Contents
1. Apache2
1.1 Install
|
1 2 |
# cd /usr/ports/www/apache24 # make config |
There are many options, but we will proceed with the defaults
After confirmation, install
|
1 |
# make |
Only IPv6 should be unchecked, all others should be default
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# make install clean ===> Installing for apache24-2.4.59 ===> Checking if apache24 is already installed ===> Registering installation for apache24-2.4.59 Installing apache24-2.4.59... ===> Creating groups Using existing group 'www' ===> Creating users Using existing user 'www' To run apache www server from startup, add apache24_enable="yes" in your /etc/rc.conf. Extra options can be found in startup script. Your hostname must be resolvable using at least 1 mechanism in /etc/nsswitch.conf typically DNS or /etc/hosts or apache might have issues starting depending on the modules you are using. - apache24 default build changed from static MPM to modular MPM - more modules are now enabled per default in the port - icons and error pages moved from WWWDIR to DATADIR If build with modular MPM and no MPM is activated in httpd.conf, then mpm_prefork will be activated as default MPM in etc/apache24/modules.d to keep compatibility with existing php/perl/python modules! Please compare the existing httpd.conf with httpd.conf.sample and merge missing modules/instructions into httpd.conf! ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/libexec/apache24/mod_cgid.so If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: https://httpd.apache.org/ ===> Cleaning for apr-1.7.3.1.6.3_1 ===> Cleaning for gdbm-1.23 ===> Cleaning for db18-18.1.40 ===> Cleaning for jansson-2.14 ===> Cleaning for apache24-2.4.59 |
1.2 apache24 - setting
①extra/httpd-default.conf editing
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /usr/local/etc/apache24/extra/httpd-default.conf For security purposes, change the settings as follows Line 55 ServerTokens ProductOnly The default setting is "Full", but change it to "ProductOnly". Line 65 ServerSignature Off By leaving the default setting "Off", the server address and port number will not be displayed in the browser in the event of a server error. Line 75 HostnameLookups On The default is "Off". When "On" is selected, the domain name of the client is recorded in the web server logs. |
➁httpd.conf editing
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# vi /usr/local/etc/apache24/httpd.conf Line1 60 : Uncomment LoadModule dav_module libexec/apache24/mod_dav.so Line 217 : Change to administrator's email address ServerAdmin you@example.com Line 226 : Define the domain name of the server and the port number to listen on. The port number is usually [80: HTTP] or [443: HTTPS]. ServerName www.example.com:80 Line 250 : document root DocumentRoot "/usr/local/www/apache24/data" Line 251 : Defines the behavior of the document root. <Directory "/usr/local/www/apache24/data"> # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # AllowOverride FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Require all granted </Directory> Line 264 Indexes" defines the behavior when there is no"index.html". When there is no "Index.html" and the directory itself is not displayed, use "-Indexes". To display the contents of a directory, write "+Indexes". FollowSymLinks" defines whether symbolic links are enabled or disabled. To enable, use "+FollowSymLinks". To disable, use "-FollowSymLinks". To change the output destination of the error log, edit the following. Line 302 ErrorLog /var/log/httpd-error.log To change the output destination of the access log, edit the following. Line 311 <IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # # CustomLog "/var/log/httpd-access.log" common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # CustomLog "/var/log/httpd-access.log" combined </IfModule> Line321 :LogFormat" defines the log output format. Line331 :comment-out Line337 :We recommend uncommenting and setting "combined" to log a variety of information. The following specifies the location where the "CGI" script files are placed. Line 383 <Directory "/usr/local/www/apache24/cgi-bin"> AllowOverride None Options None Require all granted </Directory> To enable the setting to "/usr/local/etc/apache24/extra/httpd-default.conf" configured in the previous section, delete "#" at the beginning of the following and enable "Include". Line 518 : Uncomment Include etc/apache24/extra/httpd-default.conf |
1.3 Start apache
Enable automatic apache startup
|
1 2 |
# service apache24 enable apache24 enabled in /etc/rc.conf |
Scripts for startup and shutdown are located in /usr/local/etc/rc.d/apache24
Check the configuration file
If the description is correct, "Syntax OK" is printed.
|
1 2 3 |
# service apache24 configtest Performing sanity check on apache24 configuration: Syntax OK |
Apache start
|
1 2 3 4 |
# service apache24 start Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
If you access the server from the client (http://server IP address [or domain name]) and see the following, it is normal.
1.4 Virtual Host Settings
document root: /usr/local/www/apache24/data/[FQDN]/
dpmain : [FQDN]
Set up virtual hosts
|
1 2 3 |
# vi /usr/local/etc/apache24/httpd.conf Fill in the following at the end Include etc/apache24/extra/bsd-vhost.conf |
Create new bsd-vhost.conf under /usr/local/etc/apache24/extra
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# cd /usr/local/etc/apache24/extra # vi bsd-vhost.conf Created with the following content <VirtualHost *:80> ServerAdmin Administrator's email address DocumentRoot "/usr/local/www/apache24/data/[FQDN]" ServerName [FQDN] ErrorLog "/var/log/httpd/[FQDN].error_log" CustomLog "/var/log/httpd/[FQDN].access_log" common </VirtualHost> <Directory /usr/local/www/apache24/data/[FQDN]> AddHandler cgi-script .cgi Options FollowSymlinks Includes AllowOverride All Require all granted </Directory> |
directory creation
|
1 2 3 4 5 |
# mkdir /var/log/httpd # mkdir /usr/local/www/apache24/data/[FQDN] # chown -R www:www /usr/local/www/apache24/data/[FQDN] |
Apache restart
|
1 2 3 4 5 6 7 8 |
# service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 56749. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
1.5 apache24 - Running cgi
Checking Installation Options
Check the installation options with the following commands.
|
1 2 |
# cd /usr/ports/www/apache24 # make config |
By default, either or both "CGI" or "CGID" are checked, so they are already installed.
If not, check them and "make clean", "make", or "make reinstall".
Check "The default MPM Module" to see which one is checked. If it is not checked, check it and reinstall.
p5-CGI Install
Check if it is installed with the following command
(portupgrade must be pre-installed to use portversion)
|
1 2 3 |
# portversion -v | grep p5-CGI [Reading data from pkg(8) ... - 150 packages found - done] p5-CGI-4.64 = up-to-date with port |
If it is not installed, install it with the following command
|
1 2 3 |
# cd /usr/ports/www/p5-CGI # make # make install |
httpd.conf editing
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# vi /usr/local/etc/apache24/httpd.conf Line 166,169 : Uncomment <IfModule !mpm_prefork_module> LoadModule cgid_module libexec/apache24/mod_cgid.so </IfModule> <IfModule mpm_prefork_module> LoadModule cgi_module libexec/apache24/mod_cgi.so </IfModule> Line 431 : Uncomment AddHandler cgi-script .cgi |
Apache restart
|
1 2 3 4 5 6 7 8 |
# service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 56818. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
2. MySQL Install
Install MySQL before installing PHP
|
1 |
# pkg install -y mysql80-client mysql80-server |
Check version
|
1 2 |
# mysql --version mysql Ver 8.0.35 for FreeBSD14.0 on amd64 (Source distribution) |
Enable and start MySQL
|
1 2 3 4 |
# sysrc mysql_enable=yes mysql_enable: -> yes # service mysql-server start Starting mysql. |
MySQL Startup Confirmation
|
1 2 |
# service mysql-server status mysql is running as pid 59141. |
Running Security Scripts
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# mysql_secure_installation mysql_secure_installation: [ERROR] unknown variable 'prompt=\u@\h [\d]>\_'. Securing the MySQL server deployment. Connecting to MySQL using a blank password. VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component? Press y|Y for Yes, any other key for No: y There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0 Please set the password for root here. New password: Re-enter new password: Estimated strength of the password: 100 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success. All done! |
To log in to the mysql server afterwards
mysql -u root -p
Enter password: Password set above
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# mysql -u root -p Enter password: Password set above Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 10 Server version: 8.0.33 Source distribution Copyright (c) 2000, 2023, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. root@localhost [(none)]> |
3. apache24 - PHP 8.3
3.1 PHP Install
|
1 2 |
# cd /usr/ports/lang/php83 # make config |
The "ZTS" option is required for thread-safe operation.
The rest is by default.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# make install clean Installing php83-8.3.7... ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/lib/libphp.so /usr/local/bin/php /usr/local/bin/php-cgi /usr/local/sbin/php-fpm If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: https://www.php.net/ ===> Cleaning for re2c-3.0 ===> Cleaning for py311-docutils-0.19,1 ===> Cleaning for libargon2-20190702_1 ===> Cleaning for php83-8.3.7 |
3.2 php83-extensions Install
|
1 2 |
# cd /usr/ports/lang/php83-extensions # make config |
Do not uncheck anything that is checked by default.
If you plan to install "WordPress", "CURL" is a must check for updates.
GD" and "GETTEXT" should also be checked as they may be used in other modules.
If you use Japanese, "MBSTRING" is required and checked.
If you use "MySQL", "MYSQLI" is required and checked.
If you plan to install "WordPress", "ZLIB" is a must check.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
Various inquiry screens appear, but all default to Enter # make install clean ---------------------------------------------------------------------- --- all --- Build complete. Don't forget to run 'make test'. ===> Staging for php83-zlib-8.3.7 ===> php83-zlib-8.3.7 depends on file: /usr/local/include/php/main/php.h - found ===> Generating temporary packing list ====> Compressing man pages (compress-man) ===> Installing for php83-zlib-8.3.7 ===> Checking if php83-zlib is already installed ===> Registering installation for php83-zlib-8.3.7 as automatic Installing php83-zlib-8.3.7... This file has been added to automatically load the installed extension: /usr/local/etc/php/ext-20-zlib.ini.sample ===> php83-extensions-1.0 depends on file: /usr/local/lib/php/20230831-zts/zlib.so - found ===> Returning to build of php83-extensions-1.0 ===> Generating temporary packing list ====> Compressing man pages (compress-man) ===> Installing for php83-extensions-1.0 ===> Checking if php83-extensions is already installed ===> Registering installation for php83-extensions-1.0 Installing php83-extensions-1.0... ===> Cleaning for php83-ctype-8.3.7 ===> Cleaning for php83-curl-8.3.7 ===> Cleaning for php83-dom-8.3.7 ===> Cleaning for php83-filter-8.3.7 ===> Cleaning for php83-gd-8.3.7 ===> Cleaning for freetype2-2.13.2 ===> Cleaning for brotli-1.1.0,1 ===> Cleaning for png-1.6.43 ===> Cleaning for libgd-2.3.3_13,1 ===> Cleaning for fontconfig-2.15.0_2,1 ===> Cleaning for gperf-3.1_1 ===> Cleaning for tiff-4.6.0 ===> Cleaning for libdeflate-1.20 ===> Cleaning for jbigkit-2.1_3 . . . |
3.3 mod_php83 Install
|
1 2 |
# cd /usr/ports/www/mod_php83 # make config |
As before, check the "ZTS" option.
Leave the others as defaults
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# make install clean Installing mod_php83-8.3.7... [activating module `php' in /usr/local/etc/apache24/httpd.conf] ****************************************************************************** Consider switching to php-fpm and mod_fast_cgi as per Apache httpd project recommendation. See https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM ****************************************************************************** If you are building PHP-based ports in poudriere(8) or Synth with ZTS enabled, add WITH_MPM=event to /etc/make.conf to prevent build failures. ****************************************************************************** Make sure index.php is part of your DirectoryIndex. You should add the following to your Apache configuration file: <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> ****************************************************************************** ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/libexec/apache24/libphp.so If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: https://www.php.net/ ===> Cleaning for mod_php83-8.3.7 |
3.4 PHP - initialization
①Configuration file "php.ini" setting
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# cd /usr/local/etc/ # cp php.ini-production php.ini # vi /usr/local/etc/php.ini Line 518 display_errors = Off Line 713 post_max_size = 300M Line 865 upload_max_filesizeupload_max_filesize = 200M Line 989 : Uncommented and added "Asia/Tokyo" to the time zone setting. [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = "Asia/Tokyo" |
➁httpd.conf editing
|
1 2 3 4 5 6 7 8 9 10 11 |
# vi /usr/local/etc/apache24/httpd.conf Line 284 : Use "index.php" as directory index <IfModule dir_module> DirectoryIndex index.html index.php ←add </IfModule> Per Line423 Add the following two lines. AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps |
Apache Configuration Check
If "Syntax OK" is displayed, it is normal.
|
1 2 3 |
# service apache24 configtest Performing sanity check on apache24 configuration: Syntax OK |
Apache restart
|
1 2 3 4 5 6 7 8 |
# service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 57824. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
3.5 PHP operation check
Create "info.php" in the document root of the web server
|
1 2 3 4 |
# vi /usr/local/www/apache24/data/[FQDN]/info.php <?php phpinfo(); ?> |
If you access "http://[FQDN]/info.php" with a browser and see the following, it is OK
