Apache Server installation
Installation
We're going to install apache 1.3 + modssl + ipv6 from the packages collection. you can do this directly from the command line with something like:
pkg_add ftp://noc.ws.afnog.org/pub/FreeBSD/releases/i386/6.0-RELEASE/packages/All/apache+mod_ssl+ipv6-1.3.33+2.8.24.tbz
You could also build it from the ports by going to:
/usr/ports/www/apache13-modssl+ipv6/
and typing make then make install.
Ok... Where did it go?
pkg_info -L apache+mod_ssl-1.3.31+2.8.19
looks like it's in /usr/local/
the webpages are served from under /usr/local/www/ the httpd.conf is in /usr/local/etc/apache/ and the startup script is /usr/local/etc/rc.d/apache.sh.
Take a look at /usr/local/etc/rc.d/apache.sh.
Note that it provides instructions about what to put in /etc/rc.conf.
Edit /etc/rc.conf
Now you should able to start apache with the default config by running:
/usr/local/etc/rc.d/apache.sh start
Ok apache is now running, you should be able to connect to it on your machine. you'll also notice that if you change the url from http://localhost to https://localhost that you have an ssl webserver running... Take a look at the certificate. You obviously don't want to present a certificate to your customers that says snakeoil cert.
Lets create our own self signed cert.
cd to /usr/local/etc/apache, note that the certificate that the machine is using is located in this directory. rather than stomp on it, lets create a subdirectory called mycert and do our work in there.
To create a cert we use openssl. first we generate a key.
openssl genrsa -des3 -out server.key 1024
Lets remove the password from that key so that we have one that apache can use to start up without prompting us with the password.
openssl rsa -in server.key -out server.pem
In order generate a certificate we first need to generate a certificate signing request.
openssl req -new -key server.key -out server.csr
Follow the prompts, note that common name is the name of the server. If you were going to get a certificate signed by a certificate authority, you would take the csr an dsend it to them. We are going to sign our own cert with our private key.
openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt
Ok now we have all the pieces to reconfigure apache to use our new cert.
Find the part of /usr/local/etc/apache/httpd.conf that deals with the SSL Virtual Host Context (note that the https server is just one instance of a virtual host). Scroll down and you'll see:
SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
comment that out and add:
SSLCertificateFile /usr/local/etc/apache/mycert/server.crt
and below, comment out:
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
and Replace it with:
SSLCertificateKeyFile /usr/local/etc/apache/mycert/server.pem
Now save the httpd.conf, then run apachectl stop, followed by apachectl startssl.
now connect to your webserver via ssl and examine your certificate.