Thursday 27 October 2016

How to Install Apache webserver in a FreeNAS Jail

بسم الله الرحمن الرحيم


Abstract


  • A tutorial to install the Apache webserver in FreeNAS 9.10 Jail.
  • Configure and enable SSL on Apache.
  • Enable Virtual Hosts.
  • Enable and configure Apache Server Pool Management.
  • Configure Apache to run CGI and Perl scripts. 
  • Install and configure php56. 


Assumptions and Prerequisites



  • Domain: example.com
  • Hostname: www.example.com
  • System Notification Email: info@example.com 
  • OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
  • Container: Warden Jail
  • Jail Name: www
  • Private IP: 10.0.0.56
  • Subnet Mask: 255.255.255.0/24
  • Server Location: Melbourne, Australia
  • Webserver and Version: Apache v2.4.23_1
  • Apache Document Root Directory: /usr/local/www/apache24/data
  • Apache MPM: Prefork Module
  • Disable Directory Browsing.
  • Allow Over Ride All to .htaccess files.
  • CA Certificate File: /usr/local/etc/ssl/certs/ca.pem
  • SSL Certificate File: /usr/local/etc/ssl/certs/www.example.com.crt
  • SSL Key File: /usr/local/etc/ssl/private/www.example.com.key


Instructions


- Install Apache2.4
# pkg install apache24

 - Configure Apache settings
Edit file /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (214) ServerAdmin info@example.com
   (222) ServerName www.example.com
   (260) Options -Indexes +FollowSymLinks
   (267) AllowOverride All

- Set Server Defaults for Production Server
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (505) Include etc/apache24/extra/httpd-default.conf
Edit /usr/local/etc/apache24/extra/httpd-default.conf
# vi /usr/local/etc/apache24/extra/httpd-default.conf
   (55)  ServerTokens Prod

Enable apache to run and start on boot.
# sysrc apache24_enable="yes"
Start Apache Server
# service apache24 start

- Generate Self-Signed Certificate Authority, Server Certificate and Key.

Enable SSL 

Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (89)   LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
   (144)  LoadModule ssl_module libexec/apache24/mod_ssl.so
   (513)  Include etc/apache24/extra/httpd-ssl.conf
Edit /usr/local/etc/apache24/extra/httpd-ssl.conf
# vi /usr/local/etc/apache24/extra/httpd-ssl.conf
   (52)   #SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
   (53)   #SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
   (65)   SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
   (66)   SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
   (124)  DocumentRoot "/usr/local/www/apache24/data"
   (125)  ServerName www.example.com:443
   (126)  ServerAdmin info@example.com
   (127)  ErrorLog "/var/log/httpd-error.log"
   (128)  TransferLog "/var/log/httpd-access.log"
   (144)  SSLCertificateFile "/ust/local/etc/ssl/certs/www.example.com.crt"
   (154)  SSLCertificateKeyFile "/usr/local/etc/ssl/certs/www.example.com.key"
   (175)  SSLCACertificateFile "/usr/local/etc/ssl/certs/ca.pem"
Reload new settings for Apache
# service apache24 graceful

Enable Virtual Hosts

- Enable Virtualhosts to redirect traffic from unecrypted port (80) to encrypted port (443).
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (496)  Include etc/apache24/extra/httpd-vhosts.conf
Edit /usr/local/etc/apache24/extra/httpd-vhosts.conf
# vi /usr/local/etc/apache24/extra/httpd-vhosts.conf
   (23)  
   (24)       ServerAdmin info@example.com
   (25)       DocumentRoot "/usr/local/www/apache24/data"
   (26)       ServerName www.example.com
   (27)       ServerAlias www.example.com
   (28)       ErrorLog "/var/log/www.example.com-error_log"
   (29)       CustomLog "/var/log/www.example.com-access_log" common
   (30)       Redirect "/" "https://www.example.com"
   (31)  
Reload new settings for Apache
# service apache24 graceful


Enable Server Pool Management

Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (478)  Include etc/apache24/extra/httpd-mpm.conf
Change the number of concurrent connections for the server from 250 to 50 by editing the /usr/local/etc/apache24/extra/httpd-mpm.conf file
# vi /usr/local/etc/apache24/extra/httpd-mpm.conf
   (32)    MaxRequestWorkers      50
Reload new settings for Apache
# service apache24 graceful

Enable CGI and Perl Scripts


Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (162)   LoadModule cgid_module libexec/apache24/mod_cgid.so
   (165)   LoadModule cgi_module libexec/apache24/mod_cgi.so
   (260)   Options -Indexes +FollowSymLinks +ExecCGI
   (418)   AddHandler cgi-script .cgi .pl
Reload new settings for Apache
# service apache24 graceful

 - Create CGI Script to test on Server
Create file /usr/local/www/apache24/data/index.cgi
#vi /usr/local/www/apache24/data/index.cgi
   (1)     #!/usr/local/bin/perl
   (2)     print "Content-type: text/html\n\n";
   (3)     print "<html>\n<body>\n";
   (4)     print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
   (5)     print "CGI Test Page";
   (6)     print "\n</div>\n";
   (7)     print "</body>\n</html>\n";
Change Permissions of file
# chmod 705 /usr/local/www/apache24/data/index.cgi
- Test Script in Browser

- Create Perl Script to test on Server
Create file /usr/local/www/apache24/data/index.pl
#vi /usr/local/www/apache24/data/index.pl
   (1)     #!/usr/local/bin/perl
   (2)     print "Content-type: text/html\n\n";
   (3)     print "<html>\n<body>\n";
   (4)     print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
   (5)     print "Perl Test Page";
   (6)     print "\n</div>\n";
   (7)     print "</body>\n</html>\n";
- Change Permissions of file
# chmod 705 /usr/local/www/apache24/data/index.pl
- Test Script in Browser

Install and Enable  php56

# pkg install -y php56 mod_php56 php56-mysql php56-mysqli php56-extensions
Create file php56 configuration file /usr/local/etc/apache24/includes/php56.conf
# vi /usr/local/etc/apache24/includes/php56.conf
   (1)     <FilesMatch "\.php$">
   (2)         SetHandler application/x-httpd-php
   (3)     </FilesMatch>
   (4)     <FilesMatch "\.phps$">
   (5)         SetHandler application/x-httpd-php-source
   (6)     </FilesMatch>
Reload new settings for Apache
# service apache24 graceful

- Change script preference to execute index.php over index.html
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (281)  DirectoryIndex index.php index.html
- Copy php.ini-production to php.ini
# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
- Edit file /usr/local/etc/php.ini
# vi /usr/local/etc/php.ini
   (936)   date.timezone = "Australia\Melbourne"
Reload new settings for Apache
# service apache24 graceful

- Create php Script to test on Server
Create file /usr/local/www/apache24/data/index.php
# vi /usr/local/www/apache24/data/index.php
   (1)       <html>
   (2)       <body>
   (3)       <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
   (4)       <?php
   (5)            print Date("Y/m/d");
   (6)       ?>
   (7)       </div>
   (8)       </body>
   (9)       </html>
- Test Script in Browser

- Links
Posted by at
Labels: , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)