This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Internet & WWW

Setting up LAMP on FreeBSD

By Martin Münch on July 31, 2008 (9:00:00 AM)

Share    Print    Comments   

Setting up a LAMP server is a common task for systems administrators, and FreeBSD is one of the most reliable and stable operating systems available. You can swap out the L in LAMP with F for FreeBSD to build a fast and reliable Web server.

In this article I assume FreeBSD is already installed. If not, make sure you download the latest stable production version of FreeBSD and run the installer. I recommend choosing the MINIMUM option at the installer screen to quickly install only the most basic and necessary things.

To install applications on FreeBSD, use the ports files. Ports are plain text files that know where to download source code, so that the software will be compiled on your computer. This way you can change settings (including or excluding specific modules) as you want, and the software will fit perfectly to the specifications of your computer. First, you have to make sure that the latest ports files are installed. If you've never installed the ports, issue portsnap fetch extract in the shell; otherwise, issue portsnap fetch update. This will download the latest ports files. After a bunch of messages that show you what files have been downloaded, you're ready to go.

Apache

Next you need to compile and install Apache, the Web server itself, using command like those below. After changing to the right location (the first command), the second command brings up a configuration screen where you can change settings. You might want to enable IPv6 support or activate the proxy module, but the standard settings are usually fine. After you have accepted the settings, Apache will automatically be compiled and installed. The last three lines make sure Apache and the required modules start automatically with the operating system:

cd /usr/ports/www/apache22/ make config install distclean echo 'apache2_enable="YES"' >> /etc/rc.conf echo 'apache2ssl_enable="YES"' >> /etc/rc.conf echo 'accf_http_ready="YES"' >> /etc/rc.conf && kldload accf_http

Once Apache is installed properly, you must configure your server. First, enable SSL support and create the certificate and key files. The SSL key file is your private file for changing the password and restoring certificates. The SSL certificate file is the certificate itself, which will be used to assure visitors' Web browsers that your server is the server they want to talk to. By default, the SSL certificate file is /usr/local/etc/apache22/server.crt, and the SSL key file is /usr/local/etc/apache22/server.key. You can check or change this by searching for SSLCertificateFile or SSLCertificateKeyFile, respectively, in /usr/local/etc/apache22/extra/httpd-ssl.conf. Since version 2 of Apache, the main configuration file is divided into several extra files in /usr/local/etc/apache22/extra/. This makes it easier to find specific options and reduces the size of the main configuration file. If you don't find an option in the main configuration, you should check the extra files.

Now you need to change to the right location and generate the key file. With that key, you can generate a certificate-signing request, which tells a certificate authority to sign your key. You can either send a request to an authority such as VeriSign, or sign it yourself. If the certificate is signed by a professional authority, it will cost money, but assure visitors that this Web server definitely belongs to you and not somebody else. Self-signing the certificate will cause a warning to appear in visitors' browsers when they enter your site that the certificate is self-signed, but will cost nothing at all. The following code shows you how to self-sign the certificate:

cd /usr/local/etc/apache22/ openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt chmod 0400 server.key server.crt

The key and certificate files are generated and in the right place with the proper permissions. However, you still need to configure some things. You have to make sure the server administrator's email address is set correctly by searching for ServerAdmin in /usr/local/etc/apache22/httpd.conf. DocumentRoot specifies where the Web documents are located; set it to /srv/www/01 on your server. Letting users host their own private Web content can cause some harm, so disable it by commenting out Include etc/apache22/extra/httpd-userdir.conf. Finally, enable SSL support by activating Include etc/apache22/extra/httpd-ssl.conf. In /usr/local/etc/apache22/extra/httpd-default.conf, disable ServerSignature to prevent the server from showing more information than it has to. Make sure the server-status and the server-info sections in /usr/local/etc/apache22/extra/httpd-info.conf are commented out. The less information others have about the Web server, the better it is for the security staff.

In usr/local/etc/apache22/extra/httpd-vhosts.conf, set the directory for every SSL connection to the server. Note that lawrencium is the name of the server in this example; you should change this to the name of your own server:

NameVirtualHost *:443 <VirtualHost *:443> ServerName lawrencium ServerAlias lawrencium.ipc.net DocumentRoot /srv/www/02/ <Directory /src/www/02/> Order allow,deny Allow from all </Directory> SSLEngine On SSLCertificateFile /usr/local/etc/apache22/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/etc/apache22/ssl.key/server.key AllowOverride None Order Deny, Allow </VirtualHost>

You now have one directory (/srv/www/01) for all connections on port 80, and one directory (/srv/www/02) for all connections on port 443.

PHP

At this point, the Web server is ready to serve static documents. However, most Web sites contain dynamic PHP content, such as forums, chats, and galleries.

PHP installation is quick and easy. Compile and install the PHP package itself and the PHP extensions and make sure that the Apache module is compiled when you install PHP v5:

cd /usr/ports/lang/php5 make config install distclean cd /usr/ports/lang/php5-extensions make config install distclean

To make Apache serve PHP sites, you have to tell it how to handle PHP files. Add the following entries to /usr/local/etc/apache2/httpd.conf directly after all the LoadModule lines:

AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps

Add index.php as the directory index:

<IfModule mod_dir.c> DirectoryIndex index.php index.html index.htm </IfModule>

PHP includes a recommended configuration file that is secure for most purposes. Disable allow_url_fopen (which allows you to operate on remote FTP/HTTP sites just like on local files), because it can become harmful when used incorrectly:

cp /usr/local/etc/php-ini-recommended /usr/local/etc/php.ini

MySQL

PHP is now installed and configured. However, most PHP applications use databases as well. MySQL, a database system, is stable, open source, and doesn't cost a penny.

Compile and install MySQL with SSL support and add an entry to /etc/rc.conf to start the MySQL server automatically with the operating system:

cd /usr/ports/databases/mysql51-server make install WITH_OPENSSL=yes make distclean echo 'mysql_enable="YES"' >> /etc/rc.conf

Set a root password (p3Df1IsT in the commands below). Note that because you're specifying the password on the shell, it is stored in the shell history (e.g., ~/.bash_history or ~/.histfile, depending on which shell you used), so for security reasons clearing the shell history is a good idea, especially if the root account is shared:

/usr/local/etc/rc.d/mysql-server start mysqladmin -u root password p3Df1IsT mysql -u root -p rm /root/.history

Now remove all anonymous accounts by typing the following commands at the MySQL command prompt after you've logged in. The fourth command gives you a list of users without passwords; you can either set each password or delete the users. The last command changes the name of the default root account to mmu002. Changing the root account to an account of your choice is a good idea in case someone wants to try to get your root password. Typically a cracker tries the user name root and some default or dictionary passwords. In this case the default root account does not exist, which makes it a lot harder to break in. Be sure to choose a name not everybody could guess; things like your name or your dog's name are bad examples:

use mysql DELETE FROM user WHERE user=""; FLUSH PRIVILEGES; SELECT * FROM user WHERE Password=""; UPDATE user SET user='mmu002' WHERE user='root';

FreeBSD doesn't create a MySQL configuration file by default, so you have to do this yourself by creating /etc/my.cnf, which changes the default port to 29912. The server allows connections made only from 127.0.0.1 (i.e., localhost). The last command shows only databases the user actually has read and write access to; without this option, MySQL would show all users all databases:

[client] port=29912 [mysqld] port=29912 bind-address=127.0.0.1 skip-name-resolve safe-show-database

This article could end here, but it would be unforgivable to not mention phpMyAdmin in an article about LAMP.

phpMyAdmin

phpMyAdmin makes database administration a lot easier. It is used so frequently that it's almost a standard. You need to install it and set the links. In the commands below, we set up http://localhost/phpMyAdmin to access phpMyAdmin (that is, we link the installed phpMyAdmin directory in wwwroot), then use a configuration skeleton as the default configuration, and make sure the secret passphrase (which will be used to encrypt passwords), the root user, and the root password are set corresponding to your MySQL options:

cd /usr/ports/databases/phpmyadmin make config install distclean ln -s /usr/local/www/phpMyAdmin /usr/local/www/apache22/data cd /usr/local/www/phpMyAdmin && cp config.sample.inc.php config.inc.php vim config.inc.php $cfg['blowfish_secret'] = 'kJ76Fgeak98h6thjd6'; $cfg['Servers'][$i]['controluser'] = 'root'; $cfg['Servers'][$i]['controlpass'] = 'p3Df1IsT';

Your new multifunctional FreeBSD server is now installed, configured, secured, and ready to go. When managing a server, keep a few things in mind. First, keep the server up-to-date. FreeBSD offers great tools to keep the FreeBSD kernel, the FreeBSD user space, and all installed applications on it up-to-date and secure. An obsolete server is a security risk. Second, make sure you read the configuration files and the man pages when changing settings, reconfiguring applications, or if you just want to know what a specific command or file is there for.

Your server can now host static Web pages and dynamic Web pages, such as forums, chats, and picture galleries, securely, and you have phpMyAdmin to help you configure the databases that often play a central role in Web hosting.

Martin Münch studies computer science at the University of Tromsø, Norway.

Share    Print    Comments   

Comments

on Setting up LAMP on FreeBSD

Note: Comments are owned by the poster. We are not responsible for their content.

"why not"

Posted by: Michael Shigorin on July 31, 2008 09:36 AM
> Why not combine both LAMP and FreeBSD to build a fast and reliable Web server?
Why do that?

I mean, you dive into ports without even presenting any slightest trail of thought -- *why*. When in fact, you're proposing known inferior software management solution.

Would you please go get some multi-year feeling of using apt and distriution branch updates and not tracking ports regarding yet another breakage on your particular basesystem version?

See, I'm not even touching hardware compatibility, SMP, VM and storage layer. Make sure you think before suggesting FreeBSD on linux.com, there might be some trolls around who know both sides a bit.
[Modified by: Michael Shigorin on July 31, 2008 09:40 AM]

#

Re: "why not"

Posted by: Anonymous [ip: 204.249.77.1] on July 31, 2008 05:58 PM
please explain how using ports is a "known inferior software management solution"?. I dont see how installing the most current supported versions of programs from source code with patches included for FreeBSD is inferior. Especially since it makes it easier to keep said programs up to date using portmanager or portupgrade.

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 88.222.138.61] on July 31, 2008 11:25 AM
Is it just me, or setting phpMyAdmin with default auth_type ("config") is very insecure?
In config.inc.php you should change $cfg['Servers'][$i]['auth_type'] to "http" or "cookie" (try both to see the diference :)).
And installing AMP on FreeBSD should be called FAMP, not LAMP. :)

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 91.84.199.197] on July 31, 2008 11:56 AM
I think you'll find the L in LAMP stands for Linux. So this isn't a LAMP setup...

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 68.47.230.235] on July 31, 2008 02:00 PM
No joke! I can't believe that slipped through the editing on that one!

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 212.115.162.11] on July 31, 2008 12:21 PM
We use a freebsd vm for developing typo3 websites.
To get the job done we used the clear and concise FAMP install guide at http://caffetine.org/freebsd-amp.php

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 172.21.171.84] on July 31, 2008 12:58 PM
Is LAMP not for "Linux Apache MySQL PHP" ? So, your article should be on setting up a "FAMP" architecture...

That said, the concept is interesting

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 68.47.230.235] on July 31, 2008 02:02 PM
Or, one could refer to it as AMP and not worry about the OS? After all, why not focus on the software in question, and not the operating system. Do we call Oracle LOracle and SOracle or LApache and FApache due to OS? It's silly actually.

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 80.132.147.43] on July 31, 2008 01:03 PM

The one and really important question is:

HOW MANY OF THESE DUMB TUTORIALS DO WE NEED TODAY?

I mean: We have a wonderful FreeBSD Handbook for those who want to dive in FreeBSD.
We have already whole sites which are dedicated to How To's .
We have archives of Linux and OpenSource magazines full of these "shit".

WE JUST DO NOT NEED EVERY DAY A NEW TUTORIAL OF ALREADY TOUGHT THEMES.

It is frustrating. Really.

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 64.60.145.154] on July 31, 2008 10:34 PM
It's only frustrating if you take the time to read it, then find out it's what you already know. If you don't need the tutorial don't read it. If you read it knowing you don't need it then you have issues that extend beyond this website.

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 139.142.65.34] on August 21, 2008 06:28 PM
You guys are the same people that say you are promoting linux to the masses and people like me who have been running Windows Servers for years. Just because you know-it-all, doesn't mean there are potential new users out there.

LAMP is a know acronym. I typed in "LAMP bsd" in Google. Does that make me an idiot?

Kevin

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 75.182.109.34] on July 31, 2008 01:09 PM
FreeBSD rocks! I got a FreeBSD VPS from http://www.rootbsd.net (highly recommended; they have great prices and service) and have been loving every minute of it. The people who bash FreeBSD or say that it can't hold its own against Linux probably haven't used it enough to really know how simple and stable of an operating systems it is. It has great performance and the documentation (http://www.freebsd.org/doc/en/books/handbook/) can't be beat by any Linux distro out there. Give it a try ;)

#

FAPP - FAPP - FAPP

Posted by: Anonymous [ip: 84.251.129.228] on July 31, 2008 06:56 PM
FreeBSD Apache Postgresql Perl! Why? What did you think was going on?

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 88.220.124.206] on August 09, 2008 10:14 AM
You must be kidding. I used freebsd some time ago, but it was slow (search for DNS tests, only idiot would replace Linux with *bsd to make systens slower...). It's not more stable than Linux - I'm using Linux for years and it never crashed. That article should be posted on freebsd.com not here.

#

Why not use pkg_add?

Posted by: Anonymous [ip: 67.140.245.130] on July 31, 2008 08:25 PM
This would be a much faster meathod of installing apache.

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 69.169.154.199] on August 01, 2008 03:47 AM
lol, whoever said FreeBSD is inferior to Linux is funny. There are some incredible advantages to FreeBSD. With the release of 7.0 and the ULE scheduler, FreeBSD outperforms the latest Linux kernel by a fair margin. Both scale more-or-less linearly up to 8 processors (threads of execution if you will). I personally like hacking the FreeBSD kernel much more than the linux kernel - not that that has any weight to support my argument, it was just a thought I had.... The one main disadvantage to FreeBSD is a lack of some drivers. And a huge advantage (arguable of course) is the BSD license that it is released under. This promotes (profitable) business much more than the viral GPL. But I digress...

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 88.220.124.206] on August 09, 2008 10:37 AM
ULE is just piece of crap in comparision to CFS. Even Linux kernel 2.6.22 outperforms freebsd 7.0. Just find tests NOT at freebsd.com... I can't imagine how such an idiot can hack any kernel. But maybe such idiots hack freebsd kernel...

> And a huge advantage (arguable of course) is the BSD license that it is released under. This promotes (profitable) business much more than the viral GPL. But I digress...

XD bsd license is good for apple or ms. Nice trolling, really...

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 75.1.39.211] on August 01, 2008 05:20 AM
Regarding the detrimental remarks about software management on FreeBSD...
Prehaps Mr Shigorin should do little research before presenting misinformation.

FreeBSD 7 can use the ultra reliable ZFS filesystem from Sun. Although there is work being done to port ZFS to Linux, it ain't there yet.

Consider this two year old summary I cobbled together of Why Change from Linux to BSD ?

*******************************
Thursday, January 26, 2006

Why change from Linux to BSD?

Linux consists of operating system kernel code. The additional system level software required for a fully featured operating system such as device drivers, utilities, compilers, software build tools, and applications can vary and are bundled into distributions from various commercial and non profit groups. Each of these groups may, and often do, select differing versions of tools which sometimes result in important differences in behavior. Currently, there are approximately 132 of these distributions, each slightly different to significantly different.

The BSD operating system development more closely matches software engineering best practices which tend to result in textbook correct code. In general, BSD systems have a better reputation for reliability, mainly as a result of the more mature code base.
The top 15 web sites on the Internet with longest average uptime since last reboot all run BSD. The January 2006 report is available from Netcraft at: HYPERLINK "http://uptime.netcraft.com/up/today/top.avg.html" http://uptime.netcraft.com/up/today/top.avg.html

There are 3 major BSD distributions and a handful of minor variants. System behavior is consistent and predictable.

BSD distributions tend to be focused in their goals. FreeBSD is focused to performance and stability, OpenBSD to security, and NetBSD to portability. Apple chose BSD as the baseline for Mac OS X (although the kernel is based on Mach).

The BSD distributions use an excellent packaging system to update or install software.
The “all from one supplier” nature of BSD means that upgrades are much easier to handle than is frequently the case with Linux. BSD handles library version upgrades by providing compatibility modules for earlier library versions, so it is possible to run binaries which are several years old with no problems.

BSD can execute most Linux binaries, and some BSD implementations can also execute binaries from Solaris (SVR4), SunOS, and SCO Unix. Linux does not execute BSD binaries.

The BSD license is business friendly. Your source code can remain private.

Some people believe variants of BSD are the most secure operating systems in the world.
Visit HYPERLINK "http://www.mi2g.com/cgi/mi2g/frameset.php?pageid=http%3A//www.mi2g.com/cgi/mi2g/press/021104.php" http://www.mi2g.com/cgi/mi2g/frameset.php?pageid=http%3A//www.mi2g.com/cgi/mi2g/press/021104.php

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 65.116.131.6] on August 01, 2008 08:06 PM
"The top 15 web sites on the Internet with longest average uptime since last reboot all run BSD. The January 2006 report is available from Netcraft at: HYPERLINK "http://uptime.netcraft.com/up/today/top.avg.html" http://uptime.netcraft.com/up/today/top.avg.html""

Listen, I like FreeBSD, I use it and Linux for servers. It is a very nice system. But, I am tired of hearing this Netcraft argument. Linux distros and FreeBSD keep track of uptime differently; I believe Linux tends to reset after around 500 days whether it has been rebooted or not. (I'm not sure what the limit is for FreeBSD.)

I use both, and find that FreeBSD and a decent Linux distro like Debian are about equally stable.

#

Re: Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 88.220.124.206] on August 09, 2008 10:30 AM
Nice try bsd fanboy. Look here:
http://www.theregister.co.uk/security/security_report_windows_vs_linux/

Many myths about how *bsds are great and similiar bullshit in comparision to Linux are knocked down in above article (stability, etc.). Just stop advertising this cripple system here... That what you wrote just proved me that you haven't the foggiest idea about Linux.

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 68.238.173.94] on August 01, 2008 02:59 PM
A more in depth article (even though it is based on 6.2) can be found here: http://www.openaddict.com/node/33

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 147.65.7.31] on August 01, 2008 06:13 PM
Cool, FAMP!

#

Did the author ever test this howto out??

Posted by: Anonymous [ip: 70.47.9.66] on August 02, 2008 01:56 PM
http://httpd.apache.org/docs/2.0/vhosts/name-based.html

"Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol."

This is directly from Apache's docs. WTF?? I was using this guide as a quick overview of setting up SSL on my virtual hosts only to watch it error out continuously. I found a workaround doc here that I'm trying now:

http://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 74.79.69.127] on August 02, 2008 06:32 PM
Linux.com --- Common guys it's as easy as the ABCs or 123

http://www.freebsd-world.com/Tutorial.php?id=81

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 24.117.2.36] on August 05, 2008 05:48 AM
FAMP FAMP FAMP!

#

Setting up LAMP on FreeBSD

Posted by: Anonymous [ip: 76.97.43.232] on August 06, 2008 02:48 AM
Nice trolling there by the last poster.

This partisanship some of you have is killing open source software. How many people are going to want to leave the closed source world, and try to advance open source software if the people in the community are b*tching and arguing over the differences between two Unix-work-alike systems? Why not say this: if you are going to be setting up a server, or workstation that needs the most stable operating system available try something a little more traditional within the Unix world such as BSD or Solaris, but if you want to do some gaming and need an immense software repository, and a lot of varying hardware support go with Linux. Software needs vary from installation to installation, and the operating system that will be required will vary as well.

It is worth noting that many art schools in the US require their students to purchase and use Apple computers running OSX. In the business world, many people are hesitant to leave Microsoft products behind due to the need for Microsoft Office, and the integration a system running Office and Windows provides (in conjunction with other Microsoft products). In the server and research world, we find Linux and other Unix-like systems thriving. This often for reliability and scalability... as well as cost. Perhaps we need to quit eating one another alive, and focus on helping each other. What can Linux benefit from BSD, and BSD from Linux?

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya