Contents
1. Apache2
1.1 Install
1 2 |
# cd /usr/ports/www/apache24 # make config |
There are many options, but we will proceed with the defaults
After confirmation, install
Various screens appear, but the default is fine.
1 |
# make |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# make install ===> Installing for apache24-2.4.57_1 ===> Checking if apache24 is already installed ===> Registering installation for apache24-2.4.57_1 Installing apache24-2.4.57_1... ===> Creating groups. Using existing group 'www'. ===> Creating users Using existing user 'www'. To run apache www server from startup, add apache24_enable="yes" in your /etc/rc.conf. Extra options can be found in startup script. Your hostname must be resolvable using at least 1 mechanism in /etc/nsswitch.conf typically DNS or /etc/hosts or apache might have issues starting depending on the modules you are using. - apache24 default build changed from static MPM to modular MPM - more modules are now enabled per default in the port - icons and error pages moved from WWWDIR to DATADIR If build with modular MPM and no MPM is activated in httpd.conf, then mpm_prefork will be activated as default MPM in etc/apache24/modules.d to keep compatibility with existing php/perl/python modules! Please compare the existing httpd.conf with httpd.conf.sample and merge missing modules/instructions into httpd.conf! ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/libexec/apache24/mod_cgid.so If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: https://httpd.apache.org/ |
1.2 apache24 - setting
①extra/httpd-default.conf editing
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /usr/local/etc/apache24/extra/httpd-default.conf Per Line 55 ServerTokens ProductOnly The default setting is "Full", but change it to "ProductOnly". Per Line 65 ServerSignature Off Leave "Off" as the default setting. Per Line 75 HostnameLookups On The default is "Off". When "On", the client's domain name is recorded in the web server log. Setting it to "Off" may speed up access just a little. |
➁httpd.conf editing
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# vi /usr/local/etc/apache24/httpd.conf Per Line160 : Uncomment LoadModule dav_module libexec/apache24/mod_dav.so Per Line217 : Change to administrator's email address ServerAdmin you@example.com Per Line226 : Definition of the server's domain name and listening port number. ServerName www.example.com:80 Per Line250 : document root DocumentRoot "/usr/local/www/apache24/data" Per Line251 : Defines the behavior of the document root. # Possible values for the Options directive are "None", "All", <Directory "/usr/local/www/apache24/data"> # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # AllowOverride FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Require all granted </Directory> Per Line263 Indexes" defines the behavior when there is no"index.html". When there is no "Index.html" and the directory itself is not displayed, use "-Indexes". To display the contents of a directory, write "+Indexes". FollowSymLinks" defines whether symbolic links are enabled or disabled. To enable, use "+FollowSymLinks". To disable, use "-FollowSymLinks". To change the output destination of the error log, edit the following. ErrorLog /var/log/httpd-error.log To change the output destination of the access log, edit the following. Per Line311 <IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # # CustomLog "/var/log/httpd-access.log" common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # CustomLog "/var/log/httpd-access.log" combined </IfModule> Per Line321 :LogFormat" defines the log output format. Per Line331 :comment-out Per Line337 :We recommend uncommenting and setting "combined" to log a variety of information. The following specifies the location where the "CGI" script files are placed. Per Line383 <Directory "/usr/local/www/apache24/cgi-bin"> AllowOverride None Options None Require all granted </Directory> To enable the setting to "/usr/local/etc/apache24/extra/httpd-default.conf" configured in the previous section, delete "#" at the beginning of the following and enable "Include". Per Line518 : Uncomment Include etc/apache24/extra/httpd-default.conf |
1.3 Start apache
Enable automatic apache startup
1 2 |
# service apache24 enable apache24 enabled in /etc/rc.conf |
Scripts for startup and shutdown are located in /usr/local/etc/rc.d/apache24
Check the configuration file
If the description is correct, "Syntax OK" is printed.
1 2 3 |
# service apache24 configtest Performing sanity check on apache24 configuration: Syntax OK |
Apache start
1 2 3 4 |
# service apache24 start Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
If you access the server from the client (http://server IP address [or domain name]) and see the following, it is normal.
1.4 Virtual Host Settings
document root: /usr/local/www/apache24/data/[FQDN]/
dpmain : [FQDN]
Set up virtual hosts
1 2 3 |
# vi /usr/local/etc/apache24/httpd.conf Fill in the following at the end Include etc/apache24/extra/bsd-vhost.conf |
Create new bsd-vhost.conf under /usr/local/etc/apache24/extra
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# cd /usr/local/etc/apache24/extra # vi bsd-vhost.conf Created with the following content <VirtualHost *:80> ServerAdmin Administrator's email address DocumentRoot "/usr/local/www/apache24/data/[FQDN]" ServerName [FQDN] ErrorLog "/var/log/[FQDN].com-error_log" CustomLog "/var/log/[FQDN]-access_log" common </VirtualHost> <Directory /usr/local/www/apache24/data/[FQDN]> AddHandler cgi-script .cgi Options FollowSymlinks Includes AllowOverride All Require all granted </Directory> |
directory creation
1 2 3 |
# mkdir /usr/local/www/apache24/data/[FQDN] # chown -R www:www /usr/local/www/apache24/data/[FQDN] |
Apache restart
1 2 3 4 5 6 7 8 |
# service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 56749. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
1.5 apache24 - Running cgi
Checking Installation Options
Check the installation options with the following commands.
1 2 |
# cd /usr/ports/www/apache24 # make config |
By default, either or both "CGI" or "CGID" are checked, so they are already installed.
If not, check them and "make clean", "make", or "make reinstall".
Check "The default MPM Module" to see which one is checked. If it is not checked, check it and reinstall.
p5-CGI Install
Check if it is installed with the following command
1 2 3 |
# portversion -v | grep p5-CGI [Reading data from pkg(8) ... - 165 packages found - done] p5-CGI-4.57 = up-to-date with port |
If it is not installed, install it with the following command
1 2 3 |
# cd /usr/ports/www/p5-CGI # make # make install |
httpd.conf editing
1 2 3 4 5 6 7 8 9 10 11 12 |
# vi /usr/local/etc/apache24/httpd.conf Per Line166,169 : Uncomment <IfModule !mpm_prefork_module> LoadModule cgid_module libexec/apache24/mod_cgid.so </IfModule> <IfModule mpm_prefork_module> LoadModule cgi_module libexec/apache24/mod_cgi.so </IfModule> Per Line 431 : Uncomment AddHandler cgi-script .cgi |
Apache restart
1 2 3 4 5 6 7 8 |
# service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 56818. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
2. MySQL Install
Install MySQL before installing PHP
1 |
# pkg install -y mysql80-client mysql80-server |
Check version
1 2 |
# mysql --version mysql Ver 8.0.32 for FreeBSD13.1 on amd64 (Source distribution) |
Enable and start MySQL
1 2 3 4 |
# sysrc mysql_enable=yes mysql_enable: -> yes # service mysql-server start Starting mysql. |
MySQL Startup Confirmation
1 2 |
# service mysql-server status mysql is running as pid 59141. |
Running Security Scripts
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# mysql_secure_installation mysql_secure_installation: [ERROR] unknown variable 'prompt=\u@\h [\d]>\_'. Securing the MySQL server deployment. Connecting to MySQL using a blank password. VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component? Press y|Y for Yes, any other key for No: y There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0 Please set the password for root here. New password: Re-enter new password: Estimated strength of the password: 100 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success. All done! |
To log in to the mysql server afterwards
mysql -u root -p
Enter password: Password set above
1 2 |
# mysql -u root -p Enter password: Password set above |
3. apache24 - PHP 8.0
3.1 PHP Install
1 2 |
# cd /usr/ports/lang/php83 # make config |
The "ZTS" option is required for thread-safe operation.
The rest is by default.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# make # make install clean ===> Installing for php83-8.3.0.b1 ===> Checking if php83 is already installed ===> Registering installation for php83-8.3.0.b1 Installing php83-8.3.0.b1... ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/lib/libphp.so /usr/local/bin/php /usr/local/bin/php-cgi /usr/local/sbin/php-fpm If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: https://www.php.net/ |
3.2 php83-extensions Install
1 2 |
# cd /usr/ports/lang/php83-extensions # make config |
Do not uncheck anything that is checked by default.
If you plan to install "WordPress", "CURL" is a must check for updates.
GD" and "GETTEXT" should also be checked as they may be used in other modules.
If you use Japanese, "MBSTRING" is required and checked.
If you use "MySQL", "MYSQLI" is required and checked.
If you plan to install "WordPress", "ZLIB" is a must check.
1 2 3 4 5 6 7 |
# make Various inquiry screens appear, but all default to Enter # make install clean ===> Installing for php83-extensions-1.0 ===> Checking if php83-extensions is already installed ===> Registering installation for php83-extensions-1.0 Installing php83-extensions-1.0... |
3.3 mod_php83 Install
1 2 |
# cd /usr/ports/www/mod_php83 # make config |
As before, check the "ZTS" option.
Leave the others as defaults
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# make # make install clean ===> Installing for mod_php83-8.3.0.b1 ===> Checking if mod_php83 is already installed ===> Registering installation for mod_php83-8.3.0.b1 Installing mod_php83-8.3.0.b1... [activating module `php' in /usr/local/etc/apache24/httpd.conf] ****************************************************************************** Make sure index.php is part of your DirectoryIndex. You should add the following to your Apache configuration file: <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> ****************************************************************************** If you are building PHP-based ports in poudriere(8) or Synth with ZTS enabled, add WITH_MPM=event to /etc/make.conf to prevent build failures. ****************************************************************************** ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/libexec/apache24/libphp.so If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: https://www.php.net/ |
3.4 PHP - initialization
①Configuration file "php.ini" setting
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# cd /usr/local/etc/ # cp php.ini-production php.ini # vi /usr/local/etc/php.ini Line 518 display_errors = Off Line 713 post_max_size = 300M Line 865 upload_max_filesizeupload_max_filesize = 200M Line 989 : Uncommented and added "Asia/Tokyo" to the time zone setting. [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = "Asia/Tokyo" |
➁httpd.conf editing
1 2 3 4 5 6 7 8 9 10 11 |
# vi /usr/local/etc/apache24/httpd.conf Line 284 : Use "index.php" as directory index <IfModule dir_module> DirectoryIndex index.html index.php ←Add </IfModule> Per Line423 Add the following two lines. AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps |
Apache Configuration Check
If "Syntax OK" is displayed, it is normal.
1 2 3 |
# service apache24 configtest Performing sanity check on apache24 configuration: Syntax OK |
Apache restart
1 2 3 4 5 6 7 8 |
# service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 57824. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. |
3.5 PHP operation check
Create "info.php" in the document root of the web server
1 2 3 |
# vi /usr/local/www/apache24/data/[FQDN]/info.php <?php phpinfo(); |
If you access "http://domain-name/info.php" with a browser and see the following, it is OK