注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

phperwuhan的博客

记载一个phper的历程!phperwuhan.blog.163.com

 
 
 

日志

 
 

Installing Apache 2.2 with ssl  

2011-01-28 11:42:07|  分类: apache |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
来源:http://freebsdrocks.net/index.php?option=com_content&view=article&id=17%3Ainstalling-apache-22&catid=15%3Ainstalling-apache-samba-etc&Itemid=25

Getting Apache installed to get a web server running!

Installing Apache2.2

Make sure you update ports and then run the following commands:


# cd /usr/ports/www/apache22
# make install clean

That will install apache2.2

Configuring apache2

Lets edit the httpd.conf file:


# vi /usr/local/etc/apache22/httpd.conf

Scroll down and change the following settings. The optional settings I will put OPTIONAL before the setting:


OPTIONAL: Listen 80 - You can change this default option if you have more than one apache server running on your network

User www - Changes what user apache runs as

Group www - Changes what group apache runs as

ServerAdmin you@example.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it - change you@example.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it to your email address.

DocumentRoot "/usr/local/www/apache22/data" - I don't usually use the default path. I put my www documents on a seperate drive.

Directory "/usr/local/www/apache22/data" - Change this to the same path as DocumentRoot (See above)

<Directory /usr/local/www/apache22/> Change this to the root of your vhosts folder

DirectoryIndex index.html index.html.var - add any pages you would use. For instance, add index.php if you use php pages

OPTIONAL: #CustomLog /var/log/httpd-access.log combined - I usually leave this commented unless you want to use this to track users looking at your site

ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" - change this to your cgi-bin path

Directory "/usr/local/www/cgi-bin"> - change this to the same path as ScriptAlias /cgi-bin above


Now lets tell apache to start:


# apachectl start

and hit Enter on your keyboard

We now need to tell Apache to run on startup. Please run the following command:


# echo 'apache22_enable="YES"' >> /etc/rc.conf

If you get no errors, apache should be running. Look at the page by opening a browser to http://localhost or replace localhost with the IP or the actual hostname of the box. If you went with the DocumentRoot defaults, You will see an apache test page until you get your site up and going. If you are behind a router or firewall, make sure you forward the apache port (Port 80) to the FreeBSD box otherwise you won't be able to get there from here. :-)

Configuring SSL

Let's get SSL Configured and Installed:

(FROM http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php)


# mkdir /usr/local/etc/apache22/ssl.key
# mkdir /usr/local/etc/apache22/ssl.crt
# chmod 0700 /usr/local/etc/apache22/ssl.key
# chmod 0700 /usr/local/etc/apache22/ssl.crt

Create Certificate

Now, you need to understand that one server can hold multiple certificates, but only one per listening IP address. So, if your server is listening on one IP address, you can only have one certificate for the server. Follow me so far? All of your virtual domains can share the same certificate, but clients will get warning prompts when they connect to a secure site where the certificate does not match the domain name. If your server is listening on multiple IP addresses, your virtual hosts have to be IP-based -- not name-based. This is something to consider when creating your certificate. :-)

Change to your root dir by typing in the following command. We want to save this configuration there as a backup.


# cd /root
# openssl genrsa -des3 -out server.key 1024

You will now be prompted to enter in a password. Write this down as you will need it later. We need to make a Certificate Signing Request (CSR):


# openssl req -new -key server.key -out server.csr

Enter your password when it asks for it. Make sure you enter your FQDN for the "Common Name" portion.

Self-signing your Certificate

You could always pay money to Verisign or Thawte for this but it costs $$$. Here is the way to do it:


# openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt

Now your cert is good for 365 days. If you want to make it longer, go right ahead and do so :-)

If you would like more information about SSL Certs, go to http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#aboutcerts

Now we need to copy the certs to the right place:


# cp /root/server.key /usr/local/etc/apache22/ssl.key/
# cp /root/server.crt /usr/local/etc/apache22/ssl.crt/

Now to give them the right permissions as well:


# chmod 0400 /usr/local/etc/apache22/ssl.key/server.key
# chmod 0400 /usr/local/etc/apache22/ssl.crt/server.crt

We will now want to copy the default httpd-ssl.conf from the extras folder to the Includes folder:


# cd /usr/local/etc/apache22/extra
# vi httpd-ssl.conf

Now modify the following:



DocumentRoot "/usr/local/www/data" - Change the path to your httpd.conf document root.

ServerName www.example.com:443 - Change www.example.com to your domain name.

ServerAdmin you@example.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it   Change this to your email address

ErrorLog /var/log/httpd-error.log - You can leave this or comment it out.

TransferLog /var/log/httpd-access.log - You can leave this or comment it out.

SSLCertificateFile "/usr/local/etc/apache22/ssl.crt/server.crt"

SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/server.key"


One additional thing you will need to do is open up  /usr/local/etc/apache22/httpd.conf and comment out the following line:

Include etc/apache22/extra/httpd-ssl.conf 

Now run the following:


# apachectl stop
# apachectl start

The start means it will start in ssl mode to serve both http:// and https:// addresses. This used to be apachectl sslstart but that command has been depreciated.

The URL below includes instructions on how to remove the pass phrase prompt when apache starts

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#removepassphrase

Configuring php for Apache

This section is pretty easy. Just run the following:


# cd /usr/ports/lang/php5
# make config

Make sure the box is checked that says Apache. If it isisn’t, put the cursor over it and then hit the Space Bar. Hit Tab and then hit Enter.

Then run the following to upgrade php5 to support Apache2.2


# make install clean

Next, we want to configure apache to use php5.


# vi /usr/local/etc/apache22/httpd.conf 

and look for the first AddType section and add this to next line below the AddType section


AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Next go to DirectoryIndex and make sure index.php is part of it like so:


DirectoryIndex index.php index.html

With Apache2.2 it now wants to load an Accept Filter. If you don't load the following module on startup, You will get an error everytime you start apache. Run the following command:


# echo 'accf_http_load="YES"' >> /boot/loader.conf

Now rather than rebooting the box, we can load the module manually by running:


# kldload accf_http

and then if you start Apache, You won't get that error.

Now run the following command to start apache. 


# apachectl stop
# apachectl start

You will now have apache with SSL and PHP support!

  评论这张
 
阅读(2806)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017