Changeset View
Changeset View
Standalone View
Standalone View
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Show First 20 Lines • Show All 3,520 Lines • ▼ Show 20 Lines | </VirtualHost></programlisting> | ||||
<filename>/usr/ports/www/apache24</filename> to see which | <filename>/usr/ports/www/apache24</filename> to see which | ||||
modules are available and which are enabled by default. If | modules are available and which are enabled by default. If | ||||
the module is not compiled with the port, the &os; Ports | the module is not compiled with the port, the &os; Ports | ||||
Collection provides an easy way to install many modules. This | Collection provides an easy way to install many modules. This | ||||
section describes three of the most commonly used | section describes three of the most commonly used | ||||
modules.</para> | modules.</para> | ||||
<sect3> | <sect3> | ||||
<title><filename>mod_ssl</filename></title> | <title>SSL support</title> | ||||
<indexterm> | <indexterm> | ||||
<primary>web servers</primary> | <primary>web servers</primary> | ||||
<secondary>secure</secondary> | <secondary>secure</secondary> | ||||
</indexterm> | </indexterm> | ||||
<indexterm><primary>SSL</primary></indexterm> | <indexterm><primary>SSL</primary></indexterm> | ||||
<indexterm><primary>cryptography</primary></indexterm> | <indexterm><primary>cryptography</primary></indexterm> | ||||
<para>The <filename>mod_ssl</filename> module uses the | <para>At one in point in time, support for <acronym>SSL</acronym> | ||||
<application>OpenSSL</application> library to provide strong | inside of Apache required a secondary module called | ||||
cryptography via the Secure Sockets Layer | <filename>mod_ssl</filename>. This is no longer the case and | ||||
(<acronym>SSLv3</acronym>) and Transport Layer Security | the default install of Apache comes with <acronym>SSL</acronym> | ||||
(<acronym>TLSv1</acronym>) protocols. This module provides | built into the web server. An example of how to enable | ||||
everything necessary to request a signed certificate from a | support for <acronym>SSL</acronym> websites is available | ||||
trusted certificate signing authority to run a secure web | in the installed file, <filename>httpd-ssl.conf</filename> | ||||
server on &os;.</para> | inside of the | ||||
<filename role="directory">/usr/local/etc/apache24/extra</filename> | |||||
directory. Inside this directory is also a sample file called | |||||
named <filename>ssl.conf-sample</filename>. It is recommended | |||||
that both files be evaluated to properly set up secure websites | |||||
in the Apache web server.</para> | |||||
<para>In &os;, <filename>mod_ssl</filename> module is enabled | <para>After the configuration of <acronym>SSL</acronym> is | ||||
by default in both the package and the port. The available | complete, the following line must be uncommented in the main | ||||
configuration directives are explained at <uri | <filename>http.conf</filename> to activate the changes on the | ||||
xlink:href="http://httpd.apache.org/docs/current/mod/mod_ssl.html">http://httpd.apache.org/docs/current/mod/mod_ssl.html</uri>.</para> | next restart or reload of Apache:</para> | ||||
<programlisting>#Include etc/apache24/extra/httpd-ssl.conf</programlisting> | |||||
<warning> | |||||
<para><acronym>SSL</acronym> version two and version three have | |||||
known vulnerability issues. It is highly recommended TLS version | |||||
bcr: s/recommend/recommended/ | |||||
1.2 and 1.3 be enabled in place of the older SSL options. | |||||
This can be accomplished by setting the following options in the | |||||
<filename>ssl.conf</filename>:</para> | |||||
</warning> | |||||
<programlisting>SSLProtocol all -SSLv3 -SSLv2 +TLSv1.2 +TLSv1.3 | |||||
SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1</programlisting> | |||||
<para>To complete the configuration of <acronym>SSL</acronym> | |||||
Done Inline ActionsSuperfluous "in" bcr: Superfluous "in" | |||||
in the web server, uncomment the following line to ensure that | |||||
the configuration will be pulled into Apache during restart or | |||||
reload:</para> | |||||
<programlisting># Secure (SSL/TLS) connections | |||||
Include etc/apache24/extra/httpd-ssl.conf</programlisting> | |||||
<para>The following lines must also be uncommented in the | |||||
<filename>httpd.conf</filename> to fully support | |||||
<acronym>SSL</acronym> in Apache:</para> | |||||
<programlisting>LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so | |||||
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so | |||||
LoadModule ssl_module libexec/apache24/mod_ssl.so</programlisting> | |||||
<para>The next step is to work with a certificate authority | |||||
to have the appropriate certificates installed on the | |||||
system. This will set up a chain of trust for your users | |||||
Done Inline ActionsIs it "train of trust" or "chain of trust"? There seems to be a word missing between "users" and "prevent". bcr: Is it "train of trust" or "chain of trust"?
There seems to be a word missing between "users"… | |||||
bcrUnsubmitted Done Inline ActionsOne more thing I noticed just now that I reread it: we discourage the use of "you". bcr: One more thing I noticed just now that I reread it: we discourage the use of "you".
See the "Be… | |||||
trhodesAuthorUnsubmitted Done Inline ActionsI'll change it to "for site visitors" or you think something else, such as end users is better? trhodes: I'll change it to "for site visitors" or you think something else, such as end users is better? | |||||
and prevent warnings of self-signed certificates.</para> | |||||
</sect3> | </sect3> | ||||
<sect3> | <sect3> | ||||
<title><filename>mod_perl</filename></title> | <title><filename>mod_perl</filename></title> | ||||
<indexterm> | <indexterm> | ||||
<primary>mod_perl</primary> | <primary>mod_perl</primary> | ||||
<secondary>Perl</secondary> | <secondary>Perl</secondary> | ||||
Show All 37 Lines | <para><firstterm>PHP: Hypertext Preprocessor</firstterm> | ||||
(<acronym>PHP</acronym>) is a general-purpose scripting | (<acronym>PHP</acronym>) is a general-purpose scripting | ||||
language that is especially suited for web development. | language that is especially suited for web development. | ||||
Capable of being embedded into <acronym>HTML</acronym>, its | Capable of being embedded into <acronym>HTML</acronym>, its | ||||
syntax draws upon <application>C</application>, &java;, and | syntax draws upon <application>C</application>, &java;, and | ||||
<application>Perl</application> with the intention of | <application>Perl</application> with the intention of | ||||
allowing web developers to write dynamically generated | allowing web developers to write dynamically generated | ||||
webpages quickly.</para> | webpages quickly.</para> | ||||
<para>To gain support for <acronym>PHP</acronym>5 for the | <para>Support for <acronym>PHP</acronym> for | ||||
<application>Apache</application> web server, install the | <application>Apache</application and any other feature | ||||
<package>www/mod_php56</package> package or port. This will | written in the language, can be added | ||||
install and configure the modules required to support | by installing the appropriate port.</para> | ||||
Done Inline ActionsYou could have kept the <application>Apache</application> part here. bcr: You could have kept the <application>Apache</application> part here. | |||||
dynamic <acronym>PHP</acronym> applications. The | |||||
installation will automatically add this line to | |||||
<filename>/usr/local/etc/apache2<replaceable>4</replaceable>/httpd.conf</filename>:</para> | |||||
<programlisting>LoadModule php5_module libexec/apache24/libphp5.so</programlisting> | <para>For all supported versions, search the package database | ||||
using <command>pkg</command>. Here is an example of the | |||||
available <acronym>PHP</acronym> packages as of the time | |||||
of this writing:</para> | |||||
<!-- | <screen>&prompt.root; <userinput>pkg search php</userinput></screen> | ||||
I do not think this is still needed | |||||
AddModule mod_php5.c | |||||
<IfModule mod_php5.c> | |||||
DirectoryIndex index.php index.html | |||||
</IfModule> | |||||
<IfModule mod_php5.c> | |||||
AddType application/x-httpd-php .php | |||||
AddType application/x-httpd-php-source .phps | |||||
</IfModule></programlisting> | |||||
--> | <para>A list will be displayed including the versions and | ||||
additional features they provide. The components are | |||||
completely modular, meaning features are enabled by | |||||
installing the appropriate port. To install | |||||
<acronym>PHP</acronym> version 7.4 for Apache, issue | |||||
the following command:</para> | |||||
<para>Then, perform a graceful restart to load the | <screen>&prompt.root; <userinput>pkg install mod_php74</userinput></screen> | ||||
<acronym>PHP</acronym> module:</para> | |||||
<screen>&prompt.root; <userinput>apachectl graceful</userinput></screen> | <para>If any dependency packages need to be installed, they will | ||||
be installed as well.</para> | |||||
<para>The <acronym>PHP</acronym> support provided by | <para>By default, <acronym>PHP</acronym> will not be | ||||
<package>www/mod_php56</package> is limited. Additional | enabled. The following lines will need to be added to | ||||
support can be installed using the | the Apache configuration file located in | ||||
<package>lang/php56-extensions</package> port which provides | <filename role="directory">/usr/local/etc/apache24</filename> | ||||
a menu driven interface to the available | to make it active:</para> | ||||
Not Done Inline ActionsHow about simply "to activate it"? bcr: How about simply "to activate it"? | |||||
Done Inline ActionsThis is definitely less wordy, I'm trying to avoid ending a sentence with a preposition. :) Maybe "to activate the new configuration" ? Or just leave it as is for now? trhodes: This is definitely less wordy, I'm trying to avoid ending a sentence with a preposition. :)… | |||||
<acronym>PHP</acronym> extensions.</para> | |||||
<para>Alternatively, individual extensions can be installed | <programlisting><FilesMatch "\.php$"> | ||||
using the appropriate port. For instance, to add | SetHandler application/x-httpd-php | ||||
<acronym>PHP</acronym> support for the | </FilesMatch> | ||||
<application>MySQL</application> database server, install | <FilesMatch "\.phps$"> | ||||
<package>databases/php56-mysql</package>.</para> | SetHandler application/x-httpd-php-source | ||||
</FilesMatch></programlisting> | |||||
<para>After installing an extension, the | <para>In addition, the <option>DirectoryIndex</option> in | ||||
<application>Apache</application> server must be reloaded to | the configuration file will also need to be updated | ||||
pick up the new configuration changes:</para> | and Apache will either need to be restarted or reloaded | ||||
for the changes to take effect.</para> | |||||
<para>Support for many of the <acronym>PHP</acronym> | |||||
features may also be installed by using | |||||
<command>pkg</command>. For example, to install | |||||
support for <acronym>XML</acronym> or | |||||
<acronym>SSL</acronym>, install their respective | |||||
ports:</para> | |||||
<screen>&prompt.root; <userinput>pkg install php74-xml php74-openssl</userinput></screen> | |||||
<para>As before, the Apache configuration will need to be | |||||
reloaded for the changes to take effect, even in cases | |||||
where it was just a module install.</para> | |||||
<para>To perform a graceful restart to reload the | |||||
configuration, issue the following command:</para> | |||||
<screen>&prompt.root; <userinput>apachectl graceful</userinput></screen> | <screen>&prompt.root; <userinput>apachectl graceful</userinput></screen> | ||||
<para>Once the install is complete, there are two methods of | |||||
obtaining the installed <acronym>PHP</acronym> support modules | |||||
and the environmental information of the build. The first is | |||||
to install the full <acronym>PHP</acronym> binary and running | |||||
the command to gain the information:</para> | |||||
<screen>&prompt.root; <userinput>pkg install php74</userinput></screen> | |||||
<screen>&prompt.root; <userinput>php -i |less</userinput></screen> | |||||
<para>It is necessary to pass the output to a pager, such as | |||||
the <command>more</command> or <command>less</command> to | |||||
easier digest the amount of output.</para> | |||||
<para>Finally, to make any changes to the global configuration | |||||
of <acronym>PHP</acronym> there is a well documented file | |||||
installed into | |||||
<filename role="directory">/usr/local/etc/php.ini</filename>. | |||||
At the time of install, this file will not exist because there | |||||
are two versions to choose from, one is | |||||
<filename>php.ini-development</filename> and the other is | |||||
<filename>php.ini-production</filename>. These are starting | |||||
points to assist administrators in their deployment.</para> | |||||
</sect3> | </sect3> | ||||
</sect2> | </sect2> | ||||
<sect2> | <sect2> | ||||
<title>Dynamic Websites</title> | <title>Dynamic Websites</title> | ||||
<indexterm> | <indexterm> | ||||
<primary>web servers</primary> | <primary>web servers</primary> | ||||
▲ Show 20 Lines • Show All 1,067 Lines • Show Last 20 Lines |
s/recommend/recommended/