FreeBSD 13.1 FAMP Installation
2022 07 04
Note: I am running all of the commands below as root. If you prefer you can install sudo and run the commands in that manner.
Update FreeBSD
To see what version of FreeBSD you are currently running
# freebsd-version
If the version is out of date run the following command
# freebsd-update fetch install
# pkg update
# pkg upgrade
If pkg update seems to be running very slow, try with the -4 flag. This forces an ipv4 connection. I have had some instances/systems not work well over ipv6.
Install Apache
Install Apache with pkg
# pkg install apache24
Enable Apache
# sysrc apache24_enable=yes
Launch Apache
# service apache24 start
Verify the launch with the following command
# service apache24 status
The output should indicate if Apache is running correctly
Tighten up ServerTokens
Run the following command
# vi /usr/local/etc/apache24/httpd.conf
Add the following
#ServerName www.example.com:80
ServerTokens Prod
Save and exit the file with :wq and ENTER
Setting the ServerTokens directive to Prod will make it only display that this is an Apache web server
Prevent directory listings
Run this command to directly access the line for editing
# vi /usr/local/etc/apache24/httpd.conf
Add the following
Options -Indexes +FollowSymLinks
Save and exit the file with :wq and ENTER
Restart Apache
apachectl restart
Disable TRACE
Edit the httpd.conf file with the following command and then press G to reach the end of the file
# vi /usr/local/etc/apache24/httpd.conf
Add the following at the end of the file
TraceEnable off
Save and exit the file with :wq and ENTER
Install MySQL
Install MySQL from the FreeBSD repository with pkg
# pkg install mysql80-client mysql80-server
Check the version installed on your drive with the following command
# mysql --version
Before you launch MySQL, you must enable it
# sysrc mysql_enable=yes
Enter the command below to fire up the database
# service mysql-server start
Verify the launch by issuing the command
# service mysql-server status
To reinforce the security measures on your database, you should enter the security script to remove some inconsistencies with MySQL and tighten the access to your system
# mysql_secure_installation
Set a password and answer the install questions. You can select the default on all questions by pressing the Enter key
Install PHP
Install php74 and additional packages
# pkg install php74 php74-mysqli php74-mbstring php74-zlib php74-curl php74-gd php74-json php74-composer php74-extensions php74-hash php74-session php74-pdo mod_php74
Show the currently installed version
# php --version
Copy the sample PHP configuration file
# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
Enable PHP at boot time
# sysrc php_fpm_enable=yes
# service php-fpm start
To check if PHP is running
# service php-fpm status
If you test using the info.php script method, be sure to delete the file after you are done.
Configure Apache to load PHP modules
Edit the configuration file
# vi /usr/local/etc/apache24/modules.d/001_mod-php.conf
Add the following
<IfModule dir_module> DirectoryIndex index.php index.html <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> </IfModule>
Save and exit
# wq!
Test the Apache Configuration
# apachectl configtest
Restart Apache
# apachectl restart
PHP pages should run smoothly now
Setup phpMyAdmin
Install phpMyAdmin
pkg install wget
wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
tar xvf phpMyAdmin-latest-all-languages.tar.gz
rm -f phpMyAdmin-latest-all-languages.tar.gz
Move the directory
mv phpMyAdmin-*/ /usr/local/www/apache24/data/phpmyadmin
Copy config file
cd /usr/local/www/apache24/data/phpmyadmin/
cp config.sample.inc.php config.inc.php
Edit the file /usr/local/etc/php.ini and add
# vi /usr/local/etc/php.ini
extension=mysqli.so
extension=mbstring.so
extension=json.so
extension=session.so
mkdir /usr/local/www/apache24/data/phpmyadmin/tmp
chmod 777 /usr/local/www/apache24/data/phpmyadmin/tmp
Restart Apache
service apache24 restart
Login with your database username and password. If you encounter an error it probably means that your MySQL server is using caching_sha2_password mechanism for authentication.
To fix it, you will need to change the authentication method to mysql_native_password
Access phpMyAdmin
http://your-servers-IP/phpmyadmin
I like to use phpMyAdmin on my local development system but NOT on production world facing servers. Instead, export out the mysql database from phpmyadmin on the development system. Then upload to the production server and import via mysql on the command line.
Apache VirtualHosts
To configure Apache virtual hosts, first create a directory for each virtual host
# cd /usr/local/www/
# mkdir vhost1.com
# mkdir vhost2.com
Create an index file for each virtual host
# vi /usr/local/www/apache24/data/vhost1.com/index.html
First virtualhost
# vi /usr/local/www/apache24/data/vhost2.com/index.html
Second virtualhost
Edit the httpd.conf file
# vi /usr/local/etc/apache24/httpd.conf
Configure the httpd.conf file by adding the following lines
< Directory />
AllowOverride All
# Require all denied
Order Allow,Deny
Allow from All
< Directory />
#Virtual host configuration
< VirtualHost *:80 />
ServerAdmin webmaster@vhost1.com
DocumentRoot " /usr/local/www/apache24/data/vhost1.com/"
ServerName vhost1.com
< /VirtualHost/>
< VirtualHost *:80/>
ServerAdmin webmaster@vhost2.com
DocumentRoot " /usr/local/www/apache24/data/vhost2.com/"
ServerName vhost2.com
< /VirtualHost/>
After making the changes to the configuration file, add the virtual host domain name to the host file. Replacing xxx.xxx.xxx.xxx with the IP address of your server.
# vi /etc/hosts
# xxx.xxx.xxx.xxx vhost1.com
# xxx.xxx.xxx.xxx vhost2.com
Restart the Apache service
# service apache24 restart
After restarting apache, open a web browser and enter the virtual host domain name. The browser will display your index.html file if you have configured the virtual hosts correctly.
HTTPS with LetsEncrypt
Install the Certbot Tool
# pkg install py37-certbot py37-certbot-apache
Enabling SSL/TLS connections in Apache
By default Apache will be serving web pages on port 80 HTTP. In order to allow HTTPS connections, we need the default port to be 443. To add port 443, enable the mod_ssl module in Apache.
To find the module in httpd.conf
# grep -n 'mod_ssl.so' /usr/local/etc/apache24/httpd.conf
To enable the module, you’ll remove the hashtag symbol at the beginning of the line
# vi /usr/local/etc/apache24/httpd.conf
This will take you directly to the correct line for editing
Edit the line to look like the following by pressing x
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
#LoadModule dialup_module libexec/apache24/mod_dialup.so
Save & close the file
Enabling and Configuring Virtual Hosts
Edit the file and remove # from the beginning of that line
# vi /usr/local/etc/apache24/httpd.conf
hit x to delete # from the beginning of the line to look like the following
# Virtual hosts
Include etc/apache24/extra/httpd-vhosts.conf
Save and quit the file
You’ll now add a virtual host block to the httpd-vhosts.conf file. Edit and remove the two existing VirtualHost blocks, after the comments block at line 23
# vi /usr/local/etc/apache24/extra/httpd-vhosts.conf
After opening the file remove the two existing VirtualHost configuration blocks, then add the following block with this specific configuration
ServerAdmin webmaster@vhost1.com
DocumentRoot "/usr/local/www/apache24/data/vhost1.com"
ServerName vhost1.com
ServerAlias www.vhost1.com
ErrorLog "/var/log/vhost1.com-error_log"
CustomLog "/var/log/vhost1.com-access_log" common
Enabling the Rewrite Module
Enabling the rewrite module within Apache HTTP is necessary to make URLs change from HTTP to HTTPS.
To enable the module you will now remove # from the beginning of the line
# vi /usr/local/etc/apache24/httpd.conf
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule speling_module libexec/apache24/mod_speling.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule php7_module libexec/apache24/libphp7.so
Save and exit
Obtaining a Let’s Encrypt Certificate
Run the following certbot command
# certbot --apache -d vhost1.com -d www.vhost1.com
If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command, tagging each new domain or subdomain with the -d flag. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate. For this reason, pass the base domain name first, followed by any additional subdomains or aliases.
If this is your first time running certbot on this server, the client will prompt you to enter an email address and agree to the Let’s Encrypt terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.
Configuring Automatic Certificate Renewal
Edit the crontab to create a new job that will run the renewal twice per day. To edit the crontab for the root user, run
# crontab -e
Place the following configuration in the file so the system will look for renewable certificates and will renew them if they need to
# minute hour mday month wday command
0 12 * * * /usr/local/bin/certbot renew
There will be future addtions & edits to this article with further FAMP related items.