D26386.id76864.diff
No OneTemporary
Actions

Size

9 KB

Referenced Files

None

Subscribers

None

D26386.id76864.diff
View Options

	Index: en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
	===================================================================
	--- en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
	+++ en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
	@@ -3526,7 +3526,7 @@
	modules.</para>

	<sect3>
	- <title><filename>mod_ssl</filename></title>
	+ <title>SSL support</title>

	<indexterm>
	<primary>web servers</primary>
	@@ -3535,19 +3535,59 @@
	<indexterm><primary>SSL</primary></indexterm>
	<indexterm><primary>cryptography</primary></indexterm>

	- <para>The <filename>mod_ssl</filename> module uses the
	- <application>OpenSSL</application> library to provide strong
	- cryptography via the Secure Sockets Layer
	- (<acronym>SSLv3</acronym>) and Transport Layer Security
	- (<acronym>TLSv1</acronym>) protocols. This module provides
	- everything necessary to request a signed certificate from a
	- trusted certificate signing authority to run a secure web
	- server on &os;.</para>
	+ <para>At one in point in time, support for <acronym>SSL</acronym>
	+ inside of Apache required a secondary module called
	+ <filename>mod_ssl</filename>. This is no longer the case and
	+ the default install of Apache comes with <acronym>SSL</acronym>
	+ built into the web server. An example of how to enable
	+ support for <acronym>SSL</acronym> websites is available
	+ in the installed file, <filename>httpd-ssl.conf</filename>
	+ inside of the
	+ <filename role="directory">/usr/local/etc/apache24/extra</filename>
	+ directory. Inside this directory is also a sample file called
	+ named <filename>ssl.conf-sample</filename>. It is recommended
	+ that both files be evaluated to properly set up secure websites
	+ in the Apache web server.</para>

	- <para>In &os;, <filename>mod_ssl</filename> module is enabled
	- by default in both the package and the port. The available
	- configuration directives are explained at <uri
	- xlink:href="http://httpd.apache.org/docs/current/mod/mod_ssl.html">http://httpd.apache.org/docs/current/mod/mod_ssl.html</uri>.</para>
	+ <para>After the configuration of <acronym>SSL</acronym> is
	+ complete, the following line must be uncommented in the main
	+ <filename>http.conf</filename> to activate the changes on the
	+ next restart or reload of Apache:</para>
	+
	+ <programlisting>#Include etc/apache24/extra/httpd-ssl.conf</programlisting>
	+
	+ <warning>
	+ <para><acronym>SSL</acronym> version two and version three have
	+ known vulnerability issues. It is highly recommend TLS version
	+ 1.2 and 1.3 be enabled in place of the older SSL options.
	+ This can be accomplished by setting the following options in the
	+ <filename>ssl.conf</filename>:</para>
	+ </warning>
	+
	+ <programlisting>SSLProtocol all -SSLv3 -SSLv2 +TLSv1.2 +TLSv1.3
	+SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1</programlisting>
	+
	+ <para>To complete the configuration of <acronym>SSL</acronym> in
	+ in the web server, uncomment the following line to ensure that
	+ the configuration will be pulled into Apache during restart or
	+ reload:</para>
	+
	+ <programlisting># Secure (SSL/TLS) connections
	+Include etc/apache24/extra/httpd-ssl.conf</programlisting>
	+
	+ <para>The following lines must also be uncommented in the
	+ <filename>httpd.conf</filename> to fully support
	+ <acronym>SSL</acronym> in Apache:</para>
	+
	+ <programlisting>LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
	+LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
	+LoadModule ssl_module libexec/apache24/mod_ssl.so</programlisting>
	+
	+ <para>The next step is to work with a certificate authority
	+ to have the appropriate certificates installed on the
	+ system. This will set up a train of trust for your users
	+ prevent warnings of self-signed certifications.</para>
	+
	</sect3>

	<sect3>
	@@ -3601,52 +3641,87 @@
	allowing web developers to write dynamically generated
	webpages quickly.</para>

	- <para>To gain support for <acronym>PHP</acronym>5 for the
	- <application>Apache</application> web server, install the
	- <package>www/mod_php56</package> package or port. This will
	- install and configure the modules required to support
	- dynamic <acronym>PHP</acronym> applications. The
	- installation will automatically add this line to
	- <filename>/usr/local/etc/apache2<replaceable>4</replaceable>/httpd.conf</filename>:</para>
	+ <para>Support for <acronym>PHP</acronym> for apache and
	+ any other feature written in the language, can be added
	+ by installing the appropriate port.</para>

	- <programlisting>LoadModule php5_module libexec/apache24/libphp5.so</programlisting>
	+ <para>For all supported versions, search the package database
	+ using <command>pkg</command>. Here is an example of the
	+ available <acronym>PHP</acronym> packages as of the time
	+ of this writing:</para>

	-<!--
	-I do not think this is still needed
	-AddModule mod_php5.c
	- <IfModule mod_php5.c>
	- DirectoryIndex index.php index.html
	- </IfModule>
	- <IfModule mod_php5.c>
	- AddType application/x-httpd-php .php
	- AddType application/x-httpd-php-source .phps
	- </IfModule></programlisting>
	+ <screen>&prompt.root; <userinput>pkg search php</userinput></screen>

	- -->
	+ <para>A list will be displayed including the versions and
	+ additional features they provide. The components are
	+ completely modular, meaning features are enabled by
	+ installing the appropriate port. To install
	+ <acronym>PHP</acronym> version 7.4 for Apache, issue
	+ the following command:</para>

	- <para>Then, perform a graceful restart to load the
	- <acronym>PHP</acronym> module:</para>
	+ <screen>&prompt.root; <userinput>pkg install mod_php74</userinput></screen>

	- <screen>&prompt.root; <userinput>apachectl graceful</userinput></screen>
	+ <para>If any dependency packages need to be installed, they will
	+ be installed as well.</para>

	- <para>The <acronym>PHP</acronym> support provided by
	- <package>www/mod_php56</package> is limited. Additional
	- support can be installed using the
	- <package>lang/php56-extensions</package> port which provides
	- a menu driven interface to the available
	- <acronym>PHP</acronym> extensions.</para>
	+ <para>By default, <acronym>PHP</acronym> will not be
	+ enabled. The following lines will need to be added to
	+ the Apache configuration file located in
	+ <filename role="directory">/usr/local/etc/apache24</filename>
	+ to make it active:</para>

	- <para>Alternatively, individual extensions can be installed
	- using the appropriate port. For instance, to add
	- <acronym>PHP</acronym> support for the
	- <application>MySQL</application> database server, install
	- <package>databases/php56-mysql</package>.</para>
	+ <programlisting><FilesMatch "\.php$">
	+ SetHandler application/x-httpd-php
	+</FilesMatch>
	+<FilesMatch "\.phps$">
	+ SetHandler application/x-httpd-php-source
	+</FilesMatch></programlisting>

	- <para>After installing an extension, the
	- <application>Apache</application> server must be reloaded to
	- pick up the new configuration changes:</para>
	+ <para>In addition, the <option>DirectoryIndex</option> in
	+ the configuration file will also need to be updated
	+ and Apache will either need to be restarted or reloaded
	+ for the changes to take effect.</para>

	+ <para>Support for many of the <acronym>PHP</acronym>
	+ features may also be installed by using
	+ <command>pkg</command>. For example, to install
	+ support for <acronym>XML</acronym> or
	+ <acronym>SSL</acronym>, install their respective
	+ ports:</para>
	+
	+ <screen>&prompt.root; <userinput>pkg install php74-xml php74-openssl</userinput></screen>
	+
	+ <para>As before, the Apache configuration will need to be
	+ reloaded for the changes to take effect, even in cases
	+ where it was just a module install.</para>
	+
	+ <para>To perform a graceful restart to reload the
	+ configuration, issue the following command:</para>
	+
	<screen>&prompt.root; <userinput>apachectl graceful</userinput></screen>
	+
	+ <para>Once the install is complete, there are two methods of
	+ obtaining the installed <acronym>PHP</acronym> support modules
	+ and the environmental information of the build. The first is
	+ to install the full <acronym>PHP</acronym> binary and running
	+ the command to gain the information:</para>
	+
	+ <screen>&prompt.root; <userinput>pkg install php74</userinput></screen>
	+ <screen>&prompt.root; <userinput>php -i \|less</userinput></screen>
	+
	+ <para>It is necessary to pass the output to a pager, such as
	+ the <command>more</command> or <command>less</command> to
	+ easier digest the amount of output.</para>
	+
	+ <para>Finally, to make any changes to the global configuration
	+ of <acronym>PHP</acronym> there is a well documented file
	+ installed into
	+ <filename role="directory">/usr/local/etc/php.ini</filename>.
	+ At the time of install, this file will not exist because there
	+ are two versions to choose from, one is
	+ <filename>php.ini-development</filename> and the other is
	+ <filename>php.ini-production</filename>. These are starting
	+ points to assist administrators in their deployment.</para>
	</sect3>
	</sect2>

File Metadata

Mime Type: text/plain
Expires: Thu, Jan 22, 9:14 AM (3 h, 33 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27839120
Default Alt Text: D26386.id76864.diff (9 KB)

D26386.id76864.diffNo OneTemporaryActions

D26386.id76864.diffView Options

File Metadata

Event Timeline

D26386.id76864.diff
No OneTemporary
Actions

D26386.id76864.diff
View Options