Index: en_US.ISO8859-1/books/handbook/network-servers/chapter.xml =================================================================== --- en_US.ISO8859-1/books/handbook/network-servers/chapter.xml +++ en_US.ISO8859-1/books/handbook/network-servers/chapter.xml @@ -3526,7 +3526,7 @@ modules. - <filename>mod_ssl</filename> + SSL support web servers @@ -3535,19 +3535,59 @@ SSL cryptography - The mod_ssl module uses the - OpenSSL library to provide strong - cryptography via the Secure Sockets Layer - (SSLv3) and Transport Layer Security - (TLSv1) protocols. This module provides - everything necessary to request a signed certificate from a - trusted certificate signing authority to run a secure web - server on &os;. + At one in point in time, support for SSL + inside of Apache required a secondary module called + mod_ssl. This is no longer the case and + the default install of Apache comes with SSL + built into the web server. An example of how to enable + support for SSL websites is available + in the installed file, httpd-ssl.conf + inside of the + /usr/local/etc/apache24/extra + directory. Inside this directory is also a sample file called + named ssl.conf-sample. It is recommended + that both files be evaluated to properly set up secure websites + in the Apache web server. - In &os;, mod_ssl module is enabled - by default in both the package and the port. The available - configuration directives are explained at http://httpd.apache.org/docs/current/mod/mod_ssl.html. + After the configuration of SSL is + complete, the following line must be uncommented in the main + http.conf to activate the changes on the + next restart or reload of Apache: + + #Include etc/apache24/extra/httpd-ssl.conf + + + SSL version two and version three have + known vulnerability issues. It is highly recommended TLS version + 1.2 and 1.3 be enabled in place of the older SSL options. + This can be accomplished by setting the following options in the + ssl.conf: + + + SSLProtocol all -SSLv3 -SSLv2 +TLSv1.2 +TLSv1.3 +SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + + To complete the configuration of SSL + in the web server, uncomment the following line to ensure that + the configuration will be pulled into Apache during restart or + reload: + + # Secure (SSL/TLS) connections +Include etc/apache24/extra/httpd-ssl.conf + + The following lines must also be uncommented in the + httpd.conf to fully support + SSL in Apache: + + LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so +LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so +LoadModule ssl_module libexec/apache24/mod_ssl.so + + The next step is to work with a certificate authority + to have the appropriate certificates installed on the + system. This will set up a chain of trust for your users + and prevent warnings of self-signed certificates. + @@ -3601,52 +3641,88 @@ allowing web developers to write dynamically generated webpages quickly. - To gain support for PHP5 for the - Apache web server, install the - www/mod_php56 package or port. This will - install and configure the modules required to support - dynamic PHP applications. The - installation will automatically add this line to - /usr/local/etc/apache24/httpd.conf: + Support for PHP for + Apache - LoadModule php5_module libexec/apache24/libphp5.so + For all supported versions, search the package database + using pkg. Here is an example of the + available PHP packages as of the time + of this writing: - + A list will be displayed including the versions and + additional features they provide. The components are + completely modular, meaning features are enabled by + installing the appropriate port. To install + PHP version 7.4 for Apache, issue + the following command: - Then, perform a graceful restart to load the - PHP module: + &prompt.root; pkg install mod_php74 - &prompt.root; apachectl graceful + If any dependency packages need to be installed, they will + be installed as well. - The PHP support provided by - www/mod_php56 is limited. Additional - support can be installed using the - lang/php56-extensions port which provides - a menu driven interface to the available - PHP extensions. + By default, PHP will not be + enabled. The following lines will need to be added to + the Apache configuration file located in + /usr/local/etc/apache24 + to make it active: - Alternatively, individual extensions can be installed - using the appropriate port. For instance, to add - PHP support for the - MySQL database server, install - databases/php56-mysql. + <FilesMatch "\.php$"> + SetHandler application/x-httpd-php +</FilesMatch> +<FilesMatch "\.phps$"> + SetHandler application/x-httpd-php-source +</FilesMatch> - After installing an extension, the - Apache server must be reloaded to - pick up the new configuration changes: + In addition, the in + the configuration file will also need to be updated + and Apache will either need to be restarted or reloaded + for the changes to take effect. + Support for many of the PHP + features may also be installed by using + pkg. For example, to install + support for XML or + SSL, install their respective + ports: + + &prompt.root; pkg install php74-xml php74-openssl + + As before, the Apache configuration will need to be + reloaded for the changes to take effect, even in cases + where it was just a module install. + + To perform a graceful restart to reload the + configuration, issue the following command: + &prompt.root; apachectl graceful + + Once the install is complete, there are two methods of + obtaining the installed PHP support modules + and the environmental information of the build. The first is + to install the full PHP binary and running + the command to gain the information: + + &prompt.root; pkg install php74 + &prompt.root; php -i |less + + It is necessary to pass the output to a pager, such as + the more or less to + easier digest the amount of output. + + Finally, to make any changes to the global configuration + of PHP there is a well documented file + installed into + /usr/local/etc/php.ini. + At the time of install, this file will not exist because there + are two versions to choose from, one is + php.ini-development and the other is + php.ini-production. These are starting + points to assist administrators in their deployment.