Apache Server installation




We're going to install apache 1.3 + modssl + ipv6 from the packages collection. you can do this directly from the command line with something like:


 pkg_add ftp://[hostname]/[path]apache+mod_ssl+ipv6-1.3.31+2.8.19.tbz


You could also build it from the ports by going to:




and typing make then make install.


Ok... Where did it go?


pkg_info -L apache+mod_ssl-1.3.31+2.8.19


looks like it's in /usr/local/


the webpages are served from under /usr/local/www/ the httpd.conf is in /usr/local/etc/apache/ and the startup script is /usr/local/etc/rc.d/apache.sh.


Take a look at /usr/local/etc/rc.d/apache.sh.


Note that it provides instructions about what to put in /etc/rc.conf.


Edit /etc/rc.conf


Now you should able to start apache with the default config by running:


/usr/local/etc/rc.d/apache.sh start


Ok apache is now running, you should be able to connect to it on your machine. you'll also notice that if you change the url from http://localhost to https://localhost that you have an ssl webserver running... Take a look at the certificate. You obviously don't want to present a certificate to your customers that says snakeoil cert.


Lets create our own self signed cert.


cd to /usr/local/etc/apache, note that the certificate that the machine is using is located in this directory. rather than stomp on it, lets create a subdirectory called mycert and do our work in there.


To create a cert we use openssl. first we generate a key.


openssl genrsa -des3 -out server.key 1024


Lets remove the password from that key so that we have one that apache can use to start up without prompting us with the password.


openssl rsa -in server.key -out server.pem


In order generate a certificate we first need to generate a certificate signing request.


openssl req -new -key server.key -out server.csr


Follow the prompts, note that common name is the name of the server. If you were going to get a certificate signed by a certificate authority, you would take the csr an dsend it to them. We are going to sign our own cert with our private key.


openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt


Ok now we have all the pieces to reconfigure apache to use our new cert.


Find the part of /usr/local/etc/apache/httpd.conf that deals with the SSL Virtual Host Context (note that the https server is just one instance of a virtual host). Scroll down and you'll see:


SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt


comment that out and add:


SSLCertificateFile /usr/local/etc/apache/mycert/server.crt


and below, comment out:


SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key


and Replace it with:


SSLCertificateKeyFile /usr/local/etc/apache/mycert/server.pem


Now save the httpd.conf, then run apachectl stop, followed by apachectl startssl.


now connect to your webserver via ssl and examine your certificate.