Changeset View
Changeset View
Standalone View
Standalone View
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
| Show First 20 Lines • Show All 3,520 Lines • ▼ Show 20 Lines | </VirtualHost></programlisting> | ||||
| <filename>/usr/ports/www/apache24</filename> to see which | <filename>/usr/ports/www/apache24</filename> to see which | ||||
| modules are available and which are enabled by default. If | modules are available and which are enabled by default. If | ||||
| the module is not compiled with the port, the &os; Ports | the module is not compiled with the port, the &os; Ports | ||||
| Collection provides an easy way to install many modules. This | Collection provides an easy way to install many modules. This | ||||
| section describes three of the most commonly used | section describes three of the most commonly used | ||||
| modules.</para> | modules.</para> | ||||
| <sect3> | <sect3> | ||||
| <title><filename>mod_ssl</filename></title> | <title>SSL support</title> | ||||
| <indexterm> | <indexterm> | ||||
| <primary>web servers</primary> | <primary>web servers</primary> | ||||
| <secondary>secure</secondary> | <secondary>secure</secondary> | ||||
| </indexterm> | </indexterm> | ||||
| <indexterm><primary>SSL</primary></indexterm> | <indexterm><primary>SSL</primary></indexterm> | ||||
| <indexterm><primary>cryptography</primary></indexterm> | <indexterm><primary>cryptography</primary></indexterm> | ||||
| <para>The <filename>mod_ssl</filename> module uses the | <para>At one in point in time, support for <acronym>SSL</acronym> | ||||
| <application>OpenSSL</application> library to provide strong | inside of Apache required a secondary module called | ||||
| cryptography via the Secure Sockets Layer | <filename>mod_ssl</filename>. This is no longer the case and | ||||
| (<acronym>SSLv3</acronym>) and Transport Layer Security | the default install of Apache comes with <acronym>SSL</acronym> | ||||
| (<acronym>TLSv1</acronym>) protocols. This module provides | built into the web server. An example of how to enable | ||||
| everything necessary to request a signed certificate from a | support for <acronym>SSL</acronym> websites is available | ||||
| trusted certificate signing authority to run a secure web | in the installed file, <filename>httpd-ssl.conf</filename> | ||||
| server on &os;.</para> | inside of the | ||||
| <filename role="directory">/usr/local/etc/apache24/extra</filename> | |||||
| directory. Inside this directory is also a sample file called | |||||
| named <filename>ssl.conf-sample</filename>. It is recommended | |||||
| that both files be evaluated to properly set up secure websites | |||||
| in the Apache web server.</para> | |||||
| <para>In &os;, <filename>mod_ssl</filename> module is enabled | <para>After the configuration of <acronym>SSL</acronym> is | ||||
| by default in both the package and the port. The available | complete, the following line must be uncommented in the main | ||||
| configuration directives are explained at <uri | <filename>http.conf</filename> to activate the changes on the | ||||
| xlink:href="http://httpd.apache.org/docs/current/mod/mod_ssl.html">http://httpd.apache.org/docs/current/mod/mod_ssl.html</uri>.</para> | next restart or reload of Apache:</para> | ||||
| <programlisting>#Include etc/apache24/extra/httpd-ssl.conf</programlisting> | |||||
| <warning> | |||||
| <para><acronym>SSL</acronym> version two and version three have | |||||
| known vulnerability issues. It is highly recommended TLS version | |||||
bcr: s/recommend/recommended/ | |||||
| 1.2 and 1.3 be enabled in place of the older SSL options. | |||||
| This can be accomplished by setting the following options in the | |||||
| <filename>ssl.conf</filename>:</para> | |||||
| </warning> | |||||
| <programlisting>SSLProtocol all -SSLv3 -SSLv2 +TLSv1.2 +TLSv1.3 | |||||
| SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1</programlisting> | |||||
| <para>To complete the configuration of <acronym>SSL</acronym> | |||||
Done Inline ActionsSuperfluous "in" bcr: Superfluous "in" | |||||
| in the web server, uncomment the following line to ensure that | |||||
| the configuration will be pulled into Apache during restart or | |||||
| reload:</para> | |||||
| <programlisting># Secure (SSL/TLS) connections | |||||
| Include etc/apache24/extra/httpd-ssl.conf</programlisting> | |||||
| <para>The following lines must also be uncommented in the | |||||
| <filename>httpd.conf</filename> to fully support | |||||
| <acronym>SSL</acronym> in Apache:</para> | |||||
| <programlisting>LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so | |||||
| LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so | |||||
| LoadModule ssl_module libexec/apache24/mod_ssl.so</programlisting> | |||||
| <para>The next step is to work with a certificate authority | |||||
| to have the appropriate certificates installed on the | |||||
| system. This will set up a chain of trust for your users | |||||
Done Inline ActionsIs it "train of trust" or "chain of trust"? There seems to be a word missing between "users" and "prevent". bcr: Is it "train of trust" or "chain of trust"?
There seems to be a word missing between "users"… | |||||
bcrUnsubmitted Done Inline ActionsOne more thing I noticed just now that I reread it: we discourage the use of "you". bcr: One more thing I noticed just now that I reread it: we discourage the use of "you".
See the "Be… | |||||
trhodesAuthorUnsubmitted Done Inline ActionsI'll change it to "for site visitors" or you think something else, such as end users is better? trhodes: I'll change it to "for site visitors" or you think something else, such as end users is better? | |||||
| and prevent warnings of self-signed certificates.</para> | |||||
| </sect3> | </sect3> | ||||
| <sect3> | <sect3> | ||||
| <title><filename>mod_perl</filename></title> | <title><filename>mod_perl</filename></title> | ||||
| <indexterm> | <indexterm> | ||||
| <primary>mod_perl</primary> | <primary>mod_perl</primary> | ||||
| <secondary>Perl</secondary> | <secondary>Perl</secondary> | ||||
| Show All 37 Lines | <para><firstterm>PHP: Hypertext Preprocessor</firstterm> | ||||
| (<acronym>PHP</acronym>) is a general-purpose scripting | (<acronym>PHP</acronym>) is a general-purpose scripting | ||||
| language that is especially suited for web development. | language that is especially suited for web development. | ||||
| Capable of being embedded into <acronym>HTML</acronym>, its | Capable of being embedded into <acronym>HTML</acronym>, its | ||||
| syntax draws upon <application>C</application>, &java;, and | syntax draws upon <application>C</application>, &java;, and | ||||
| <application>Perl</application> with the intention of | <application>Perl</application> with the intention of | ||||
| allowing web developers to write dynamically generated | allowing web developers to write dynamically generated | ||||
| webpages quickly.</para> | webpages quickly.</para> | ||||
| <para>To gain support for <acronym>PHP</acronym>5 for the | <para>Support for <acronym>PHP</acronym> for | ||||
| <application>Apache</application> web server, install the | <application>Apache</application and any other feature | ||||
| <package>www/mod_php56</package> package or port. This will | written in the language, can be added | ||||
| install and configure the modules required to support | by installing the appropriate port.</para> | ||||
Done Inline ActionsYou could have kept the <application>Apache</application> part here. bcr: You could have kept the <application>Apache</application> part here. | |||||
| dynamic <acronym>PHP</acronym> applications. The | |||||
| installation will automatically add this line to | |||||
| <filename>/usr/local/etc/apache2<replaceable>4</replaceable>/httpd.conf</filename>:</para> | |||||
| <programlisting>LoadModule php5_module libexec/apache24/libphp5.so</programlisting> | <para>For all supported versions, search the package database | ||||
| using <command>pkg</command>. Here is an example of the | |||||
| available <acronym>PHP</acronym> packages as of the time | |||||
| of this writing:</para> | |||||
| <!-- | <screen>&prompt.root; <userinput>pkg search php</userinput></screen> | ||||
| I do not think this is still needed | |||||
| AddModule mod_php5.c | |||||
| <IfModule mod_php5.c> | |||||
| DirectoryIndex index.php index.html | |||||
| </IfModule> | |||||
| <IfModule mod_php5.c> | |||||
| AddType application/x-httpd-php .php | |||||
| AddType application/x-httpd-php-source .phps | |||||
| </IfModule></programlisting> | |||||
| --> | <para>A list will be displayed including the versions and | ||||
| additional features they provide. The components are | |||||
| completely modular, meaning features are enabled by | |||||
| installing the appropriate port. To install | |||||
| <acronym>PHP</acronym> version 7.4 for Apache, issue | |||||
| the following command:</para> | |||||
| <para>Then, perform a graceful restart to load the | <screen>&prompt.root; <userinput>pkg install mod_php74</userinput></screen> | ||||
| <acronym>PHP</acronym> module:</para> | |||||
| <screen>&prompt.root; <userinput>apachectl graceful</userinput></screen> | <para>If any dependency packages need to be installed, they will | ||||
| be installed as well.</para> | |||||
| <para>The <acronym>PHP</acronym> support provided by | <para>By default, <acronym>PHP</acronym> will not be | ||||
| <package>www/mod_php56</package> is limited. Additional | enabled. The following lines will need to be added to | ||||
| support can be installed using the | the Apache configuration file located in | ||||
| <package>lang/php56-extensions</package> port which provides | <filename role="directory">/usr/local/etc/apache24</filename> | ||||
| a menu driven interface to the available | to make it active:</para> | ||||
Not Done Inline ActionsHow about simply "to activate it"? bcr: How about simply "to activate it"? | |||||
Done Inline ActionsThis is definitely less wordy, I'm trying to avoid ending a sentence with a preposition. :) Maybe "to activate the new configuration" ? Or just leave it as is for now? trhodes: This is definitely less wordy, I'm trying to avoid ending a sentence with a preposition. :)… | |||||
| <acronym>PHP</acronym> extensions.</para> | |||||
| <para>Alternatively, individual extensions can be installed | <programlisting><FilesMatch "\.php$"> | ||||
| using the appropriate port. For instance, to add | SetHandler application/x-httpd-php | ||||
| <acronym>PHP</acronym> support for the | </FilesMatch> | ||||
| <application>MySQL</application> database server, install | <FilesMatch "\.phps$"> | ||||
| <package>databases/php56-mysql</package>.</para> | SetHandler application/x-httpd-php-source | ||||
| </FilesMatch></programlisting> | |||||
| <para>After installing an extension, the | <para>In addition, the <option>DirectoryIndex</option> in | ||||
| <application>Apache</application> server must be reloaded to | the configuration file will also need to be updated | ||||
| pick up the new configuration changes:</para> | and Apache will either need to be restarted or reloaded | ||||
| for the changes to take effect.</para> | |||||
| <para>Support for many of the <acronym>PHP</acronym> | |||||
| features may also be installed by using | |||||
| <command>pkg</command>. For example, to install | |||||
| support for <acronym>XML</acronym> or | |||||
| <acronym>SSL</acronym>, install their respective | |||||
| ports:</para> | |||||
| <screen>&prompt.root; <userinput>pkg install php74-xml php74-openssl</userinput></screen> | |||||
| <para>As before, the Apache configuration will need to be | |||||
| reloaded for the changes to take effect, even in cases | |||||
| where it was just a module install.</para> | |||||
| <para>To perform a graceful restart to reload the | |||||
| configuration, issue the following command:</para> | |||||
| <screen>&prompt.root; <userinput>apachectl graceful</userinput></screen> | <screen>&prompt.root; <userinput>apachectl graceful</userinput></screen> | ||||
| <para>Once the install is complete, there are two methods of | |||||
| obtaining the installed <acronym>PHP</acronym> support modules | |||||
| and the environmental information of the build. The first is | |||||
| to install the full <acronym>PHP</acronym> binary and running | |||||
| the command to gain the information:</para> | |||||
| <screen>&prompt.root; <userinput>pkg install php74</userinput></screen> | |||||
| <screen>&prompt.root; <userinput>php -i |less</userinput></screen> | |||||
| <para>It is necessary to pass the output to a pager, such as | |||||
| the <command>more</command> or <command>less</command> to | |||||
| easier digest the amount of output.</para> | |||||
| <para>Finally, to make any changes to the global configuration | |||||
| of <acronym>PHP</acronym> there is a well documented file | |||||
| installed into | |||||
| <filename role="directory">/usr/local/etc/php.ini</filename>. | |||||
| At the time of install, this file will not exist because there | |||||
| are two versions to choose from, one is | |||||
| <filename>php.ini-development</filename> and the other is | |||||
| <filename>php.ini-production</filename>. These are starting | |||||
| points to assist administrators in their deployment.</para> | |||||
| </sect3> | </sect3> | ||||
| </sect2> | </sect2> | ||||
| <sect2> | <sect2> | ||||
| <title>Dynamic Websites</title> | <title>Dynamic Websites</title> | ||||
| <indexterm> | <indexterm> | ||||
| <primary>web servers</primary> | <primary>web servers</primary> | ||||
| ▲ Show 20 Lines • Show All 1,067 Lines • Show Last 20 Lines | |||||
s/recommend/recommended/