1. FreeBSD13.2 ; Web Server SSL、Webmin
1.1 Installing the Certbot tool for Let's Encrypt
Run the following command to install the Certbot package
|
1 |
# pkg install py39-certbot |
1.2 Obtaining a Let's Encrypt Certificate
①To obtain a certificate covering only a single domain [FQDN], execute the following certbot command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# certbot certonly --webroot -w /usr/local/www/apache24/data/[FQDN] -d [FQDN] Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for [FQDN] Successfully received certificate. Certificate is saved at: /usr/local/etc/letsencrypt/live/[FQDN]/fullchain.pem Key is saved at: /usr/local/etc/letsencrypt/live/[FQDN]/privkey.pem This certificate expires on 2024-07-07. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
1.3 Edit Apache Configuration File
①Edit httpd.conf file
|
1 2 3 4 5 6 7 8 9 10 |
# vi /usr/local/etc/apache24/httpd.conf Line 92 : Uncomment LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so Per Line 148 : Uncomment LoadModule ssl_module libexec/apache24/mod_ssl.so Line 528 : Uncomment Include etc/apache24/extra/httpd-ssl.conf |
1.3 Enable Rewrite module
Necessary to change URL when redirecting from HTTP to HTTPS
|
1 2 3 4 |
# vi /usr/local/etc/apache24/httpd.conf Per Line 181 : Uncomment LoadModule rewrite_module libexec/apache24/mod_rewrite.so |
Apache24 restart
|
1 |
# service apache24 restart |
1.4 Edit httpd-ssl.conf file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# vi /usr/local/etc/apache24/extra/httpd-ssl.conf # Line 124-126 : Change DocumentRoot "/usr/local/www/apache24/data/[FQDN]" ServerName [FQDN]:443 ServerAdmin [email-address] # Line 144 : Change to the obtained certificate SSLCertificateFile "/usr/local/etc/letsencrypt/live/[FQDN]/cert.pem" # Line 154 : Change to the obtained certificate SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/[FQDN]/privkey.pem" # Line 165 : Uncomment , Change to the obtained certificate SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/[FQDN]/chain.pem" |
➁Automatic Renewal of Certificates
Edit crontab and create a new job to run updates twice a day
|
1 2 3 4 5 6 |
# crontab -e SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin 0 0,12 * * * /usr/local/bin/certbot renew |
1.5 Redirect HTTP communications to HTTPS
/usr/local/etc/apache24/extra/bsd-vhost.conf editing
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# vi /usr/local/etc/apache24/extra/bsd-vhost.conf <VirtualHost *:80> ServerAdmin [email-address] DocumentRoot "/usr/local/www/apache24/data/[FQDN]" ServerName [FQDN] RewriteEngine On ←add RewriteCond %{HTTPS} off ←add RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] ←add ErrorLog "/var/log/[FQDN]-error_log" CustomLog "/var/log/[FQDN]-access_log" common </VirtualHost> <Directory /usr/local/www/apache24/data/bsd.korodes.com> AddHandler cgi-script .cgi Options FollowSymlinks Includes AllowOverride All Require all granted </Directory> |
apache restart
|
1 |
# service apache24 restart |
2. Webmin Install
Webmin is a web browser-based tool for configuring Unix-like operating systems (OS) such as Linux. It allows users to make numerous changes to internal OS settings such as user and disk usage limits, services, configuration files, etc., and to modify and control many open source applications such as Apache, PHP, MySQL, and others.
Webmin is built primarily in Perl and runs as its own process and web server. By default, it communicates on TCP port 10000.
2.1 Install
No options
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# cd /usr/ports/sysutils/webmin/ # make # make install ===> Installing for webmin-2.013 ===> Checking if webmin is already installed ===> Registering installation for webmin-2.013 Installing webmin-2.013... After installing Webmin for the first time you should perform the following steps as root: * Configure Webmin by running /usr/local/lib/webmin/setup.sh * Add webmin_enable="YES" to your /etc/rc.conf * Start Webmin for the first time by running "service webmin start" The parameters requested by setup.sh may then be changed from within Webmin itself. |
2.2 setup
Logged-in user ; admin
Password ; Any(hyu6kon)
Others default to Enter
Initial setup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# /usr/local/lib/webmin/setup.sh *********************************************************************** Welcome to the Webmin setup script, version 2.013 *********************************************************************** Webmin is a web-based interface that allows Unix-like operating systems and common Unix services to be easily administered. Installing Webmin in /usr/local/lib/webmin *********************************************************************** Webmin uses separate directories for configuration files and log files. Unless you want to run multiple versions of Webmin at the same time you can just accept the defaults. Config file directory [/usr/local/etc/webmin]: Log file directory [/var/db/webmin]: *********************************************************************** Webmin is written entirely in Perl. Please enter the full path to the Perl 5 interpreter on your system. Full path to perl (default /usr/local/bin/perl): Testing Perl .. .. done *********************************************************************** Operating system name: FreeBSD Operating system version: 13.2 *********************************************************************** Webmin uses its own password protected web server to provide access to the administration programs. The setup script needs to know : - What port to run the web server on. There must not be another web server already using this port. - The login name required to access the web server. - The password required to access the web server. - If the web server should use SSL (if your system supports it). - Whether to start webmin at boot time. Web server port (default 10000): Login name (default admin): Login password: ←Any password Password again: ←again same password Use SSL (y/n): y *********************************************************************** Creating web server config files .. .. done Creating access control file .. .. done Creating start and stop init scripts .. .. done Creating start and stop init symlinks to scripts .. .. done Copying config files .. .. done Changing ownership and permissions .. .. done Running postinstall scripts .. .. done Enabling background status collection .. .. done |
2.3 Edit /etc/rc.conf
|
1 2 |
# sysrc webmin_enable=YES webmin_enable: -> YES |
Webmin logs are
/var/log/webmin/miniserv.error
/var/log/webmin/miniserv.log
2.4 Start
The startup script is /usr/local/etc/rc.d/webmin
|
1 2 3 |
# service webmin start Starting webmin. Starting Webmin server in /usr/local/lib/webmin |
2.5 Login
Open port 10000 on the Firewall in advance.
Router needs to be changed if connecting from outside
With a browser
Access https://<server domain> or <IP address>:10000/ to display the login screen.
Log in with the user and password you have set.
Webmin main screen
Click [Webmin] - [Change Language and Theme] in the left menu, and change to Japanese from [Personal choice] in the right pane.
The menu has been changed to Japanese.
