Apache Server installation

 

Installation

 

We're going to install apache 1.3 + modssl + ipv6 from the packages collection. you can do this directly from the command line with something like:

 

 pkg_add ftp://noc.ws.afnog.org/pub/FreeBSD/releases/i386/6.0-RELEASE/packages/All/apache+mod_ssl+ipv6-1.3.33+2.8.24.tbz

 

You could also build it from the ports by going to:

 

/usr/ports/www/apache13-modssl+ipv6/

 

and typing make then make install.

 

Ok... Where did it go?

 

pkg_info -L apache+mod_ssl-1.3.31+2.8.19

 

looks like it's in /usr/local/

 

the webpages are served from under /usr/local/www/ the httpd.conf is in /usr/local/etc/apache/ and the startup script is /usr/local/etc/rc.d/apache.sh.

 

Take a look at /usr/local/etc/rc.d/apache.sh.

 

Note that it provides instructions about what to put in /etc/rc.conf.

 

Edit /etc/rc.conf

 

Now you should able to start apache with the default config by running:

 

/usr/local/etc/rc.d/apache.sh start

 

Ok apache is now running, you should be able to connect to it on your machine. you'll also notice that if you change the url from http://localhost to https://localhost that you have an ssl webserver running... Take a look at the certificate. You obviously don't want to present a certificate to your customers that says snakeoil cert.

 

Lets create our own self signed cert.

 

cd to /usr/local/etc/apache, note that the certificate that the machine is using is located in this directory. rather than stomp on it, lets create a subdirectory called mycert and do our work in there.

 

To create a cert we use openssl. first we generate a key.

 

openssl genrsa -des3 -out server.key 1024

 

Lets remove the password from that key so that we have one that apache can use to start up without prompting us with the password.

 

openssl rsa -in server.key -out server.pem

 

In order generate a certificate we first need to generate a certificate signing request.

 

openssl req -new -key server.key -out server.csr

 

Follow the prompts, note that common name is the name of the server. If you were going to get a certificate signed by a certificate authority, you would take the csr an dsend it to them. We are going to sign our own cert with our private key.

 

openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt

 

Ok now we have all the pieces to reconfigure apache to use our new cert.

 

Find the part of /usr/local/etc/apache/httpd.conf that deals with the SSL Virtual Host Context (note that the https server is just one instance of a virtual host). Scroll down and you'll see:

 

SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt

 

comment that out and add:

 

SSLCertificateFile /usr/local/etc/apache/mycert/server.crt

 

and below, comment out:

 

SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key

 

and Replace it with:

 

SSLCertificateKeyFile /usr/local/etc/apache/mycert/server.pem

 

Now save the httpd.conf, then run apachectl stop, followed by apachectl startssl.

 

now connect to your webserver via ssl and examine your certificate.