (Base + Autoconf, Automake, Bash and GCC) OpenSSL
Overview: Step #1 - Download, Unzip, Untar, Configure, Compile and Install Apache Step #2 - Simple test of the Apache web server Step #3 - Create an “rc” script to start traplogd at boot time Step #4 - Notes for Admins Step #5 - Install mod_perl (Optional) Step #6 - Create a secure web server using HTTPS / SSL (Optional)

Step #1

Apache – Web server

Home:

http://httpd.apache.org

# Download (Notes: Users behind a Proxy Server should read this and users without Internet but have a CDRom read this.)

cd /usr/src
fetch http://www.ip97.com/apache.org/httpd/httpd-2.2.3.tar.gz

# Unzip and Untar
tar xvf httpd-2.2.3.tar.gz

# Configure
cd httpd-2.2.3
./configure --prefix=/opt/apache --enable-modules=all --enable-mods-shared=all --enable-http --enable-ssl --enable-cgi --enable-cgid --enable-expires --enable-headers --enable-mime-magic --enable-imagemap --enable-cern-meta --enable-usertrack --enable-unique-id --enable-speling --enable-rewrite --enable-so --enable-info --enable-auth-dbm --enable-authn-anon --enable-authn-dbd --enable-authn-alias --enable-authz-owner --enable-auth-digest --enable-cache --enable-mem-cache --enable-dav --enable-dav-fs --enable-dav-lock --enable-dbd --enable-dumpio --enable-ext-filter --enable-deflate --enable-log-forensic --enable-logio --enable-ident --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-proxy-ajp --enable-proxy-balancer --enable-vhost-alias --enable-suexec

# Compile
make

# Install
make install

**Step #2**
Simple test of the Apache web server
# Quick Start Server Tests: /opt/apache/bin/apachectl -k start /opt/apache/bin/apachectl -k restart /opt/apache/bin/apachectl -k stop # Test with your web browser on another machine: http://YourServerIP

**Step #**3
Create an “rc” script to start traplogd at boot time
# Create an “rc” script to start at boot time: vi /usr/local/etc/rc.d/apache.sh #!/bin/sh CHROOT=/opt/apache PIDFILE=/logs/httpd.pid echo -n " apache" case "$1" in start) /opt/apache/bin/apachectl -k start ;; stop) kill `cat ${CHROOT}/${PIDFILE}` ;; ) echo "" echo "Usage: `basename $0` {start\|stop}" >&2 exit 64 ;; esac exit 0 # Make the startup script executable:* chmod +x /usr/local/etc/rc.d/apache.sh

**Step #**4
Apache Notes for Admins
# Edit the "httpd.conf" to suit your needs, at least change the variables: vi /opt/apache/conf/httpd.conf User nobody Group nobody ServerAdmin you@example.com # Set directory permissions: chown -R nobody:nobody /opt/apache/htdocs/ # Commands to remember: /opt/apache/bin/apachectl -k start /opt/apache/bin/apachectl -k restart /opt/apache/bin/apachectl -k stop # The Apache configuration file: vi /opt/apache/conf/httpd.conf # Apache logs: cd /opt/apache/logs tail -f /opt/apache/logs/error_log cat /opt/apache/logs/access_log # See Also: # http://www.devshed.com/c/a/Apache/Building-Apache-the-Way-You-Want-It/

**Step #5 (Optional)**
mod_perl
Home:	http://perl.apache.org/
# Change to the /tmp directory not your normal source dir! cd /tmp # Download fetch http://perl.apache.org/dist/mod_perl-2.0-current.tar.gz # Unzip and Untar tar xvf mod_perl-2.0-current.tar.gz # Configure cd mod_perl-2.0.2 perl Makefile.PL MP_APXS=/opt/apache/bin/apxs # Edit the "httpd.conf" and add the new perl module to load, at the very bottom of the conf file vi /opt/apache/conf/httpd.conf # Mod Perl LoadModule perl_module modules/mod_perl.so # Compile make # Install # make test make install cd /usr/src/httpd-2.2.3 make clean # Mod Perl Quick Start: http://perl.apache.org/docs/2.0/user/intro/start_fast.html

**Step #6 (Optional)**
HTTPS / SSL Web Server
# Adding HTTPS / SSL ability to your Apache Web Server # Create a certificate authority cd /root openssl genrsa -des3 -out my-ca.key 2048 openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt # Create a server certificate # Note: When asked for "CN" do NOT put your name, you must put the FQDN of the web server! openssl genrsa -des3 -out nms1-server.key 1024 openssl req -new -key nms1-server.key -out nms1-server.csr openssl x509 -req -in nms1-server.csr -out nms1-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650 openssl x509 -in nms1-server.crt -text -noout chmod 0400 .key cp nms1-server.crt /opt/apache/conf/nms1.crt cp nms1-server.key /opt/apache/conf/nms1.key cp my-ca.crt /opt/apache/conf/cassl.crt # HTTPS* vi /opt/apache/conf/httpd.conf # Edit: Listen 192.168.0.161:80 Listen 192.168.0.161:443 # Add to the very bottom of your httpd.conf: SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLCipherSuite HIGH:MEDIUM SSLProtocol all -SSLv2 <VirtualHost 192.168.0.161:443> DocumentRoot /opt/apache/htdocs ServerName nms1.yourcompany.com ServerAdmin YourEmail@yourcompany.com SSLEngine on SSLCertificateFile /opt/apache/conf/nms1.crt SSLCertificateKeyFile /opt/apache/conf/nms1.key SSLCACertificateFile /opt/apache/conf/cassl.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown SSLCipherSuite HIGH:MEDIUM SSLProtocol all -SSLv2 <Directory "/opt/apache/htdocs"> SSLOptions +StdEnvVars Options Indexes AllowOverride None Allow from from all Order allow,deny </Directory> </VirtualHost> # Test: /opt/apache/bin/apachectl -k stop /opt/apache/bin/apachectl -k start sockstat -4 openssl s_client -connect nms1.yourcompany.com:443 # Remove the need to type a passphrase every time Apache starts: cp /opt/apache/conf/nms1.key /opt/apache/conf/nms1.key.withpassphrase openssl rsa -in /opt/apache/conf/nms1.key.withpassphrase -out /opt/apache/conf/nms1.key