FreeBSD 13.1 FAMP Installation

2022 07 04

Note: I am running all of the commands below as root. If you prefer you can install sudo and run the commands in that manner.

Update FreeBSD

To see what version of FreeBSD you are currently running

# freebsd-version


If the version is out of date run the following command

# freebsd-update fetch install
# pkg update
# pkg upgrade


If pkg update seems to be running very slow, try with the -4 flag. This forces an ipv4 connection. I have had some instances/systems not work well over ipv6.

Install Apache

Install Apache with pkg

# pkg install apache24


Enable Apache

# sysrc apache24_enable=yes


Launch Apache

# service apache24 start


Verify the launch with the following command

# service apache24 status


The output should indicate if Apache is running correctly

Tighten up ServerTokens

Run the following command

# vi /usr/local/etc/apache24/httpd.conf


Add the following

#ServerName www.example.com:80
ServerTokens Prod


Save and exit the file with :wq and ENTER

Setting the ServerTokens directive to Prod will make it only display that this is an Apache web server

Prevent directory listings

Run this command to directly access the line for editing

# vi /usr/local/etc/apache24/httpd.conf


Add the following

Options -Indexes +FollowSymLinks


Save and exit the file with :wq and ENTER

Restart Apache

apachectl restart


Disable TRACE

Edit the httpd.conf file with the following command and then press G to reach the end of the file

# vi /usr/local/etc/apache24/httpd.conf


Add the following at the end of the file

TraceEnable off


Save and exit the file with :wq and ENTER

Install MySQL

Install MySQL from the FreeBSD repository with pkg

# pkg install mysql80-client mysql80-server


Check the version installed on your drive with the following command

# mysql --version


Before you launch MySQL, you must enable it

# sysrc mysql_enable=yes


Enter the command below to fire up the database

# service mysql-server start


Verify the launch by issuing the command

# service mysql-server status


To reinforce the security measures on your database, you should enter the security script to remove some inconsistencies with MySQL and tighten the access to your system

# mysql_secure_installation


Set a password and answer the install questions. You can select the default on all questions by pressing the Enter key

Install PHP

Install php74 and additional packages

# pkg install php74 php74-mysqli php74-mbstring php74-zlib php74-curl php74-gd php74-json php74-composer php74-extensions php74-hash php74-session php74-pdo mod_php74


Show the currently installed version

# php --version


Copy the sample PHP configuration file

# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini


Enable PHP at boot time

# sysrc php_fpm_enable=yes
# service php-fpm start


To check if PHP is running

# service php-fpm status


If you test using the info.php script method, be sure to delete the file after you are done.

Configure Apache to load PHP modules

Edit the configuration file

# vi /usr/local/etc/apache24/modules.d/001_mod-php.conf


Add the following

<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>


Save and exit

# wq!


Test the Apache Configuration

# apachectl configtest


Restart Apache

# apachectl restart



PHP pages should run smoothly now

Setup phpMyAdmin

Install phpMyAdmin

pkg install wget
wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
tar xvf phpMyAdmin-latest-all-languages.tar.gz
rm -f phpMyAdmin-latest-all-languages.tar.gz


Move the directory

mv phpMyAdmin-*/ /usr/local/www/apache24/data/phpmyadmin



Copy config file

cd /usr/local/www/apache24/data/phpmyadmin/
cp config.sample.inc.php config.inc.php


Edit the file /usr/local/etc/php.ini and add

# vi /usr/local/etc/php.ini
extension=mysqli.so
extension=mbstring.so
extension=json.so
extension=session.so
mkdir /usr/local/www/apache24/data/phpmyadmin/tmp
chmod 777 /usr/local/www/apache24/data/phpmyadmin/tmp


Restart Apache

service apache24 restart


Login with your database username and password. If you encounter an error it probably means that your MySQL server is using caching_sha2_password mechanism for authentication.

To fix it, you will need to change the authentication method to mysql_native_password

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yoursuperstrongpassword';


Access phpMyAdmin

http://your-servers-IP/phpmyadmin


I like to use phpMyAdmin on my local development system but NOT on production world facing servers. Instead, export out the mysql database from phpmyadmin on the development system. Then upload to the production server and import via mysql on the command line.

Apache VirtualHosts

To configure Apache virtual hosts, first create a directory for each virtual host

# cd /usr/local/www/
# mkdir vhost1.com
# mkdir vhost2.com


Create an index file for each virtual host

# vi /usr/local/www/apache24/data/vhost1.com/index.html
First virtualhost
# vi /usr/local/www/apache24/data/vhost2.com/index.html
Second virtualhost


Edit the httpd.conf file

# vi /usr/local/etc/apache24/httpd.conf


Configure the httpd.conf file by adding the following lines

< Directory />
AllowOverride All
# Require all denied
Order Allow,Deny
Allow from All
< Directory />

#Virtual host configuration
< VirtualHost *:80 />
ServerAdmin webmaster@vhost1.com
DocumentRoot " /usr/local/www/apache24/data/vhost1.com/"
ServerName vhost1.com
< /VirtualHost/>

< VirtualHost *:80/>
ServerAdmin webmaster@vhost2.com
DocumentRoot " /usr/local/www/apache24/data/vhost2.com/"
ServerName vhost2.com
< /VirtualHost/>


After making the changes to the configuration file, add the virtual host domain name to the host file. Replacing xxx.xxx.xxx.xxx with the IP address of your server.

# vi /etc/hosts
# xxx.xxx.xxx.xxx vhost1.com
# xxx.xxx.xxx.xxx vhost2.com


Restart the Apache service

# service apache24 restart


After restarting apache, open a web browser and enter the virtual host domain name. The browser will display your index.html file if you have configured the virtual hosts correctly.

HTTPS with LetsEncrypt

Install the Certbot Tool

# pkg install py37-certbot py37-certbot-apache


Enabling SSL/TLS connections in Apache

By default Apache will be serving web pages on port 80 HTTP. In order to allow HTTPS connections, we need the default port to be 443. To add port 443, enable the mod_ssl module in Apache.

To find the module in httpd.conf

# grep -n 'mod_ssl.so' /usr/local/etc/apache24/httpd.conf


To enable the module, you’ll remove the hashtag symbol at the beginning of the line

# vi /usr/local/etc/apache24/httpd.conf


This will take you directly to the correct line for editing

Edit the line to look like the following by pressing x

#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
#LoadModule dialup_module libexec/apache24/mod_dialup.so


Save & close the file

Enabling and Configuring Virtual Hosts

Edit the file and remove # from the beginning of that line

# vi /usr/local/etc/apache24/httpd.conf


hit x to delete # from the beginning of the line to look like the following

# Virtual hosts
Include etc/apache24/extra/httpd-vhosts.conf


Save and quit the file

You’ll now add a virtual host block to the httpd-vhosts.conf file. Edit and remove the two existing VirtualHost blocks, after the comments block at line 23

# vi /usr/local/etc/apache24/extra/httpd-vhosts.conf


After opening the file remove the two existing VirtualHost configuration blocks, then add the following block with this specific configuration


ServerAdmin webmaster@vhost1.com
DocumentRoot "/usr/local/www/apache24/data/vhost1.com"
ServerName vhost1.com
ServerAlias www.vhost1.com
ErrorLog "/var/log/vhost1.com-error_log"
CustomLog "/var/log/vhost1.com-access_log" common


Enabling the Rewrite Module

Enabling the rewrite module within Apache HTTP is necessary to make URLs change from HTTP to HTTPS.

To enable the module you will now remove # from the beginning of the line

# vi /usr/local/etc/apache24/httpd.conf
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule speling_module libexec/apache24/mod_speling.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule php7_module libexec/apache24/libphp7.so


Save and exit

Obtaining a Let’s Encrypt Certificate

Run the following certbot command

# certbot --apache -d vhost1.com -d www.vhost1.com


If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command, tagging each new domain or subdomain with the -d flag. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate. For this reason, pass the base domain name first, followed by any additional subdomains or aliases.

If this is your first time running certbot on this server, the client will prompt you to enter an email address and agree to the Let’s Encrypt terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.

Configuring Automatic Certificate Renewal

Edit the crontab to create a new job that will run the renewal twice per day. To edit the crontab for the root user, run

# crontab -e


Place the following configuration in the file so the system will look for renewable certificates and will renew them if they need to

# minute hour mday month wday command
0 12 * * * /usr/local/bin/certbot renew



There will be future addtions & edits to this article with further FAMP related items.