Author: Sture

rsync

rsync

Description

rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License and is currently being maintained by Wayne Davison.

WWW: http://rsync.samba.org/

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Install the rsync port with:

[root@server /usr/home/user]# pkg install net/rsync [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        rsync: 3.1.2_7

Number of packages to be installed: 1

298 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
[1/1] Fetching rsync-3.1.2_7.txz: 100%  298 KiB 305.3kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing rsync-3.1.2_7...
Extracting rsync-3.1.2_7: 100%
[root@server /usr/home/user]#

Configuration

List installed services with:

[root@server /usr/home/user]# service -r | grep rsync [enter]
/usr/local/etc/rc.d/rsyncd
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf:

[root@server /usr/home/user]# /usr/local/etc/rc.d/rsyncd rcvar [enter]
# rsyncd
#
rsyncd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start rsync automatically on system boot with –ipv4 as the prefered option add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# rsync using IPv4' >> /etc/rc.conf; echo 'rsyncd_enable="YES"' >> /etc/rc.conf; echo 'rsyncd_flags="--ipv4"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

If you run rsyncd manually and your server only uses IPv4, then make sure you add the “–ipv4” argument to the manual start command_args with:

[root@server /usr/home/user]# perl -pi -e 's/--daemon/--ipv4 --daemon/g' /usr/local/etc/rc.d/rsyncd [enter]
[root@server /usr/home/user]#

Create a logfile with:

[root@server /usr/home/user]# touch /var/log/rsyncd.log [enter]
[root@server /usr/home/user]#

Automatically rotate /var/log/rsyncd.log log file with:

[root@server /usr/home/user]# echo '/var/log/rsyncd.log                     600  9   100000 *     Z' >> /etc/newsyslog.conf [enter]
[root@server /usr/home/user]#

Create the rsync Secret File with:

[root@server /usr/home/user]# ee /usr/local/etc/rsync/rsyncd.secrets [enter]

Add the following text, example:

tridge:passwd1
susan:passwd2

Make file /usr/local/etc/rsync/rsyncd.secrets non-world readable with:

[root@server /usr/home/user]# chmod 440 /usr/local/etc/rsync/rsyncd.secrets [enter]
[root@server /usr/home/user]#

…and then set owner and group with:

[root@server /usr/home/user]# chown root:wheel /usr/local/etc/rsync/rsyncd.secrets [enter]
[root@server /usr/home/user]#

Create group rsync and user rsync with:

[root@server /usr/home/user]# pw group add -n rsync -g 4002; pw user add -n rsync -u 4002 -c "rsync daemon" -d /nonexistent -s /usr/sbin/nologin [enter]
[root@server /usr/home/user]#

The rsync group is added to /etc/group and should look similar to the following:

[root@server /usr/home/user]# grep rsync /etc/group [enter]
rsync:*:4002:
[root@server /usr/home/user]#

The rsync user is added to /etc/passwd and should look similar to the following:

[root@server /usr/home/user]# grep rsync /etc/passwd [enter]
rsync:*:4002:4002:rsync daemon:/nonexistent:/usr/sbin/nologin
[root@server /usr/home/user]#

Edit file /usr/local/etc/rsync/rsyncd.conf with:

[root@server /usr/home/user]# ee /usr/local/etc/rsync/rsyncd.conf [enter]

Example:

# rsyncd.conf - Example file, see rsyncd.conf(5)
#

# Set this if you want to stop rsync daemon with rc.d scripts
pid file = /var/run/rsyncd.pid

# Edit this file before running rsync daemon!!

#uid = rsync
#gid = rsync
#use chroot = no
#max connections = 4
#syslog facility = local5

#[ftp]
#       path = /var/ftp/pub
#       comment = whole ftp area (approx 6.1 GB)

#[sambaftp]
#       path = /var/ftp/pub/samba
#       comment = Samba ftp area (approx 300 MB)

#[rsyncftp]
#       path = /var/ftp/pub/rsync
#       comment = rsync ftp area (approx 6 MB)

#[sambawww]
#       path = /public_html/samba
#       comment = Samba WWW pages (approx 240 MB)

#[cvs]
#       path = /data/cvs
#       comment = CVS repository (requires authentication)
#       auth users = tridge, susan
#       secrets file = /usr/local/etc/rsync/rsyncd.secrets

Manually Start

Manualy start the rsyncd with:

[root@server /usr/home/user]# service rsyncd start [enter]
Starting rsyncd.
[root@server /usr/home/user]#

View rsyncd status with:

[root@server /usr/home/user]# service rsyncd status [enter]
rsyncd is running as pid 902.
[root@server /usr/home/user]#
[root@server /usr/home/user]# ps aux | grep rsync  [enter]
root    3527   0.0  0.0 12808  2448  -  Ss   10:36PM   0:00.00 /usr/local/bin/rsync --ipv4 --ipv4 --daemon --config /usr/local/etc/
root    3535   0.0  0.0 18824  2332  0  S+   10:37PM   0:00.00 grep rsync
[root@server /usr/home/user]#
[root@server /usr/home/user]# sockstat | grep rsync [enter]
root     rsync      3527  3  dgram  -> /var/run/logpriv
root     rsync      3527  4  tcp4   *:873                 *:*
[root@server /usr/home/user]#

Verify that you can connect to the daemon with:

[root@server /usr/home/user]# telnet localhost 873 [enter]
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
@RSYNCD: 30.0
[root@server /usr/home/user]#

rsync Client Setup

N.B.: You may have to install rsync on the client as well!

Create a password file for user user with:

[root@server /usr/home/user]# echo "passwd" > /usr/local/etc/rsyncd.passwd_user [enter]
[root@server /usr/home/user]#

Note: Echo password ONLY! Do NOT echo username!

Make file /usr/local/etc/rsyncd.passwd_user non-world readable with:

[root@server /usr/home/user]# chmod 440 /usr/local/etc/rsyncd.passwd_user [enter]
[root@server /usr/home/user]#

Set owner and group with:

[root@server /usr/home/user]# chown root:wheel /usr/local/etc/rsyncd.passwd_user [enter]
[root@server /usr/home/user]#

Howto use

You use rsync in the same way you use rcp. You must specify a source and a destination, one of which may be remote.

This is a syntax example for a manual file transfer from a remote host:

[root@server /usr/home/user]# rsync -avz --delete --stats --safe-links --password-file=/usr/local/etc/rsyncd.passwd_user user@192.168.1.100::ftp /var/ftp/pub/ [enter]

This is a syntax example for a manual file transfer to a remote host:

[root@server /usr/home/user]# rsync -avz --delete --stats --safe-links --password-file=/usr/local/etc/rsyncd.passwd_user /var/ftp/pub/ user@192.168.1.100::ftp [enter]

rsync can execute commands on the remote computer to generate a list of files to copy. The shell command is expanded by the remote shell before rsync is called.

The following command will run a find command on the remote host in directory ‘/tmp/test’ and rsync all “txt” files it finds to directory ‘/temp/test/’ on the local host:

[root@server /usr/home/user]# rsync -avR ssh user@remotehost:'`find /tmp/test -name "*.[txt]"`' /tmp/test/ [enter]

rsync to Remote Server without Password

No-password authentication works because of public key crypto. Let’s say you have a local machine server and a remote machine remote. You want to be able to ssh from server to remote without having to enter your password.

The server remote in this document is the server that has files that is to be transferred to the local server server.

The server server in this document is the local server that will receive files from the remote server remote.

First step is to prepare the remote server remote by generate a public/private RSA key pair.

Next, we generate a public/private RSA key pair on on the local server, server and then we send the public key to the remote server, remote, so that remote knows that the server key belongs to a list of authorized keys. Then when we try to ssh from server to remote, RSA authentication is performed automatically.

On the Remote Server remote:

Generate keys on the remote server, remote as the user that will be connect to from the local server server:

[user@remote ~]$ ssh-keygen -t dsa -f ~/.ssh/id_dsa [enter]

NOTE: When prompted for a password, do NOT enter one, just press [enter]!

Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): [enter]
Enter same passphrase again: [enter]
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff user@remote.example.net
The key's randomart image is:
+--[ DSA 1024]----+
|.B+o . |
|.+= + . |
|o... . |
|.... |
| . .... S |
| .o+o . . |
| E += |
| ..o |
| . |
+-----------------+
[user@remote ~]$

This will create folder /usr/home/.ssh if it do not exist, generate a password-less key /usr/home/.ssh/id_dsa, and a public key /usr/home/.ssh/id_dsa.pub.

On the Local Server server:

Generate keys on the local server, server as the user that will perform the ssh connection to the remote server:

[user@server ~]$ ssh-keygen -t dsa -f ~/.ssh/id_dsa [enter]

NOTE: When prompted for a password, do NOT enter one, just press [enter]!

Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): [enter]
Enter same passphrase again: [enter]
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff user@server.example.net
The key's randomart image is:
+--[ DSA 1024]----+
|.B+o . |
|.+= + . |
|o... . |
|.... |
| . .... S |
| .o+o . . |
| E += |
| ..o |
| . |
+-----------------+
[user@server ~]$

This will create folder /usr/home/.ssh if it do not exist, generate a password-less key /usr/home/.ssh/id_dsa, and a public key /usr/home/.ssh/id_dsa.pub.

Copy the id_dsa.pub key over to the remote server, remote:

[user@server ~]$ scp ~/.ssh/id_dsa.pub user@remote.example.net:~/.ssh/server.pub [enter]
The authenticity of host 'remote.example.net (192.168.1.3)' can't be established.
DSA key fingerprint is ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff.
Are you sure you want to continue connecting (yes/no)? yes [enter]
Warning: Permanently added 'remote.example.net' (DSA) to the list of known hosts.
Password: ******* [enter]
id_dsa.pub                                    100%  622     0.6KB/s   00:00    
[user@server ~]$

Next, log in to remote server, remote, as the user that will perform the ssh connections:

[user@server ~]$ ssh user@remote.example.net
Password: ******* [enter]
Last login: Thu May 22 20:47:16 2009 from server.example.net
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
 The Regents of the University of California. All rights reserved.

Welcome to remote.example.net/192.168.1.nn Running FreeBSD 11.0-RELEASE!
[user@remote ~]$

Add the public key from server to the list of authorized keys on remote with:

[user@remote ~]$ cat ~/.ssh/server.pub >> ~/.ssh/authorized_keys [enter]
[user@remote ~]$

..and to protect the file ‘authorized_keys file from beeng changed do:

[user@remote ~]$ chmod 640 ~/.ssh/authorized_keys [enter]
[user@remote ~]$

Delete the transferd key file with:

[user@remote ~]$ rm -f ~/.ssh/server.pub [enter]
[user@remote ~]$

At this point the remote server remote should accept a password-less login from local server server by the user user.

If the ssh connection is to be performed as user root the following extra configuration must be performed to permit root to login:

[root@server ~]$ su - [enter]
Password: ****** [enter]
[root@server /usr/home/user]#
[root@server /usr/home/user]# ee /etc/ssh/sshd_config [enter]

Go to line 45:

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

…and edit line 45 to look like this:

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

Save file /etc/sshd_config and exit to local server server with:

[root@server /usr/home/user]# exit [enter]
logout
[techpc@remote ~]$ exit [enter]
Connection to remote.example.net closed.
[user@server ~]$

To verify that the password-less ssh login to the remote server remote from the local server, server, works:

[user@server ~]$ ssh user@remote.example.net

…should – without any password request – result in somthing like this example:

Last login: Sat Feb 19 16:32:09 2011 from 192.168.1.101
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.  All rights reserved.

FreeBSD 11.0-RELEASE (GENERIC) #0: Mon Jul 19 02:36:49 UTC 2010

Welcome to remote.example.net running FreeBSD 8.1-RELEASE!
[user@remote ~]$

We have successfully logged on to remote!

Issue the following command to log out from remote server remote:

[user@remote ~]$ exit [enter]
Connection to remote.example.net closed.
[user@server ~]$

To backup directory /srv/test on remote server remote to local server server issue the following command, example:

[user@server ~]$ /usr/local/bin/rsync -aquz -e "ssh -l user" remote.example.net:/srv/test/ /srv/test/

rsync – synchronizing two file trees

This section describes how to use rsync to synchronize file trees on two servers.

Remote Server Setup

In this example, we’re going to be using a remote rsync server containing the file tree that we like to syncronize with.

On the remote server edit file /usr/local/etc/rsyncd.conf with:

[root@server /usr/home/user]# ee /usr/local/etc/rsyncd.conf [enter]

Edit file, example:

#
# rsyncd.conf
#
uid             = nobody
gid             = nobody
use chroot      = yes
max connections = 4
syslog facility = local5
pid file        = /var/run/rsyncd.pid

[example]
  path          = /srv/example/
  comment       = all of the example
  auth users    = tridge, susan
  secrets file  = /usr/local/etc/rsyncd.secrets

Make /usr/local/etc/rsyncd.conf non-world readable with:

[root@server /usr/home/user]# chmod 640 /usr/local/etc/rsyncd.conf [enter]
[root@server /usr/home/user]#

On the remote server create file /usr/local/etc/rsyncd.secrets with:

[root@server /usr/home/user]# ee /usr/local/etc/rsyncd.secrets [enter]

Edit file, example:

#
# rsyncd.secrets
#
tridge:mypass
susan:herpass

Make /usr/local/etc/rsyncd.secrets non-world readable with:

[root@server /usr/home/user]# chmod 640 /usr/local/etc/rsyncd.secrets [enter]
[root@server /usr/home/user]#

Local Server Setup

rsync should have been installed on the local server too.

Manually synchronize files using ssh with:

[root@server /usr/home/user]# rsync -e ssh -avz --delete susan@remote.example.net:example /srv/example [enter]
Password: ****** [enter]
receiving file list ... done
[root@server /usr/home/user]#

Additional Reading

Backup FreeNAS Files Remotely Using FreeBSD and rsync

phpSysInfo

phpSysInfo

Description

phpSysInfo is a PHP script that displays information about the host being accessed. It will displays things like Uptime, CPU, Memory, SCSI, IDE, PCI, Ethernet, Floppy, and Video Information.

WWW: http://phpsysinfo.github.io/phpsysinfo/.

Requirements

The following applications must be installed, configured and running:

  1. Apache HTTP Server
  2. PHP (v. 7.0)
  3. GNU wget

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Download

[root@server /usr/home/user]# wget https://github.com/phpsysinfo/phpsysinfo/archive/v3.2.7.tar.gz
--2017-02-20 19:03:01--  https://github.com/phpsysinfo/phpsysinfo/archive/v3.2.7.tar.gz
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/phpsysinfo/phpsysinfo/tar.gz/v3.2.7 [following]
--2017-02-20 19:03:01--  https://codeload.github.com/phpsysinfo/phpsysinfo/tar.gz/v3.2.7
Resolving codeload.github.com (codeload.github.com)... 192.30.253.120, 192.30.253.121
Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 986821 (964K) [application/x-gzip]
Saving to: ‘v3.2.7.tar.gz’

v3.2.7.tar.gz       100%[===================>] 963,69K   837KB/s    in 1,2s    

2017-02-20 19:03:03 (837 KB/s) - ‘v3.2.7.tar.gz’ saved [986821/986821]

[root@server /usr/home/user]#

Installation

Extract file v3.2.7.tar.gz to /usr/local/www/ with:

[root@server /usr/home/user]# tar -zxvf v3.2.7.tar.gz  -C /usr/local/www/ [enter]
[root@server /usr/home/user]#

Delete file v3.2.7.tar.gz with:

[root@server /usr/home/user]# rm v3.2.7.tar.gz [enter]
[root@server /usr/home/user]#

Install shared php extension php70-mbstring and php70-xml with:

[root@server /usr/home/user]# pkg install php70-mbstring php70-xml [enter]
[root@server /usr/home/user]#

Configuration

Create a configure file for phpSysInfo with:

[root@server /usr/home/user]# cp /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini.new /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini [enter]
[root@server /usr/home/user]#

Edit file /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini if needed with: with:

[root@server /usr/home/user]# ee /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini

To make phpsysinfo available through the local web site:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/Includes/phpsysinfo.conf

…and add the following text:

Alias /phpsysinfo/ "/usr/local/www/phpsysinfo-3.2.7/"
<Directory "/usr/local/www/phpsysinfo-3.2.7/">
  AllowOverride All
  Require all granted
</Directory&gt

Restart apache24 with:

[root@server /usr/home/user]# service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 1302.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

How to use

Start a browser and go to URL: http://server.example.net/phpsysinfo/.

phpMyAdmin with PHP v. 7.0

phpMyAdmin with PHP v. 7.0

Description

phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc) can be performed via the user interface, while you still have the ability to directly execute any SQL statement.

WWW: http://www.phpmyadmin.net.

Requirentments

The following applications must be installed, configured and running before installation of phpMyAdmin:

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Warning!

N.B.: Do NOT install phpMyAdmin from port if the PHP version installed is > 5.6!

Verify version of PHP installed with:

[root@server /usr/home/user]# php -v [enter]
PHP 7.0.15 (cli) (built: Jan 24 2017 01:18:59) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.15, Copyright (c) 1999-2017, by Zend Technologies
[root@server /usr/home/user]#

In this example PHP version 7.0 is installed. Due to this phpMyAdmin will be downloaded from the phpMyAdmin site.

Download and Verification

[root@server /usr/home/user]# wget https://files.phpmyadmin.net/phpMyAdmin/4.6.6/phpMyAdmin-4.6.6-all-languages.zip [enter]
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 185.59.222.19
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|185.59.222.19|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11349727 (11M) [application/zip]
Saving to: ‘phpMyAdmin-4.6.6-all-languages.zip’

phpMyAdmin-4.6.6-al 100%[===================>]  10,82M  2,62MB/s    in 4,3s    

2017-02-22 00:00:00 (2,55 MB/s) - ‘phpMyAdmin-4.6.6-all-languages.zip’ saved [11349727/11349727]

[root@server /usr/home/user]#
[root@server /usr/home/user]# wget https://files.phpmyadmin.net/phpMyAdmin/4.6.6/phpMyAdmin-4.6.6-all-languages.zip.asc [enter]
--2017-02-22 12:12:36--  https://files.phpmyadmin.net/phpMyAdmin/4.6.6/phpMyAdmin-4.6.6-all-languages.zip.asc
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 185.76.9.11
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|185.76.9.11|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819 [application/octet-stream]
Saving to: ‘phpMyAdmin-4.6.6-all-languages.zip.asc’

phpMyAdmin-4.6.6-al 100%[===================>]     819  --.-KB/s    in 0s      

2017-02-22 00:00:00 (61,9 MB/s) - ‘phpMyAdmin-4.6.6-all-languages.zip.asc’ saved [819/819]
[root@server /usr/home/user]#

Download the keyring from the phpMyAdmin download server with:

[root@server /usr/home/user]# wget https://files.phpmyadmin.net/phpmyadmin.keyring [enter]
--2017-02-22 12:49:01--  https://files.phpmyadmin.net/phpmyadmin.keyring
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 185.76.9.11
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|185.76.9.11|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 34198 (33K) [application/octet-stream]
Saving to: ‘phpmyadmin.keyring’

phpmyadmin.keyring  100%[===================>]  33,40K  --.-KB/s    in 0,006s  

2017-02-22 00:00:00 (5,27 MB/s) - ‘phpmyadmin.keyring’ saved [34198/34198]
[root@server /usr/home/user]#

…and then import the keyring data with:

[root@server /usr/home/user]# gpg --import phpmyadmin.keyring [enter]
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 9C27B31342B7511D: public key "Michal Čihař <michal@cihar.com>" imported
gpg: key FEFC65D181AF644A: public key "Marc Delisle <marc@infomarc.info>" imported
gpg: key CE752F178259BD92: public key "Isaac Bennetch <bennetch@gmail.com>" imported
gpg: key DA68AB39218AB947: public key "phpMyAdmin Security Team <security@phpmyadmin.net>" imported
gpg: Total number processed: 4
gpg:               imported: 4
[root@server /usr/home/user]#

N.B.: Verify the public keys corresponds with the information publiced the phpMyAdmin web site: Verifying phpMyAdmin releases.

[root@server /usr/home/user]# gpg --verify phpMyAdmin-4.6.6-all-languages.zip.asc [enter]
gpg: assuming signed data in 'phpMyAdmin-4.6.6-all-languages.zip'
gpg: Signature made Mon 23 Jan 20:22:46 2017 CET
gpg:                using RSA key CE752F178259BD92
gpg: Good signature from "Isaac Bennetch <bennetch@gmail.com>" [unknown]
gpg:                 aka "Isaac Bennetch <isaac@bennetch.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3D06 A59E CE73 0EB7 1B51  1C17 CE75 2F17 8259 BD92
[root@server /usr/home/user]#

Beginning in January 2016, the release manager for phpMyAdmin is Isaac Bennetch. His RSA key id is:

CE752F178259BD92

…and his PGP primary key fingerprint is:

3D06 A59E CE73 0EB7 1B51 1C17 CE75 2F17 8259 BD92

You should verify that the signature matches the archive you have downloaded. This way you can be sure that you are using the same code that was released. You should also verify the date of the signature to make sure that you downloaded the latest version.

Installation

Extract file phpMyAdmin-4.6.6-all-languages.zip to /usr/local/www/ with:

[root@server /usr/home/user]# unzip phpMyAdmin-4.6.6-all-languages.zip  -d /usr/local/www [enter]
Archive:  phpMyAdmin-4.6.6-all-languages.zip
   creating: /usr/local/www/phpMyAdmin-4.6.6-all-languages/
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/CONTRIBUTING.md  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/ChangeLog  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/DCO  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/LICENSE  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/README  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/RELEASE-DATE-4.6.6  
.
.
.
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/url.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/user_password.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/version_check.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/view_create.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/view_operations.ph  |
[root@server /usr/home/user]#

Delete file phpMyAdmin-4.6.6-all-languages.zip with:

[root@server /usr/home/user]# rm phpMyAdmin-4.6.6-all-languages.zip [enter]
[root@server /usr/home/user]#

Rename folder /usr/local/www/phpMyAdmin-4.6.6-all-languages to /usr/local/www/phpMyAdmin with:

[root@server /usr/home/user]# mv /usr/local/www/phpMyAdmin-4.6.6-all-languages /usr/local/www/phpMyAdmin [enter]
[root@server /usr/home/user]#

N.B.: Only not installed required PHP shared extension will be installed with the following command!

Install shared PHP extension required by phpMyAdmin with:

[root@server /usr/home/user]# pkg install php70-session php70-xml php70-bz2 php70-ctype php70-filter php70-zip php70-openssl php70-gd php70-mcrypt php70-mbstring php70-mysqli php70-json php70-zlib [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 9 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	php70-session: 7.0.15
	php70-bz2: 7.0.15
	php70-ctype: 7.0.15
	php70-openssl: 7.0.15
	php70-mcrypt: 7.0.15
	php70-mbstring: 7.0.15
	php70-json: 7.0.15
	libltdl: 2.4.6
	libmcrypt: 2.5.8_3

Number of packages to be installed: 9

The process will require 5 MiB more space.
988 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching php70-session-7.0.15.txz: 100%   32 KiB  32.3kB/s    00:01    
Fetching php70-bz2-7.0.15.txz: 100%   11 KiB  11.0kB/s    00:01    
Fetching php70-ctype-7.0.15.txz: 100%    7 KiB   6.8kB/s    00:01    
Fetching php70-openssl-7.0.15.txz: 100%   44 KiB  44.7kB/s    00:01    
Fetching php70-mcrypt-7.0.15.txz: 100%   15 KiB  14.9kB/s    00:01    
Fetching php70-mbstring-7.0.15.txz: 100%  712 KiB 728.9kB/s    00:01    
Fetching php70-json-7.0.15.txz: 100%   19 KiB  19.9kB/s    00:01    
Fetching libltdl-2.4.6.txz: 100%   36 KiB  36.6kB/s    00:01    
Fetching libmcrypt-2.5.8_3.txz: 100%  114 KiB 116.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/9] Installing libltdl-2.4.6...
[1/9] Extracting libltdl-2.4.6: 100%
[2/9] Installing libmcrypt-2.5.8_3...
[2/9] Extracting libmcrypt-2.5.8_3: 100%
[3/9] Installing php70-session-7.0.15...
[3/9] Extracting php70-session-7.0.15: 100%
[4/9] Installing php70-bz2-7.0.15...
[4/9] Extracting php70-bz2-7.0.15: 100%
[5/9] Installing php70-ctype-7.0.15...
[5/9] Extracting php70-ctype-7.0.15: 100%
[6/9] Installing php70-openssl-7.0.15...
[6/9] Extracting php70-openssl-7.0.15: 100%
[7/9] Installing php70-mcrypt-7.0.15...
[7/9] Extracting php70-mcrypt-7.0.15: 100%
[8/9] Installing php70-mbstring-7.0.15...
[8/9] Extracting php70-mbstring-7.0.15: 100%
[9/9] Installing php70-json-7.0.15...
[9/9] Extracting php70-json-7.0.15: 100%
Message from libmcrypt-2.5.8_3:
===>   NOTICE:

The libmcrypt port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from php70-session-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-18-session.ini
configuration file to automatically load the installed extension:

extension=session.so

****************************************************************************
Message from php70-bz2-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-bz2.ini
configuration file to automatically load the installed extension:

extension=bz2.so

****************************************************************************
Message from php70-ctype-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-ctype.ini
configuration file to automatically load the installed extension:

extension=ctype.so

****************************************************************************
Message from php70-openssl-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-openssl.ini
configuration file to automatically load the installed extension:

extension=openssl.so

****************************************************************************
Message from php70-mcrypt-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-mcrypt.ini
configuration file to automatically load the installed extension:

extension=mcrypt.so

****************************************************************************
Message from php70-mbstring-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-mbstring.ini
configuration file to automatically load the installed extension:

extension=mbstring.so

****************************************************************************
Message from php70-json-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-json.ini
configuration file to automatically load the installed extension:

extension=json.so

****************************************************************************
[root@server /usr/home/user]#

Configuration

Change file owner and group recursively for /usr/local/www/phpMyAdmin with:

[root@server /usr/home/user]# chown -R www:www /usr/local/www/phpMyAdmin [enter]
[root@server /usr/home/user]#

To make phpMyAdmin available on the web site:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/Includes/phpmyadmin.conf [enter]

Add the following lines;

Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
  AllowOverride All
  Require all granted
</Directory>

…the restart the apache24 service with:

[root@server /usr/home/user]# service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 12555.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

N.B.: The phpMyAdmin documentation is stored on your server at: http://www.example.com/phpmyadmin/doc/html/!

Start your browser and go to: http://server.example.net/phpmyadmin/setup/

Login as the MySQL root user and complete the configured by enabling the phpMyAdmin extended features.

Create file /usr/local/www/phpMyAdmin/config.inc.php with:

[root@server /usr/home/user]# ee /usr/local/www/phpMyAdmin/config.inc.php [enter]

…and copy the following text – example – that was created for you:

<?php
/*
 * Generated configuration file
 * Generated by: phpMyAdmin 4.6.6 setup script
 * Date: Tue, 22 Feb 2017 00:00:00 +0000
 */

/* Servers configuration */
$i = 0;

/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = true;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';

/* End of servers configuration */

$cfg['blowfish_secret'] = '----------------------------------';
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
?>
GnuPG – The GNU Privacy Guard (modern version)

GnuPG – The GNU Privacy Guard (modern version)

Description

GnuPG is a complete and free replacement for PGP. This is the “modern” version.

GnuPG allows encrypting and signing your data and communication, and features a versatile key management system as well as access modules for many public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

WWW: https://www.gnupg.org/.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Install GnuPG with;

[root@server /usr/home/user]# pkg install gnupg [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gnupg: 2.1.16
	libgpg-error: 1.26
	libassuan: 2.4.3
	npth: 1.3
	libgcrypt: 1.7.6
	pinentry: 1.0.0
	pinentry-tty: 1.0.0
	libksba: 1.3.5

Number of packages to be installed: 8

The process will require 14 MiB more space.
3 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching gnupg-2.1.16.txz: 100%    2 MiB   1.8MB/s    00:01    
Fetching libgpg-error-1.26.txz: 100%  172 KiB 176.1kB/s    00:01    
Fetching libassuan-2.4.3.txz: 100%   76 KiB  77.4kB/s    00:01    
Fetching npth-1.3.txz: 100%   20 KiB  20.6kB/s    00:01    
Fetching libgcrypt-1.7.6.txz: 100%  683 KiB 699.7kB/s    00:01    
Fetching pinentry-1.0.0.txz: 100%   16 KiB  16.6kB/s    00:01    
Fetching pinentry-tty-1.0.0.txz: 100%   27 KiB  27.7kB/s    00:01    
Fetching libksba-1.3.5.txz: 100%  156 KiB 159.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/8] Installing libgpg-error-1.26...
[1/8] Extracting libgpg-error-1.26: 100%
[2/8] Installing libassuan-2.4.3...
[2/8] Extracting libassuan-2.4.3: 100%
[3/8] Installing pinentry-tty-1.0.0...
[3/8] Extracting pinentry-tty-1.0.0: 100%
[4/8] Installing npth-1.3...
[4/8] Extracting npth-1.3: 100%
[5/8] Installing libgcrypt-1.7.6...
[5/8] Extracting libgcrypt-1.7.6: 100%
[6/8] Installing pinentry-1.0.0...
[6/8] Extracting pinentry-1.0.0: 100%
[7/8] Installing libksba-1.3.5...
[7/8] Extracting libksba-1.3.5: 100%
[8/8] Installing gnupg-2.1.16...
[8/8] Extracting gnupg-2.1.16: 100%
Message from gnupg-2.1.16:
###############################################################################
				A T T E N T I O N

In order to use gpg-agent, you need to install a pinentry dialog.

The following ports of pinentry dialogs are available:

security/pinentry-curses	(ncurses based dialog)
security/pinentry-gtk2		(GTK 2.x based dialog)
security/pinentry-qt4		(QT4 based dialog)
security/pinentry-tty		(console based dialog)

###############################################################################
[root@server /usr/home/user]#

Configuration

Create required directories with:

[root@server /usr/home/user]# gpg --verify dummy.asc [enter]
gpg: Warning: using insecure memory!
gpg: directory '/root/.gnupg' created
gpg: new configuration file '/root/.gnupg/dirmngr.conf' created
gpg: new configuration file '/root/.gnupg/gpg.conf' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: can't open 'dummy.asc': No such file or directory
gpg: verify signatures failed: No such file or directory
[root@server /usr/home/user]#

How to Use

[root@server /usr/home/user]# gpg --help [enter]
gpg: directory '/root/.gnupg' created
gpg: new configuration file '/root/.gnupg/dirmngr.conf' created
gpg: new configuration file '/root/.gnupg/gpg.conf' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg (GnuPG) 2.1.16
libgcrypt 1.7.6
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data

Commands:
 
 -s, --sign                 make a signature
     --clearsign            make a clear text signature
 -b, --detach-sign          make a detached signature
 -e, --encrypt              encrypt data
 -c, --symmetric            encryption only with symmetric cipher
 -d, --decrypt              decrypt data (default)
     --verify               verify a signature
 -k, --list-keys            list keys
     --list-sigs            list keys and signatures
     --check-sigs           list and check key signatures
     --fingerprint          list keys and fingerprints
 -K, --list-secret-keys     list secret keys
     --gen-key              generate a new key pair
     --quick-gen-key        quickly generate a new key pair
     --quick-adduid         quickly add a new user-id
     --quick-revuid         quickly revoke a user-id
     --full-gen-key         full featured key pair generation
     --gen-revoke           generate a revocation certificate
     --delete-keys          remove keys from the public keyring
     --delete-secret-keys   remove keys from the secret keyring
     --quick-sign-key       quickly sign a key
     --quick-lsign-key      quickly sign a key locally
     --sign-key             sign a key
     --lsign-key            sign a key locally
     --edit-key             sign or edit a key
     --passwd               change a passphrase
     --export               export keys
     --send-keys            export keys to a keyserver
     --recv-keys            import keys from a keyserver
     --search-keys          search for keys on a keyserver
     --refresh-keys         update all keys from a keyserver
     --import               import/merge keys
     --card-status          print the card status
     --card-edit            change data on a card
     --change-pin           change a card's PIN
     --update-trustdb       update the trust database
     --print-md             print message digests
     --server               run in server mode
     --tofu-policy VALUE    set the TOFU policy for a key

Options:
 
 -a, --armor                create ascii armored output
 -r, --recipient USER-ID    encrypt for USER-ID
 -u, --local-user USER-ID   use USER-ID to sign or decrypt
 -z N                       set compress level to N (0 disables)
     --textmode             use canonical text mode
 -o, --output FILE          write output to FILE
 -v, --verbose              verbose
 -n, --dry-run              do not make any changes
 -i, --interactive          prompt before overwriting
     --openpgp              use strict OpenPGP behavior

(See the man page for a complete listing of all commands and options)

Examples:

 -se -r Bob [file]          sign and encrypt for user Bob
 --clearsign [file]         make a clear text signature
 --detach-sign [file]       make a detached signature
 --list-keys [names]        show keys
 --fingerprint [names]      show fingerprints

Please report bugs to <https://bugs.gnupg.org>.
[root@server /usr/home/user]#

 

You should always verify that the signature matches the archive you have downloaded. This way you can be sure that you are using the same code that was released.

For more information see: nixCraft: UNIX / Linux: PGP TarBall File Signature Keys Verification for more information.

WordPress with PHP v. 7.0

WordPress with PHP v. 7.0

Description

WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability.

More simply, WordPress is what you use when you want to work with your blogging software, not fight it.

WWW: http://wordpress.org/.

Requirements

The following applications must be installed, configured and running before installation of WordPress:

  1. Apache HTTP Server
  2. PHP (v. 7.0)
  3. MySQL DB Server
  4. GNUwget

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Warning!

N.B.: Do NOT install WordPress from port if the PHP version installed is > 5.6!

Verify version of PHP installed with:

[root@server /usr/home/user]# php -v <enter>
PHP 7.0.15 (cli) (built: Jan 24 2017 01:18:59) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.15, Copyright (c) 1999-2017, by Zend Technologies
[root@server /usr/home/user]#

In this example PHP version 7.0 is installed. Due to this WordPress will be downloaded from the WordPress site.

Download

Download the latest version of WordPress with:

[root@server /usr/home/user]# wget https://wordpress.org/latest.tar.gz <enter>
--2017-02-22 18:26:38--  https://wordpress.org/latest.tar.gz
Resolving wordpress.org (wordpress.org)... 66.155.40.249, 66.155.40.250
Connecting to wordpress.org (wordpress.org)|66.155.40.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7997959 (7,6M) [application/octet-stream]
Saving to: ‘latest.tar.gz’

latest.tar.gz       100%[===================>]   7,63M  1,74MB/s    in 6,0s    

2017-02-22 18:26:45 (1,27 MB/s) - ‘latest.tar.gz’ saved [7997959/7997959]

[root@server /usr/home/user]#

Installation

Extract file latest.tar.gz to /usr/local/www/ with:

[root@server /usr/home/user]# tar -xzvf latest.tar.gz  -C /usr/local/www <enter>
x wordpress/
x wordpress/wp-settings.php
x wordpress/wp-cron.php
x wordpress/wp-comments-post.php
x wordpress/wp-activate.php
x wordpress/wp-admin/
.
.
x wordpress/wp-includes/comment.php
x wordpress/wp-includes/class-wp-text-diff-renderer-table.php
x wordpress/wp-config-sample.php
[root@server /usr/home/user]#

Delete file latest.tar.gz with:

[root@server /usr/home/user]# rm latest.tar.gz <enter>
[root@server /usr/home/user]#

N.B.: Only not installed required PHP shared extension will be installed with the following command!

Install shared PHP extension required by phpMyAdmin with:

[root@server /usr/home/user]# pkg install curl php70-curl libnghttp2 php70-gd php70-hash php70-xml php70-tokenizer php70-mysqli php70-zip php70-ftp php70-zlib <enter>
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	curl: 7.52.1_1
	php70-curl: 7.0.15
	libnghttp2: 1.18.0
	php70-ftp: 7.0.15

Number of packages to be installed: 4

The process will require 4 MiB more space.
1 MiB to be downloaded.

Proceed with this action? [y/N]: y <enter>
Fetching curl-7.52.1_1.txz: 100%    1 MiB   1.1MB/s    00:01    
Fetching php70-curl-7.0.15.txz: 100%   26 KiB  26.8kB/s    00:01    
Fetching libnghttp2-1.18.0.txz: 100%  104 KiB 106.4kB/s    00:01    
Fetching php70-ftp-7.0.15.txz: 100%   22 KiB  22.4kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/4] Installing libnghttp2-1.18.0...
[1/4] Extracting libnghttp2-1.18.0: 100%
[2/4] Installing curl-7.52.1_1...
[2/4] Extracting curl-7.52.1_1: 100%
[3/4] Installing php70-curl-7.0.15...
[3/4] Extracting php70-curl-7.0.15: 100%
[4/4] Installing php70-ftp-7.0.15...
[4/4] Extracting php70-ftp-7.0.15: 100%
Message from php70-curl-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-curl.ini
configuration file to automatically load the installed extension:

extension=curl.so

****************************************************************************
Message from php70-ftp-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-ftp.ini
configuration file to automatically load the installed extension:

extension=ftp.so

****************************************************************************
[root@server /usr/home/user]#

Configuration

Change file owner and group recursively for /usr/local/www/wordpress with:

[root@server /usr/home/user]# chown -R www:www /usr/local/www/wordpress <enter>
[root@server /usr/home/user]#

Change file modes recursively for /usr/local/www/wordpress with:

[root@server /usr/home/user]# chmod -R 755 /usr/local/www/wordpress <enter>
[root@server /usr/home/user]#

Enable the Apache rewrite_module with:

[root@server /usr/home/user]# perl -pi -e 's/#LoadModule rewrite_module/LoadModule rewrite_module/g' /usr/local/etc/apache24/httpd.conf <enter>
[root@server /usr/home/user]#

To make wordpress available on the web site:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/Includes/wordpress.conf <enter>

Add the following lines;

Alias /wp/ "/usr/local/www/wordpress/"
<Directory "/usr/local/www/wordpress/">
  AllowOverride All
  Require all granted
</Directory>

…the restart the apache24 service with:

[root@server /usr/home/user]# service apache24 restart <enter>
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 12555.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

Prepare MySQL Database

WordPress uses a relational database, such as MySQL, to manage and store site and user information.

Login to the MySQL database with:

[root@server /usr/home/user]# mysql -u root -p <enter>
Enter password: <-- password <enter>
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 422
Server version: 5.7.17-log Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Create a MySQL wordpress database with:

root@localhost [(none)]> CREATE DATABASE wordpress; &enter>
Query OK, 1 row affected (0,02 sec)

root@localhost [(none)]>

Create a MySQL user account wpadmin that WordPress will use to interact with the wordpress database with:

root@localhost [(none)]> CREATE USER wpadmin@localhost IDENTIFIED BY 'password'; &enter>
Query OK, 0 rows affected (0,44 sec)

root@localhost [(none)]>

 

Grant the WordPress wpadmin user full access to the wordpress database with:

 

root@localhost [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO wpadmin@localhost; &enter> Query OK, 0 rows affected (0,44 sec) root@localhost [(none)]>

Before this privileges change will go into effect, we must flush the privileges with:

root@localhost [(none)]> FLUSH PRIVILEGES; &enter>
Query OK, 0 rows affected (0,43 sec)

root@localhost [(none)]>

Exit the MySQL prompt with:

root@localhost [(none)]> exit &enter>
Bye
[root@server /usr/home/user]#

Make a copy of the WordPress sample configuration file with:

[root@server /usr/home/user]# cp /usr/local/www/wordpress/wp-config-sample.php /usr/local/www/wordpress/wp-config.php <enter>
[root@server /usr/home/user]#

Start editing file /usr/local/www/wordpress/wp-config.php with:

[root@server /usr/home/user]# ee /usr/local/www/wordpress/wp-config.php <enter>

…and update DB_NAME, DB_USER and DB_PASSWORD as in this example:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wpadmin');

/** MySQL database password */
define('DB_PASSWORD', 'password');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
?>

Authentication Unique Keys and Salts

You can generate the unique keys at: https://api.wordpress.org/secret-key/1.1/salt/

Run WordPress Installation Script

Start your browser and got to http://www.example.net/wp/ and complete the installation of WordPress.

GNU wget

GNU wget

Description

GNU wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive command-line tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.

GNU wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, including:

  • Can resume aborted downloads, using REST and RANGE
  • Can use filename wild cards and recursively mirror directories
  • NLS-based message files for many different languages
  • Optionally converts absolute links in downloaded documents to relative, so that downloaded documents may link to each other locally
  • Supports HTTP and SOCKS proxies
  • Supports HTTP cookies
  • Supports persistent HTTP connections
  • Unattended / background operation
  • Uses local file timestamps to determine whether documents need to be re-downloaded when mirroring
  • GNU wget is distributed under the GNU General Public License.

WWW: http://www.gnu.org/software/wget/wget.html

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Install

Install wget with:

[root@server /usr/home/user]# pkg install wget [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked)
New packages to be INSTALLED:
wget: 1.18_2

Number of packages to be installed: 1

The process will require 3 MiB more space.
578 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching wget-1.18_2.txz: 100% 578 KiB 592.0kB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing wget-1.18_2...
[1/1] Extracting wget-1.18_2: 100%
[root@server /usr/home/user]#

List all installed files with:

[root@server ~]# pkg info -l wget | less [enter]

Configure

No configuration required.

How to Use

Since Wget uses GNU getopt to process command-line arguments, every option has a long form along with the short one. Long options are more convenient to remember, but take time to type. You may freely mix different option styles, or specify options after the command-line arguments. Thus you may write:

[root@server ~]#  wget -r --tries=10 http://www.example.com/ -o log [enter]

The space between the option accepting an argument and the argument may be omitted. Instead of -o log you can write -olog.

MySQL DB Server

MySQL DB Server

Description

MySQL is a very fast, multi-threaded, multi-user and robust SQL (Structured Query Language) database server.

WWW: http://www.mysql.com.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for mysql57-server in the remote package repositories with:

[root@server /usr/home/user]# pkg search "mysql5" [enter]
mysql++-mysql56-3.2.2          Complex C++ API for MySQL56
mysql++1-mysql56-1.7.40_3      Complex C++ API for MySQL56
mysql-connector-odbc-unixodbc-mysql56-5.3.4_1 ODBC driver for MySQL56 / unixodbc
mysql55-client-5.5.56          Multithreaded SQL database (client)
mysql55-server-5.5.56          Multithreaded SQL database (server)
mysql56-client-5.6.36          Multithreaded SQL database (client)
mysql56-q4m-0.9.14             Message queue that works as a pluggable storage engine of MySQL
mysql56-server-5.6.36          Multithreaded SQL database (server)
mysql57-client-5.7.18          Multithreaded SQL database (client)
mysql57-server-5.7.18          Multithreaded SQL database (server)
[root@server /usr/home/user]#

In this example mysql57-server will be installed.

Install mysql57-server with:

[root@server /usr/home/user]# pkg install mysql57-server p5-DBI [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        mysql57-server: 5.7.18
        libevent: 2.1.8
        mysql57-client: 5.7.18

Number of packages to be installed: 3

The process will require 188 MiB more space.
16 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
[1/3] Fetching mysql57-server-5.7.18.txz: 100%   13 MiB   7.1MB/s    00:02
[2/3] Fetching libevent-2.1.8.txz: 100%  300 KiB 307.7kB/s    00:01
[3/3] Fetching mysql57-client-5.7.18.txz: 100%    2 MiB   1.9MB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing libevent-2.1.8...
[1/3] Extracting libevent-2.1.8: 100%
[2/3] Installing mysql57-client-5.7.18...
[2/3] Extracting mysql57-client-5.7.18: 100%
[3/3] Installing mysql57-server-5.7.18...
===> Creating groups.
Creating group 'mysql' with gid '88'.
===> Creating users
Creating user 'mysql' with uid '88'.
Extracting mysql57-server-5.7.18: 100%
Message from mysql57-client-5.7.18:
* * * * * * * * * * * * * * * * * * * * * * * *

This is the mysql CLIENT without the server.
for complete server and client, please install databases/mysql57-server

* * * * * * * * * * * * * * * * * * * * * * * *
Message from mysql57-server-5.7.18:
*****************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

*****************************************************************************
[root@server /usr/home/user]#

Configuration

List installed services with:

[root@server /usr/home/user]# service -r | grep mysql [enter]
/usr/local/etc/rc.d/mysql-server
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf:

[root@server /usr/home/user]# /usr/local/etc/rc.d/mysql-server rcvar [enter]
# mysql
#
mysql_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start MySQL on system boot, add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# MySQL Server' >> /etc/rc.conf; echo 'mysql_enable="YES"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

Then edit /usr/local/etc/mysql/my.cnf with:

[root@server /usr/home/user]# ee /usr/local/etc/mysql/my.cnf [enter]
# $FreeBSD: head/databases/mysql57-server/files/my.cnf.sample.in 414707 2016-05-06 14:39:59Z riggs $

[client]
port                            = 3306
socket                          = /tmp/mysql.sock

[mysql]
prompt                          = \u@\h [\d]>\_
no_auto_rehash

[mysqld]
user                            = mysql
port                            = 3306
socket                          = /tmp/mysql.sock
bind-address                    = 127.0.0.1
basedir                         = /usr/local
datadir                         = /var/db/mysql
tmpdir                          = /var/db/mysql_tmpdir
slave-load-tmpdir               = /var/db/mysql_tmpdir
secure-file-priv                = /var/db/mysql_secure
log-bin                         = mysql-bin
log-output                      = TABLE
master-info-repository          = TABLE
relay-log-info-repository       = TABLE
relay-log-recovery              = 1
slow-query-log                  = 1
server-id                       = 1
sync_binlog                     = 1
sync_relay_log                  = 1
binlog_cache_size               = 16M
expire_logs_days                = 30
default_password_lifetime       = 0
enforce-gtid-consistency        = 1
gtid-mode                       = ON
safe-user-create                = 1
lower_case_table_names          = 1
explicit-defaults-for-timestamp = 1
myisam-recover-options          = BACKUP,FORCE
open_files_limit                = 32768
table_open_cache                = 16384
table_definition_cache          = 8192
net_retry_count                 = 16384
key_buffer_size                 = 256M
max_allowed_packet              = 64M
query_cache_type                = 0
query_cache_size                = 0
long_query_time                 = 0.5
innodb_buffer_pool_size         = 1G
innodb_data_home_dir            = /var/db/mysql
innodb_log_group_home_dir       = /var/db/mysql
innodb_data_file_path           = ibdata1:128M:autoextend
innodb_temp_data_file_path      = ibtmp1:128M:autoextend
innodb_flush_method             = O_DIRECT
innodb_log_file_size            = 256M
innodb_log_buffer_size          = 16M
innodb_write_io_threads         = 8
innodb_read_io_threads          = 8
innodb_autoinc_lock_mode        = 2
skip-symbolic-links

[mysqldump]
max_allowed_packet              = 256M
quote_names
quick

For advice on how to change settings please see https://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

N.B.: MySQL databases is stored in /var/db/mysql by default.

Change file owner and group for file /usr/local/etc/my.cnf with:

[root@server /usr/home/user]# chown mysql:mysql /usr/local/etc/mysql/my.cnf [enter]
[root@server /usr/home/user]#

Start

Manually start MySQL Server with;

[root@server /usr/home/user]# service mysql-server start [enter]
Starting mysql.
[root@server /usr/home/user]#

Check if the service is running with:

[root@server /usr/home/user]# service mysql-server status [enter]
mysql-server is running as pid 91514.
[root@server /usr/home/user]#

…and:

[root@server /usr/home/user]# ps -waux | grep mysql [enter]
mysql     821   0,0  0,0  17088   2540  -  Is   11:03pm    0:00,01 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/var/db/mysql/my.cnf --user=mysql --datadir=/var/db/mysql --pid-file=/var/db/mysql/server.polymathic.net.pid
mysql     939   0,0  3,0 674172 465456  -  I    11:03pm    0:02,87 /usr/local/libexec/mysqld --defaults-extra-file=/var/db/mysql/my.cnf --basedir=/usr/local --datadir=/var/db/mysql --plugin-dir=/usr/local/lib/mysql/plugin --log-error=/var/db/mysql/server.polymathic.net.err --pid-file=/var/db/mysql/server.polymathic.net.pid
[root@server /usr/home/user]#

Securing MySQL

Protect the MySQL installation with:

[root@server /usr/home/user]# mysql_secure_installation [enter]

Securing the MySQL server deployment.

Connecting to MySQL server using password in '/root/.mysql_secret'

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: Y [enter]

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2 [enter]
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : N [enter]

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y [enter]
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : [enter]

 ... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y [enter]
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y [enter]
Success.

All done! 
[root@server /usr/home/user]#

N.B.: The root password for MySQL can be found in file /root/.mysql_secret!

[root@server /usr/home/user]# cat /root/.mysql_secret
# Password set for user 'root@localhost' at 2017-02-20 21:33:40 
{passwd}
[root@server /usr/home/user]#

Logon to the MySQL service as root with:

[root@server /usr/home/user]# mysql -u root -p [enter]
Enter password: <-- password in file /root/.mysql_secret [enter]
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.17-log

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Logout from the MySQL service with:

root@localhost [(none)]> exit [enter]
Bye
[root@server /usr/home/user]#

MySQL User Administration

To set the MySQL root password for the first time:

[root@server /usr/home/user]# mysqladmin -u root password 'passwd' [enter]
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
[root@server /usr/home/user]#

To change the MySQL root password:

[root@server /usr/home/user]# mysqladmin -u root -p'oldpassword' password 'newpasswd' [enter]
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
[root@server /usr/home/user]#

Tweaking MySQL

Default minimum character search length in MySQL is 4 characters. This can easily be adjusted to let’s say 2 characters.

[root@server /usr/home/user]# ee /usr/local/etc/my.cnf

…and add the following text:

[mysqld]
ft_min_word_len=2

[myisamchk]
ft_min_word_len=2

[mysqldump]
ignore-table=mysql.event

Manually restart MySQL Server with;

[root@server /usr/home/user]# service mysql-server restart [enter]
Stopping mysql.
Waiting for PIDS: 939.
Starting mysql.
[root@server /usr/home/user]#

Optional: packet filter (pf)

Network access to the MySQL Server service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add default port information to enable access to the MySQL Server service from clients on the local network as in this example:

.
.
# Ports:
# 123 TCP       Network Time Protocol
.
.
# 3306 TCP      MySQL database system

tcp_pass="{ 123, 3306 }"
.
.

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload [enter]
Reloading pf rules.
[root@server /usr/home/user]#

Move a MySQL Database from one server to another via SSH

Create a new empty database on the receiving server, srv2:

[root@srv2 ~]# mysql -uroot -p [enter]
Enter password: passwd [enter]
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3122
Server version: 5.5.23-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
mysql> CREATE DATABASE db_name; [enter]
Query OK, 1 row affected (0.00 sec)
mysql>
mysql> exit [enter]
[root@srv2 ~]#

On the server with the database, srv1:

[root@srv1 ~]# mysqldump -u{user} -p{password} {db_name} | ssh user@{IP Address srv2} "mysql -u{user} -p{password} {db_name}" [enter]
[root@srv1 ~]#

Using the parameters -e -f -q -Q -K for mysqldump a good idea and will make the insert faster and more secure. Look them up in the docs!

PHP

PHP

Description

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

WWW: http://www.php.net.

Requirements

The following application(s) must be installed, configured and running before PHP is installed:

  1. Apache HTTP Server

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

N.B.: Current version of Appache will be installed if missing!
Search for “mod_php” in the remote package repositories with:

[root@server /usr/home/user]# pkg search "mod_php" [enter]
mod_php56-5.6.30               PHP Scripting Language
mod_php70-7.0.20_1             PHP Scripting Language
mod_php71-7.1.6_1              PHP Scripting Language
[root@server /usr/home/user]#

In this example php71, php71-extensions and mod_php71 will be installed with;

[root@server /usr/home/user]# pkg install php71 php71-extensions mod_php71 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 27 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        php71: 7.1.6_1
        php71-extensions: 1.0
        mod_php71: 7.1.6_1
        libxml2: 2.9.4
        php71-session: 7.1.6_1
        php71-opcache: 7.1.6_1
        php71-xmlwriter: 7.1.6_1
        php71-xmlreader: 7.1.6_1
        php71-dom: 7.1.6_1
        php71-xml: 7.1.6_1
        php71-simplexml: 7.1.6_1
        php71-ctype: 7.1.6_1
        php71-posix: 7.1.6_1
        php71-hash: 7.1.6_1
        php71-filter: 7.1.6_1
        php71-tokenizer: 7.1.6_1
        php71-json: 7.1.6_1
        php71-sqlite3: 7.1.6_1
        sqlite3: 3.19.3_1
        php71-pdo_sqlite: 7.1.6_1
        php71-pdo: 7.1.6_1
        php71-iconv: 7.1.6_1
        php71-phar: 7.1.6_1
        apache24: 2.4.26
        apr: 1.5.2.1.5.4_2
        gdbm: 1.13_1
        db5: 5.3.28_6

Number of packages to be installed: 27

The process will require 109 MiB more space.
23 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/27] Fetching php71-7.1.6_1.txz: 100%    2 MiB   2.2MB/s    00:01
[2/27] Fetching php71-extensions-1.0.txz: 100%    1 KiB   1.1kB/s    00:01
[3/27] Fetching mod_php71-7.1.6_1.txz: 100%    1 MiB   1.2MB/s    00:01
[4/27] Fetching libxml2-2.9.4.txz: 100%  802 KiB 821.1kB/s    00:01
[5/27] Fetching php71-session-7.1.6_1.txz: 100%   31 KiB  32.3kB/s    00:01
[6/27] Fetching php71-opcache-7.1.6_1.txz: 100%  137 KiB 140.0kB/s    00:01
[7/27] Fetching php71-xmlwriter-7.1.6_1.txz: 100%   13 KiB  13.1kB/s    00:01   
[8/27] Fetching php71-xmlreader-7.1.6_1.txz: 100%   13 KiB  12.9kB/s    00:01   
[9/27] Fetching php71-dom-7.1.6_1.txz: 100%   54 KiB  55.4kB/s    00:01
[10/27] Fetching php71-xml-7.1.6_1.txz: 100%   20 KiB  20.1kB/s    00:01
[11/27] Fetching php71-simplexml-7.1.6_1.txz: 100%   23 KiB  23.3kB/s    00:01  
[12/27] Fetching php71-ctype-7.1.6_1.txz: 100%    6 KiB   6.6kB/s    00:01
[13/27] Fetching php71-posix-7.1.6_1.txz: 100%   11 KiB  11.4kB/s    00:01
[14/27] Fetching php71-hash-7.1.6_1.txz: 100%  118 KiB 121.3kB/s    00:01
[15/27] Fetching php71-filter-7.1.6_1.txz: 100%   18 KiB  18.9kB/s    00:01
[16/27] Fetching php71-tokenizer-7.1.6_1.txz: 100%    9 KiB   8.8kB/s    00:01  
[17/27] Fetching php71-json-7.1.6_1.txz: 100%   20 KiB  20.4kB/s    00:01
[18/27] Fetching php71-sqlite3-7.1.6_1.txz: 100%   17 KiB  17.9kB/s    00:01
[19/27] Fetching sqlite3-3.19.3_1.txz: 100%  707 KiB 723.9kB/s    00:01
[20/27] Fetching php71-pdo_sqlite-7.1.6_1.txz: 100%   12 KiB  12.1kB/s    00:01 
[21/27] Fetching php71-pdo-7.1.6_1.txz: 100%   43 KiB  44.1kB/s    00:01
[22/27] Fetching php71-iconv-7.1.6_1.txz: 100%   18 KiB  18.0kB/s    00:01
[23/27] Fetching php71-phar-7.1.6_1.txz: 100%  102 KiB 104.2kB/s    00:01
[24/27] Fetching apache24-2.4.26.txz: 100%    5 MiB   5.0MB/s    00:01
[25/27] Fetching apr-1.5.2.1.5.4_2.txz: 100%  410 KiB 419.7kB/s    00:01
[26/27] Fetching gdbm-1.13_1.txz: 100%  150 KiB 153.5kB/s    00:01
[27/27] Fetching db5-5.3.28_6.txz: 100%   12 MiB   6.4MB/s    00:02
Checking integrity... done (0 conflicting)
[1/27] Installing libxml2-2.9.4...
[1/27] Extracting libxml2-2.9.4: 100%
[2/27] Installing php71-7.1.6_1...
[2/27] Extracting php71-7.1.6_1: 100%
[3/27] Installing gdbm-1.13_1...
[3/27] Extracting gdbm-1.13_1: 100%
[4/27] Installing db5-5.3.28_6...
[4/27] Extracting db5-5.3.28_6: 100%
[5/27] Installing php71-dom-7.1.6_1...
[5/27] Extracting php71-dom-7.1.6_1: 100%
[6/27] Installing php71-hash-7.1.6_1...
[6/27] Extracting php71-hash-7.1.6_1: 100%
[7/27] Installing sqlite3-3.19.3_1...
[7/27] Extracting sqlite3-3.19.3_1: 100%
[8/27] Installing php71-pdo-7.1.6_1...
[8/27] Extracting php71-pdo-7.1.6_1: 100%
[9/27] Installing apr-1.5.2.1.5.4_2...
[9/27] Extracting apr-1.5.2.1.5.4_2: 100%
[10/27] Installing php71-session-7.1.6_1...
[10/27] Extracting php71-session-7.1.6_1: 100%
[11/27] Installing php71-opcache-7.1.6_1...
[11/27] Extracting php71-opcache-7.1.6_1: 100%
[12/27] Installing php71-xmlwriter-7.1.6_1...
[12/27] Extracting php71-xmlwriter-7.1.6_1: 100%
[13/27] Installing php71-xmlreader-7.1.6_1...
[13/27] Extracting php71-xmlreader-7.1.6_1: 100%
[14/27] Installing php71-xml-7.1.6_1...
[14/27] Extracting php71-xml-7.1.6_1: 100%
[15/27] Installing php71-simplexml-7.1.6_1...
[15/27] Extracting php71-simplexml-7.1.6_1: 100%
[16/27] Installing php71-ctype-7.1.6_1...
[16/27] Extracting php71-ctype-7.1.6_1: 100%
[17/27] Installing php71-posix-7.1.6_1...
[17/27] Extracting php71-posix-7.1.6_1: 100%
[18/27] Installing php71-filter-7.1.6_1...
[18/27] Extracting php71-filter-7.1.6_1: 100%
[19/27] Installing php71-tokenizer-7.1.6_1...
[19/27] Extracting php71-tokenizer-7.1.6_1: 100%
[20/27] Installing php71-json-7.1.6_1...
[20/27] Extracting php71-json-7.1.6_1: 100%
[21/27] Installing php71-sqlite3-7.1.6_1...
[21/27] Extracting php71-sqlite3-7.1.6_1: 100%
[22/27] Installing php71-pdo_sqlite-7.1.6_1...
[22/27] Extracting php71-pdo_sqlite-7.1.6_1: 100%
[23/27] Installing php71-iconv-7.1.6_1...
[23/27] Extracting php71-iconv-7.1.6_1: 100%
[24/27] Installing php71-phar-7.1.6_1...
[24/27] Extracting php71-phar-7.1.6_1: 100%
[25/27] Installing apache24-2.4.26...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[25/27] Extracting apache24-2.4.26: 100%
[26/27] Installing php71-extensions-1.0...
[27/27] Installing mod_php71-7.1.6_1...
Extracting mod_php71-7.1.6_1: 100%
[activating module `php7' in /usr/local/etc/apache24/httpd.conf]
Message from php71-dom-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-dom.ini
configuration file to automatically load the installed extension:

extension=dom.so

****************************************************************************
Message from php71-hash-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-hash.ini
configuration file to automatically load the installed extension:

extension=hash.so

****************************************************************************
Message from php71-pdo-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-pdo.ini
configuration file to automatically load the installed extension:

extension=pdo.so

****************************************************************************
Message from php71-session-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-18-session.ini
configuration file to automatically load the installed extension:

extension=session.so

****************************************************************************
Message from php71-opcache-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-10-opcache.ini
configuration file to automatically load the installed extension:

zend_extension=opcache.so

****************************************************************************
Message from php71-xmlwriter-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-xmlwriter.ini
configuration file to automatically load the installed extension:

extension=xmlwriter.so

****************************************************************************
Message from php71-xmlreader-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-30-xmlreader.ini
configuration file to automatically load the installed extension:

extension=xmlreader.so

****************************************************************************
Message from php71-xml-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-xml.ini
configuration file to automatically load the installed extension:

extension=xml.so

****************************************************************************
Message from php71-simplexml-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-simplexml.ini
configuration file to automatically load the installed extension:

extension=simplexml.so

****************************************************************************
Message from php71-ctype-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-ctype.ini
configuration file to automatically load the installed extension:

extension=ctype.so

****************************************************************************
Message from php71-posix-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-posix.ini
configuration file to automatically load the installed extension:

extension=posix.so

****************************************************************************
Message from php71-filter-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-filter.ini
configuration file to automatically load the installed extension:

extension=filter.so

****************************************************************************
Message from php71-tokenizer-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-tokenizer.ini
configuration file to automatically load the installed extension:

extension=tokenizer.so

****************************************************************************
Message from php71-json-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-json.ini
configuration file to automatically load the installed extension:

extension=json.so

****************************************************************************
Message from php71-sqlite3-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-sqlite3.ini
configuration file to automatically load the installed extension:

extension=sqlite3.so

****************************************************************************
Message from php71-pdo_sqlite-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-30-pdo_sqlite.ini
configuration file to automatically load the installed extension:

extension=pdo_sqlite.so

****************************************************************************
Message from php71-iconv-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-iconv.ini
configuration file to automatically load the installed extension:

extension=iconv.so

****************************************************************************
Message from php71-phar-7.1.6_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-30-phar.ini
configuration file to automatically load the installed extension:

extension=phar.so

****************************************************************************
Message from apache24-2.4.26:
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Message from mod_php71-7.1.6_1:
***************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:


    SetHandler application/x-httpd-php


    SetHandler application/x-httpd-php-source


***************************************************************
[root@server /usr/home/user]#

Configuration

Create a configurations file for PHP from the recommended production template file with:

[root@server /usr/home/user]# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini [enter]
[root@server /usr/home/user]#

…and then edit /usr/local/etc/php.ini to meet your demands with:

[root@server /usr/home/user]# ee /usr/local/etc/php.ini [enter]

Got to line 663 and increase post_max_size from 8M to 32M;

; Maximum size of POST data that PHP will accept.
; http://php.net/post-max-size
post_max_size = 32M

Exit ee by pressing <esc> and save your changes.

Create an Includes configuration file, /usr/local/etc/apache24/Includes/php.conf, with:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/Includes/php.conf [enter]

…and add the following text:

<IfModule dir_module>
    DirectoryIndex index.php index.shtml index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>

Exit ee by pressing <esc> and save your changes.

PHP Locale Settings

Display current active locale setting on the system with:

[root@server /usr/home/user]# locale [enter]
LANG=en_SE.UTF-8
LC_CTYPE="en_SE.UTF-8"
LC_COLLATE="en_SE.UTF-8"
LC_TIME="en_SE.UTF-8"
LC_NUMERIC="en_SE.UTF-8"
LC_MONETARY="en_SE.UTF-8"
LC_MESSAGES="en_SE.UTF-8"
LC_ALL=
[root@server /usr/home/user]#

You can list all UTF-8 locales on the system with:

[root@server /usr/home/user]# locale -a | grep '\.UTF-8$' [enter]

Locale settings for the server in this example is en_SE.UTF-8. This is a customized locale setting based on en_US.UTF-8 with modified TIME settings for 24h only display and with Swedish MONITARY and NUMERIC settings.

PHP will not read the locale settings when the charset type is appended to the locale name. ( ie: sv_SE.ISO8859-1, en_SE.UTF-8 ). The solution is to create a symbolic link to the selected locale directory.

Create a symbolic link to en_SE with:

[root@server /usr/home/user]# ln -s /usr/share/locale/en_SE.UTF-8 /usr/share/locale/en_SE [enter]

Restart Apache Service

Restart apache24 with:

[root@server /usr/home/user]# service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 1302.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

Test your PHP installation

Create a test file with:

[root@server /usr/home/user]# echo "<?php phpinfo() ?>" > /usr/local/www/apache24/data/info.php [enter]

…then point your browser to: http://www.example.net/info.php.

Compiled in Modules

Show compiled in modules with:

[root@server /usr/home/user]# php -m [enter]
[PHP Modules]
Core
ctype
date
dom
filter
hash
iconv
json
libxml
mysqlnd
pcre
PDO
pdo_sqlite
Phar
posix
Reflection
session
SimpleXML
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter
Zend OPcache

[Zend Modules]
Zend OPcache

[root@server /usr/home/user]#
OpenSSL – Open Secure Sockets Layer

OpenSSL – Open Secure Sockets Layer

OpenSSL – Open Secure Sockets Layer

Description

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL tookit and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

WWW: http://www.openssl.org/.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Install the OpenSSL port with;

[root@server /usr/home/user]# pkg install openssl [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        openssl: 1.0.2l,1

Number of packages to be installed: 1

The process will require 12 MiB more space.
3 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
[1/1] Fetching openssl-1.0.2l,1.txz: 100%    3 MiB   1.5MB/s    00:02
Checking integrity... done (0 conflicting)
[1/1] Installing openssl-1.0.2l,1...
Extracting openssl-1.0.2l,1: 100%
Message from openssl-1.0.2l,1:
Edit /usr/local/openssl/openssl.cnf to fit your needs.
[root@server /usr/home/user]#

Configuration

Disable use of the old version of openssl in directory /usr/bin/ with:

[root@server /usr/home/user]# mv /usr/bin/openssl /usr/bin/openssl.default [enter]
[root@server /usr/home/user]#

Create a symbolic link to enable the use the new version of openssl with:

[root@server /usr/home/user]# ln -s /usr/local/bin/openssl /usr/bin/ [enter]
[root@server /usr/home/user]#

Edit /usr/local/openssl/openssl.cnf to fit your needs with:

[root@server /usr/home/user]# ee /usr/local/openssl/openssl.cnf [enter]
.
[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = SE
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Example State

localityName                    = Locality Name (eg, city)
localityName_default            = Example City

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Example Company

# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = World Wide Web Pty Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Example Unit

commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_max                = 64
emailAddress_default            = your.mail@example.net

# SET-ex3                       = SET extension number 3
.

CA requires some setup stuff to be done before it can be used. To makes things easier run script:

[root@server /usr/home/user]# /usr/local/openssl/misc/CA.sh -newca [enter]
[root@server /usr/home/user]#

Generating Certificates

If a signature from a CA is not required, a self-signed certificate can be created. First, generate the RSA key:

[root@server /usr/home/user]# openssl genrsa -rand -genkey -out cert.key 2048 [enter]
0 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
................................................+++
......+++
e is 65537 (0x10001)
[root@server /usr/home/user]#

Use this key to create a self-signed certificate valid for filve years. Follow the usual prompts for creating a certificate:

[root@server /usr/home/user]# openssl req -new -x509 -days 1825 -key cert.key -out cert.crt -sha256 [enter]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [SE]: [enter]
State or Province Name (full name) [Example State]: [enter]
Locality Name (eg, city) [Example City]: [enter]
Organization Name (eg, company) [Example Company]: [enter]
Organizational Unit Name (eg, section) [Example Unit]: [enter]
Common Name (e.g. server FQDN or YOUR name) []:server.example.net [enter]
Email Address [your.mail@example.net]: [enter]
[root@server /usr/home/user]#

Two new files has been created in the current directory: a private key file cert.key, and the certificate itself, cert.crt. These files should be placed in a directory, preferably under /usr/local/etc/ssl/. Permissions of 0700 are appropriate for these files and can be set using chmod.

[root@server /usr/home/user]# mv cert.* /usr/local/etc/ssl/ [enter]
[root@server /usr/home/user]#
[root@server /usr/home/user]# chmod 0700 /usr/local/etc/ssl/cert.* [enter]
[root@server /usr/home/user]#
Apache HTTP Server

Apache HTTP Server

Description

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for various modern desktop and server operating systems, such as UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server which provides HTTP services in sync with the current HTTP standards.

The 2.x branch of Apache Web Server includes several improvements like threading, use of APR, native IPv6 and SSL support, and many more.

WWW: http://httpd.apache.org/.

In order for public access to your website, you must have a valid domain name.

Requirements

The following software must be installed before Apache HTTP Server:

  1. OpenSSL – Open Secure Sockets Layer

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for “apache2” in the remote package repositories with:

[root@server /usr/home/user]# pkg search "apache2" [enter]
apache22-2.2.31_1              Version 2.2.x of Apache web server with prefork MPM
apache22-event-mpm-2.2.31_1    Version 2.2.x of Apache web server with event MPM
apache22-itk-mpm-2.2.31_1      Version 2.2.x of Apache web server with itk MPM
apache22-peruser-mpm-2.2.31_1  Version 2.2.x of Apache web server with peruser MPM
apache22-worker-mpm-2.2.31_1   Version 2.2.x of Apache web server with worker MPM
apache24-2.4.25_1              Version 2.4.x of Apache web server
p5-Apache2-SOAP-0.73_4         Apache2 mod_perl2 SOAP Server
p5-Apache2-SiteControl-1.05_3  Perl web site authentication/authorization system
[root@server /usr/home/user]#

In this example apache24 will be installed.

Install Apache HTTP Server 2.4 with;

[root@server /usr/home/user]# pkg install apache24 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	apache24: 2.4.25_1
	libxml2: 2.9.4
	apr: 1.5.2.1.5.4_2
	gdbm: 1.12
	db5: 5.3.28_6

Number of packages to be installed: 5

The process will require 81 MiB more space.
18 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching apache24-2.4.25_1.txz: 100%    5 MiB   1.6MB/s    00:03    
Fetching libxml2-2.9.4.txz: 100%  802 KiB 821.6kB/s    00:01    
Fetching apr-1.5.2.1.5.4_2.txz: 100%  410 KiB 419.5kB/s    00:01    
Fetching gdbm-1.12.txz: 100%  145 KiB 148.5kB/s    00:01    
Fetching db5-5.3.28_6.txz: 100%   12 MiB   2.1MB/s    00:06    
Checking integrity... done (0 conflicting)
[1/5] Installing gdbm-1.12...
[1/5] Extracting gdbm-1.12: 100%
[2/5] Installing db5-5.3.28_6...
[2/5] Extracting db5-5.3.28_6: 100%
[3/5] Installing libxml2-2.9.4...
[3/5] Extracting libxml2-2.9.4: 100%
[4/5] Installing apr-1.5.2.1.5.4_2...
[4/5] Extracting apr-1.5.2.1.5.4_2: 100%
[5/5] Installing apache24-2.4.25_1...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[5/5] Extracting apache24-2.4.25_1: 100%
Message from apache24-2.4.25_1:
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[root@server /usr/home/user]#

Configuration

packet filter (pf)

Access to the Apache service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add port information to enable access to the Apache service from clients on the local network as in this example:

.
# Ports:
#  80 TCP       Hypertext Transfer Protocol (HTTP)
# 123 TCP       Network Time Protocol
# 443 TCP       Hypertext Transfer Protocol over TLS/SSL (HTTPS)
# 445 TCP       Microsoft-DS SMB file sharing

tcp_pass="{ 80, 123, 443, 445 }"
.

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload [enter]
Reloading pf rules.
[root@server /usr/home/user]#

Service start on Boot

List installed apache services with:

[root@server /usr/home/user]# service -r | grep /apache [enter]
/usr/local/etc/rc.d/apache24
[root@server /usr/home/user]#

Find the rcvar for /usr/local/etc/rc.d/apache24 with:

[root@server /usr/home/user]# /usr/local/etc/rc.d/apache24 rcvar [enter]
# apache24
#
apache24_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start the Apache HTTP Server on system boot:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# Apache HTTP Server' >> /etc/rc.conf; echo 'apache24_enable="YES"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

Rotate Loggfile

To automatically rotate the /var/log/httpd-error.log log file with:

[root@server /usr/home/user]# echo '/var/log/httpd-error.log                600  9   100000 *     Z' >> /etc/newsyslog.conf [enter]
[root@server /usr/home/user]#

Hosts Database Setup

Hostname must be resolvable or Apache might have issues starting depending on the modules you are using.

Edit file /etc/hosts to allow Apache HTTP Server 2.4 to resolve hostname(s):

[root@server /usr/home/user]# ee /etc/hosts

This is a example:

# $FreeBSD: releng/11.1/etc/hosts 109997 2003-01-28 21:29:23Z dbaker $
#
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file.  Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1                     localhost localhost.example.net
127.0.0.1               localhost localhost.example.net
#
# Imaginary network.
#10.0.0.2               myname.my.domain myname
#10.0.0.3               myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
#       10.0.0.0        -   10.255.255.255
#       172.16.0.0      -   172.31.255.255
#       192.168.0.0     -   192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers.  Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
192.168.1.1     server.exemple.net

Display where the configuration file should be put with:

[root@server /usr/home/user]# grep httpd.conf /usr/local/etc/rc.d/apache24 [enter]
required_files=/usr/local/etc/apache24/httpd.conf
[root@server /usr/home/user]#

‘ServerAdmin’ Email Address

Update ServerAdmin email address in file /usr/local/etc/apache24/httpd.conf as in this example with:

[root@server /usr/home/user]# perl -pi -e 's/admin\@your-domain.com/{your.name}\@{example.net}/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]#

SSL certificates

The server can hold multiple certificates, but only one per listening IP Address. So, if the server is listening on one IP address, only one certificate can be used for the server. All of your virtual domains can share the same certificate, but clients will get warning prompts when they connect to a secure site where the certificate does not match the domain name. If your server is listening on multiple IP addresses, your virtual hosts have to be IP-based — not name-based. This is something to consider when creating your certificate.

In this example we will use be using self signed certificates created with OpenSSL.

Copy the Server Certificate file server.crt and Server Private Key file server.key files into the appropriate directori with:

[root@server /usr/home/user]# cp /usr/local/etc/ssl/*.key /usr/local/etc/apache24/server.key; cp /usr/local/etc/ssl/*.crt /usr/local/etc/apache24/server.crt [enter]
[root@server /usr/home/user]#

Enable use of Certificate files

Update the Apache configuration files /usr/local/etc/apache24/httpd.conf to use Certificate files with:

[root@server /usr/home/user]# perl -pi -e 's/#LoadModule socache_shmcb_module/LoadModule socache_shmcb_module/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/#LoadModule ssl_module/LoadModule ssl_module/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/Options Indexes FollowSymLinks/Options Indexes Includes FollowSymLinks/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/#Include etc\/apache24\/extra\/httpd-ssl.conf/Include etc\/apache24\/extra\/httpd-ssl.conf/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]#

Update ServerName and ServerAdmin in file /usr/local/etc/apache24/extra/httpd-ssl.conf as in this example.

[root@server /usr/home/user]# perl -pi -e 's/www.example.com/{www.example.net}/g' /usr/local/etc/apache24/extra/httpd-ssl.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/you\@example.com/{your.name}\@{example.net}/g' /usr/local/etc/apache24/extra/httpd-ssl.conf [enter]
[root@server /usr/home/user]#

Update all Certificate names in file /usr/local/etc/apache24/extra/httpd-ssl.conf as in this example.

[root@server /usr/home/user]# perl -pi -e 's/apache24\/server/apache24\/{server}/g' /usr/local/etc/apache24/extra/httpd-ssl.conf [enter]
[root@server /usr/home/user]#

Optional: Virtual Hosts

Please see the documentation at <URL:http://httpd.apache.org/docs/2.4/vhosts/> for further details before you try to setup virtual hosts.

Name-based virtual hosting is usually simpler, since you need only configure your DNS server to map each hostname to the correct IP address and then configure the Apache HTTP Server to recognize the different hostnames. Name-based virtual hosting also eases the demand for scarce IP addresses. Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol.

As the term IP-based indicates, the server must have a different IP address for each IP-based virtual host. This can be achieved by the machine having several physical network connections, or by use of virtual interfaces.

There are two ways of configuring apache to support multiple hosts. Either by running a separate httpd daemon for each hostname, or by running a single daemon which supports all the virtual hosts.

The following example shows how Apache HTTP Server 2.4 can be configured to host the original IP (192.168.1.1) plus two additional domains on additional IPs (192.168.100.1 and 192.168.200.1). For this case, a single httpd will service requests for the main server and all the virtual hosts. This particular example only works on an intranet, because IPs ranging from 192.168.0.0 to 192.168.255.0 are not routed on the Internet.

Once IP aliasing has been set up on the system or the host has been configured with several network cards, Apache HTTP Server 2.4 can be configured. Specify a separate VirtualHost block for every virtual server.

Update the Apache configuration files /usr/local/etc/apache24/httpd.conf to use Virtual Hosts with:

[root@server /usr/home/user]# perl -pi -e 's/#Include etc\/apache24\/extra\/httpd-vhosts.conf/Include etc\/apache24\/extra\/httpd-vhosts.conf/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]#

Then edit file /usr/local/etc/apache24/extra/httpd-vhosts.conf by specify a separate VirtualHost block for every virtual server with:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/extra/httpd-vhosts.conf [enter]

Example:

#
# IP-based Virtual Hosts
#
<VirtualHost 192.168.1.4:80>
  DocumentRoot "/usr/local/www/apache24/data"
  ServerName www.example.net
  <Directory "/usr/local/www/apache24/data">
    AllowOverride All
    Options Indexes FollowSymLinks
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

<VirtualHost 192.168.1.4:443>
  DocumentRoot "/usr/local/www/apache24/data"
  ServerName www.example.net
  SSLEngine on
  SSLCertificateFile "/usr/local/etc/apache24/www.crt"
  SSLCertificateKeyFile "/usr/local/etc/apache24/www.key"
  <Directory "/usr/local/www/apache24/data">
    AllowOverride All
    Options Indexes FollowSymLinks
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

It is now time to create your own certificate for the virtual host using the OpenSSL utility.

Now, you need to understand that one server can hold multiple certificates, but only one per listening IP address. So, if your server is listening on one IP address, you can only have one certificate for the server. All of your virtual domains can share the same certificate, but clients will get warning prompts when they connect to a secure site where the certificate does not match the domain name. If your server is listening on multiple IP addresses, your virtual hosts have to be IP-based — not name-based. This is something to consider when creating your certificate.

In this example we will use be using self signed certificates created with OpenSSL.

Generate a Private Key for srv with:

[root@server /usr/home/user]# openssl genrsa -out www.key 1024 [enter]
Generating RSA private key, 1024 bit long modulus
...........................................................++++++
...........................++++++
e is 65537 (0x10001)
[root@server /usr/home/user]#

Generating a Self Signed Certificate with:

[root@server /usr/home/user]# openssl req -outform PEM -new -key www.key -x509 -days 1825 -out www.crt [enter]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SE
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:Your City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Organization Name
Organizational Unit Name (eg, section) []:Your Organizational Unit Name
Common Name (eg, YOUR name) []:www.example.net
Email Address []:your.name@example.net
[root@server /usr/home/user]#

N.B.: Set Common Name (eg, YOUR name) to your servers DNS entry in file /etc/hosts!

N.B.: The produced Certificate will be valid for 1825 days, about 5 years.

Copy Server Certificate file www.crt and Server Private Key file www.key files into appropriate directories with:

[root@server /usr/home/user]# cp /usr/home/user/*.key /usr/local/etc/apache24/; cp /usr/home/user/*.crt /usr/local/etc/apache24/ [enter]
[root@server /usr/home/user]#

Verify your virtual host configuration with:

[root@server /usr/home/user]# httpd -S [enter]
VirtualHost configuration:
192.168.1.1:80         www.example.net (/usr/local/etc/apache24/extra/httpd-vhosts.conf:4)
192.168.1.1:443        www.example.net (/usr/local/etc/apache24/extra/httpd-vhosts.conf:15)
*:443                  www.example.net (/usr/local/etc/apache24/extra/httpd-ssl.conf:121)
ServerRoot: "/usr/local"
Main DocumentRoot: "/usr/local/www/apache24/data"
Main ErrorLog: "/var/log/httpd-error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www" id=80
Group: name="www" id=80
[root@server /usr/home/user]#

HTTP Accept Filter

accf_http – buffer incoming connections until a certain complete HTTP requests arrive

Load the kernel modules accf_http at boot by adding the following to file /etc/rc.conf with:

[root@server /usr/home/user]# sysrc kld_list+="accf_http" [enter]
kld_list: ... -> ... accf_http
[root@server /usr/home/user]#

Manually load the HTTP Accept Filter with:

[root@server /usr/home/user]# kldload -v accf_http.ko [enter]
Loaded accf_http.ko, id=21
[root@server /usr/home/user]#

Data Accept Filter

accf_data – buffer incoming connections until data arrives

Load the kernel modules accf_data at boot by adding the following to file /etc/rc.conf with:

[root@server /usr/home/user]# sysrc kld_list+="accf_data" [enter]
kld_list: ... -> ... accf_data
[root@server /usr/home/user]#

Manually load the Data Accept Filter with:

[root@server /usr/home/user]# kldload -v accf_data.ko [enter]
Loaded accf_data.ko, id=22
[root@server /usr/home/user]#

Start Apache HTTP Server

Start Apache HTTP Server with:

[root@server /usr/home/user]# service apache24 start [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

Verify apache24 status with:

[root@server /usr/home/user]# service apache24 status [enter]
apache24 is running as pid 53785.
[root@server /usr/home/user]#

Check the httpd error log for possible errors:

[root@server /usr/home/user]# tail /var/log/httpd-error.log [enter]
[root@server /usr/home/user]#

Optional – Enable Server Side Includes, SSI

Update the Apache configuration files /usr/local/etc/apache24/httpd.conf to use Server Side Includes, SSI, with:

[root@server /usr/home/user]# perl -pi -e 's/#LoadModule include_module/LoadModule include_module/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/Options Indexes/Options Indexes Includes/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/DirectoryIndex index/DirectoryIndex index.shtml index/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/#AddType text\/html .shtml/AddType text\/html .shtml/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]# perl -pi -e 's/#AddOutputFilter INCLUDES .shtml/AddOutputFilter INCLUDES .shtml/g' /usr/local/etc/apache24/httpd.conf [enter]
[root@server /usr/home/user]#

Update the Apache configuration files /usr/local/etc/apache24/extra/httpd-vhosts.conf to use Server Side Includes, SSI, with:

[root@server /usr/home/user]# perl -pi -e 's/Options Indexes/Options Indexes Includes/g' /usr/local/etc/apache24/extra/httpd-vhosts.conf [enter]
[root@server /usr/home/user]#

Restart apache24 with:

[root@server /usr/home/user]# service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 1302.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

Test your SSI setup by creating a test file, ssi.shtml, with:

[root@server /usr/home/user]# ee /usr/local/www/apache24/data/ssi.shtml [enter]

Add the following lines:

<html>
<head>
<title>SSI Test Page</title>
</head>
<body>
<h1>Test of Server Side Include, SSI</h1>
<p>Date/Time Format information can be found <a href="http://www.oreilly.com/openbook/cgi/ch05_08.html">here</a></p>
<!--#config timefmt="%A, %e %B %Y, %H:%M %Z"-->
<p>This page was last updated <!--#echo var="last_modified" --></p>
<p>(If no date and time is displayed: Did you miss to restart Apache?)</p>
</body>
</html>

Start your favorite browser and go to the testpage on the server as in this example, http://www.example.net/ssi.shtml