FreeBSD 13.1 FAMP Installation

2022 07 04

Note: I am running all of the commands below as root. If you prefer you can install sudo and run the commands in that manner.

Update FreeBSD

To see what version of FreeBSD you are currently running

# freebsd-version

If the version is out of date run the following command

# freebsd-update fetch install
# pkg update
# pkg upgrade

If pkg update seems to be running very slow, try with the -4 flag. This forces an ipv4 connection. I have had some instances/systems not work well over ipv6.

Install Apache

Install Apache with pkg

# pkg install apache24

Enable Apache

# sysrc apache24_enable=yes

Launch Apache

# service apache24 start

Verify the launch with the following command

# service apache24 status

The output should indicate if Apache is running correctly

Tighten up ServerTokens

Run the following command

# vi /usr/local/etc/apache24/httpd.conf

Add the following

ServerTokens Prod

Save and exit the file with :wq and ENTER

Setting the ServerTokens directive to Prod will make it only display that this is an Apache web server

Prevent directory listings

Run this command to directly access the line for editing

# vi /usr/local/etc/apache24/httpd.conf

Add the following

Options -Indexes +FollowSymLinks

Save and exit the file with :wq and ENTER

Restart Apache

apachectl restart

Disable TRACE

Edit the httpd.conf file with the following command and then press G to reach the end of the file

# vi /usr/local/etc/apache24/httpd.conf

Add the following at the end of the file

TraceEnable off

Save and exit the file with :wq and ENTER

Install MySQL

Install MySQL from the FreeBSD repository with pkg

# pkg install mysql80-client mysql80-server

Check the version installed on your drive with the following command

# mysql --version

Before you launch MySQL, you must enable it

# sysrc mysql_enable=yes

Enter the command below to fire up the database

# service mysql-server start

Verify the launch by issuing the command

# service mysql-server status

To reinforce the security measures on your database, you should enter the security script to remove some inconsistencies with MySQL and tighten the access to your system

# mysql_secure_installation

Set a password and answer the install questions. You can select the default on all questions by pressing the Enter key

Install PHP

Install php74 and additional packages

# pkg install php74 php74-mysqli php74-mbstring php74-zlib php74-curl php74-gd php74-json php74-composer php74-extensions php74-hash php74-session php74-pdo mod_php74

Show the currently installed version

# php --version

Copy the sample PHP configuration file

# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

Enable PHP at boot time

# sysrc php_fpm_enable=yes
# service php-fpm start

To check if PHP is running

# service php-fpm status

If you test using the info.php script method, be sure to delete the file after you are done.

Configure Apache to load PHP modules

Edit the configuration file

# vi /usr/local/etc/apache24/modules.d/001_mod-php.conf

Add the following

<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source

Save and exit

# wq!

Test the Apache Configuration

# apachectl configtest

Restart Apache

# apachectl restart

PHP pages should run smoothly now

Setup phpMyAdmin

Install phpMyAdmin

pkg install wget
tar xvf phpMyAdmin-latest-all-languages.tar.gz
rm -f phpMyAdmin-latest-all-languages.tar.gz

Move the directory

mv phpMyAdmin-*/ /usr/local/www/apache24/data/phpmyadmin

Copy config file

cd /usr/local/www/apache24/data/phpmyadmin/

Edit the file /usr/local/etc/php.ini and add

# vi /usr/local/etc/php.ini

mkdir /usr/local/www/apache24/data/phpmyadmin/tmp
chmod 777 /usr/local/www/apache24/data/phpmyadmin/tmp

Restart Apache

service apache24 restart

Login with your database username and password. If you encounter an error it probably means that your MySQL server is using caching_sha2_password mechanism for authentication.

To fix it, you will need to change the authentication method to mysql_native_password

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yoursuperstrongpassword';

Access phpMyAdmin


I like to use phpMyAdmin on my local development system but NOT on production world facing servers. Instead, export out the mysql database from phpmyadmin on the development system. Then upload to the production server and import via mysql on the command line.

Apache VirtualHosts

To configure Apache virtual hosts, first create a directory for each virtual host

# cd /usr/local/www/
# mkdir
# mkdir

Create an index file for each virtual host

# vi /usr/local/www/apache24/data/
First virtualhost

# vi /usr/local/www/apache24/data/
Second virtualhost

Edit the httpd.conf file

# vi /usr/local/etc/apache24/httpd.conf

Configure the httpd.conf file by adding the following lines

< Directory />
AllowOverride All
# Require all denied
Order Allow,Deny
Allow from All
< Directory />

#Virtual host configuration
< VirtualHost *:80 />
DocumentRoot " /usr/local/www/apache24/data/"
< /VirtualHost/>

< VirtualHost *:80/>
DocumentRoot " /usr/local/www/apache24/data/"
< /VirtualHost/>

After making the changes to the configuration file, add the virtual host domain name to the host file. Replacing with the IP address of your server.

# vi /etc/hosts

Restart the Apache service

# service apache24 restart

After restarting apache, open a web browser and enter the virtual host domain name. The browser will display your index.html file if you have configured the virtual hosts correctly.

HTTPS with LetsEncrypt

Install the Certbot Tool

# pkg install py37-certbot py37-certbot-apache

Enabling SSL/TLS connections in Apache

By default Apache will be serving web pages on port 80 HTTP. In order to allow HTTPS connections, we need the default port to be 443. To add port 443, enable the mod_ssl module in Apache.

To find the module in httpd.conf

# grep -n '' /usr/local/etc/apache24/httpd.conf

To enable the module, you’ll remove the hashtag symbol at the beginning of the line

# vi /usr/local/etc/apache24/httpd.conf

This will take you directly to the correct line for editing

Edit the line to look like the following by pressing x

#LoadModule slotmem_plain_module libexec/apache24/
LoadModule ssl_module libexec/apache24/
#LoadModule dialup_module libexec/apache24/

Save & close the file

Enabling and Configuring Virtual Hosts

Edit the file and remove # from the beginning of that line

# vi /usr/local/etc/apache24/httpd.conf

hit x to delete # from the beginning of the line to look like the following

# Virtual hosts
Include etc/apache24/extra/httpd-vhosts.conf

Save and quit the file

You’ll now add a virtual host block to the httpd-vhosts.conf file. Edit and remove the two existing VirtualHost blocks, after the comments block at line 23

# vi /usr/local/etc/apache24/extra/httpd-vhosts.conf

After opening the file remove the two existing VirtualHost configuration blocks, then add the following block with this specific configuration

DocumentRoot "/usr/local/www/apache24/data/"
ErrorLog "/var/log/"
CustomLog "/var/log/" common

Enabling the Rewrite Module

Enabling the rewrite module within Apache HTTP is necessary to make URLs change from HTTP to HTTPS.

To enable the module you will now remove # from the beginning of the line

# vi /usr/local/etc/apache24/httpd.conf
#LoadModule actions_module libexec/apache24/
#LoadModule speling_module libexec/apache24/
#LoadModule userdir_module libexec/apache24/
LoadModule alias_module libexec/apache24/
LoadModule rewrite_module libexec/apache24/
LoadModule php7_module libexec/apache24/

Save and exit

Obtaining a Let’s Encrypt Certificate

Run the following certbot command

# certbot --apache -d -d

If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command, tagging each new domain or subdomain with the -d flag. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate. For this reason, pass the base domain name first, followed by any additional subdomains or aliases.

If this is your first time running certbot on this server, the client will prompt you to enter an email address and agree to the Let’s Encrypt terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.

Configuring Automatic Certificate Renewal

Edit the crontab to create a new job that will run the renewal twice per day. To edit the crontab for the root user, run

# crontab -e

Place the following configuration in the file so the system will look for renewable certificates and will renew them if they need to

# minute hour mday month wday command
0 12 * * * /usr/local/bin/certbot renew

There will be future addtions & edits to this article with further FAMP related items.