The open source Apache HTTP Server is the most widely used web server. FreeBSD does not install this web server by default, but it can be installed from the www/apache24 package or port.
This section summarizes how to configure and start version
2.x of the Apache HTTP
Server on FreeBSD. For more detailed information
about Apache 2.X and its
configuration directives, refer to httpd.apache.org.
In FreeBSD, the main Apache HTTP
Server configuration file is installed as
/usr/local/etc/apache2,
where x/httpd.confx represents the version
number. This ASCII text file begins
comment lines with a #. The most
frequently modified directives are:
ServerRoot "/usr/local"Specifies the default directory hierarchy for the
Apache installation.
Binaries are stored in the bin and
sbin subdirectories of the server
root and configuration files are stored in the etc/apache2
subdirectory.x
ServerAdmin you@example.comChange this to the email address to receive problems with the server. This address also appears on some server-generated pages, such as error documents.
ServerName
www.example.com:80Allows an administrator to set a hostname which is
sent back to clients for the server. For example,
www can be used instead of the
actual hostname. If the system does not have a
registered DNS name, enter its
IP address instead. If the server
will listen on an alternate report, change
80 to the alternate port
number.
DocumentRoot
"/usr/local/www/apache2x/data"The directory where documents will be served from. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other locations.
It is always a good idea to make a backup copy of the
default Apache configuration file
before making changes. When the configuration of
Apache is complete, save the file
and verify the configuration using
apachectl. Running apachectl
configtest should return Syntax
OK.
To launch Apache at system
startup, add the following line to
/etc/rc.conf:
apache24_enable="YES"If Apache should be started
with non-default options, the following line may be added to
/etc/rc.conf to specify the needed
flags:
apache24_flags=""If apachectl does not report
configuration errors, start httpd
now:
#service apache24start
The httpd service can be tested by
entering
http://
in a web browser, replacing
localhostlocalhost with the fully-qualified
domain name of the machine running httpd.
The default web page that is displayed is
/usr/local/www/apache.24/data/index.html
The Apache configuration can be
tested for errors after making subsequent configuration
changes while httpd is running using the
following command:
#service apache24configtest
It is important to note that
configtest is not an rc(8) standard,
and should not be expected to work for all startup
scripts.
Virtual hosting allows multiple websites to run on one Apache server. The virtual hosts can be IP-based or name-based. IP-based virtual hosting uses a different IP address for each website. Name-based virtual hosting uses the clients HTTP/1.1 headers to figure out the hostname, which allows the websites to share the same IP address.
To setup Apache to use
name-based virtual hosting, add a
VirtualHost block for each website. For
example, for the webserver named www.domain.tld with a
virtual domain of www.someotherdomain.tld,
add the following entries to
httpd.conf:
<VirtualHost *>
ServerName www.domain.tld
DocumentRoot /www/domain.tld
</VirtualHost>
<VirtualHost *>
ServerName www.someotherdomain.tld
DocumentRoot /www/someotherdomain.tld
</VirtualHost>For each virtual host, replace the values for
ServerName and
DocumentRoot with the values to be
used.
For more information about setting up virtual hosts,
consult the official Apache
documentation at: http://httpd.apache.org/docs/vhosts/.
Apache uses modules to augment
the functionality provided by the basic server. Refer to http://httpd.apache.org/docs/current/mod/
for a complete listing of and the configuration details for
the available modules.
In FreeBSD, some modules can be compiled with the
www/apache24 port. Type make
config within
/usr/ports/www/apache24 to see which
modules are available and which are enabled by default. If
the module is not compiled with the port, the FreeBSD Ports
Collection provides an easy way to install many modules. This
section describes three of the most commonly used
modules.
At one in point in time, support for SSL
inside of Apache required a secondary module called
mod_ssl. This is no longer the case and
the default install of Apache comes with SSL
built into the web server. An example of how to enable
support for SSL websites is available
in the installed file, httpd-ssl.conf
inside of the
/usr/local/etc/apache24/extra
directory. Inside this directory is also a sample file called
named ssl.conf-sample. It is recommended
that both files be evaluated to properly set up secure websites
in the Apache web server.
After the configuration of SSL is
complete, the following line must be uncommented in the main
http.conf to activate the changes on the
next restart or reload of Apache:
#Include etc/apache24/extra/httpd-ssl.conf
SSL version two and version three have
known vulnerability issues. It is highly recommended TLS version
1.2 and 1.3 be enabled in place of the older SSL options.
This can be accomplished by setting the following options in the
ssl.conf:
SSLProtocol all -SSLv3 -SSLv2 +TLSv1.2 +TLSv1.3 SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
To complete the configuration of SSL in the web server, uncomment the following line to ensure that the configuration will be pulled into Apache during restart or reload:
# Secure (SSL/TLS) connections Include etc/apache24/extra/httpd-ssl.conf
The following lines must also be uncommented in the
httpd.conf to fully support
SSL in Apache:
LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so LoadModule ssl_module libexec/apache24/mod_ssl.so
The next step is to work with a certificate authority to have the appropriate certificates installed on the system. This will set up a chain of trust for the site and prevent any warnings of self-signed certificates.
The
mod_perl module makes it possible to
write Apache modules in
Perl. In addition, the
persistent interpreter embedded in the server avoids the
overhead of starting an external interpreter and the penalty
of Perl start-up time.
The mod_perl can be installed using
the www/mod_perl2 package or port.
Documentation for using this module can be found at http://perl.apache.org/docs/2.0/index.html.
PHP: Hypertext Preprocessor (PHP) is a general-purpose scripting language that is especially suited for web development. Capable of being embedded into HTML, its syntax draws upon C, Java™, and Perl with the intention of allowing web developers to write dynamically generated webpages quickly.
Support for PHP for Apache and any other feature written in the language, can be added by installing the appropriate port.
For all supported versions, search the package database
using pkg:
#pkg search php
A list will be displayed including the versions and additional features they provide. The components are completely modular, meaning features are enabled by installing the appropriate port. To install PHP version 7.4 for Apache, issue the following command:
#pkg install mod_php74
If any dependency packages need to be installed, they will be installed as well.
By default, PHP will not be
enabled. The following lines will need to be added to
the Apache configuration file located in
/usr/local/etc/apache24
to make it active:
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>In addition, the DirectoryIndex in
the configuration file will also need to be updated
and Apache will either need to be restarted or reloaded
for the changes to take effect.
Support for many of the PHP
features may also be installed by using
pkg. For example, to install
support for XML or
SSL, install their respective
ports:
#pkg install php74-xml php74-openssl
As before, the Apache configuration will need to be reloaded for the changes to take effect, even in cases where it was just a module install.
To perform a graceful restart to reload the configuration, issue the following command:
#apachectl graceful
Once the install is complete, there are two methods of obtaining the installed PHP support modules and the environmental information of the build. The first is to install the full PHP binary and running the command to gain the information:
#pkg install php74
#php -i |less
It is necessary to pass the output to a pager, such as
the more or less to
easier digest the amount of output.
Finally, to make any changes to the global configuration
of PHP there is a well documented file
installed into
/usr/local/etc/php.ini.
At the time of install, this file will not exist because there
are two versions to choose from, one is
php.ini-development and the other is
php.ini-production. These are starting
points to assist administrators in their deployment.
Apache support for
the HTTP2 protocol is included by default
when installing the port with pkg. The new
version of HTTP includes many improvements
over the previous version, including utilizing a single
connection to a website, reducing overall roundtrips of
TCP connections. Also, packet header data
is compressed and HTTP2 requires
encryption by default.
When Apache is configured to only use HTTP2, web browsers will require secure, encrypted HTTPS connections. When Apache is configured to use both versions, HTTP1.1 will be considered a fall back option if any issues arise during the connection.
While this change does require administrators to make changes, they are positive and equate to a more secure Internet for everyone. The changes are only required for sites not currently implementing SSL and TLS.
This configuration depends on the previous sections, including TLS support. It is recommended those instructions be followed before continuing with this configuration.
Start the process by enabling the
http2 module by uncommenting the line in
/usr/local/etc/apache24/httpd.conf and
replace the mpm_prefork module with mpm_event as the former
does not support HTTP2.
LoadModule http2_module libexec/apache24/mod_http2.so LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
There is a separate
mod_http2 port that is
available. It exists to deliver security and bug fixes
quicker than the module installed with the bundled
apache24 port. It is
not required for HTTP2 support but
is available. When installed, the
mod_h2.so should be used in place
of mod_http2.so in the
Apache configuration.
There are two methods to implement HTTP2 in Apache; one way is globally for all sites and each VirtualHost running on the system. To enable HTTP2 globally, add the following line under the ServerName directive:
Protocols h2 http/1.1
To enable HTTP2 over plaintext,
use h2 h2c
http/1.1 in the
httpd.conf.
Having the h2c here will allow plaintext HTTP2 data to pass on the system but is not recommended. In addition, using the http/1.1 here will allow fallback to the HTTP1.1 version of the protocol should it be needed by the system.
To enable HTTP2 for individual
VirtualHosts, add the same line within the VirtualHost
directive in either httpd.conf or
httpd-ssl.conf.
Reload the configuration using the
apachectl reload command
and test the configuration either by using either of the
following methods after visiting one of the hosted pages:
#grep "HTTP/2.0" /var/log/httpd-access.log
This should return something similar to the following:
192.168.1.205 - - [18/Oct/2020:18:34:36 -0400] "GET / HTTP/2.0" 304 - 192.0.2.205 - - [18/Oct/2020:19:19:57 -0400] "GET / HTTP/2.0" 304 - 192.0.0.205 - - [18/Oct/2020:19:20:52 -0400] "GET / HTTP/2.0" 304 - 192.0.2.205 - - [18/Oct/2020:19:23:10 -0400] "GET / HTTP/2.0" 304 -
The other method is using the web browser's built
in site debugger or tcpdump; however,
using either method is beyond the scope of this
document.
Support for HTTP2 reverse
proxy connections by using the
mod_proxy_http2.so module. When
configuring the ProxyPass or RewriteRules [P] statements,
they should use h2:// for the connection.
In addition to mod_perl and mod_php, other languages are available for creating dynamic web content. These include Django and Ruby on Rails.
Django is a BSD-licensed framework designed to allow developers to write high performance, elegant web applications quickly. It provides an object-relational mapper so that data types are developed as Python objects. A rich dynamic database-access API is provided for those objects without the developer ever having to write SQL. It also provides an extensible template system so that the logic of the application is separated from the HTML presentation.
Django depends on mod_python, and
an SQL database engine. In FreeBSD, the
www/py-django port automatically installs
mod_python and supports the
PostgreSQL,
MySQL, or
SQLite databases, with the
default being SQLite. To change
the database engine, type make config
within /usr/ports/www/py-django, then
install the port.
Once Django is installed, the application will need a project directory along with the Apache configuration in order to use the embedded Python interpreter. This interpreter is used to call the application for specific URLs on the site.
To configure Apache to pass
requests for certain URLs to the web
application, add the following to
httpd.conf, specifying the full path to
the project directory:
<Location "/">
SetHandler python-program
PythonPath "['/dir/to/the/django/packages/'] + sys.path"
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonAutoReload On
PythonDebug On
</Location>Refer to https://docs.djangoproject.com
for more information on how to use
Django.
Ruby on Rails is another open source web framework that provides a full development stack. It is optimized to make web developers more productive and capable of writing powerful applications quickly. On FreeBSD, it can be installed using the www/rubygem-rails package or port.
Refer to http://guides.rubyonrails.org
for more information on how to use Ruby on
Rails.
All FreeBSD documents are available for download at https://download.freebsd.org/ftp/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.