How to configure dotProject 2.1.2 to authenticate using Active Directory's LDAP?

November 25, 2009, 12:40 am by Rhyous

So previously I released the following post:
How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

Now I am following up as promised with how to integrate this with Active Directory and AD’s LDAP. You need to know your LDAP Active Directory info. If you don’t, you need to get it. Or else maybe your domain is generic enough that looking at my examples will get you there.

  1. Log in to dotProject.
  2. Click on System Admin | Default User Preferences.

    We will make changes to the following sections:

    • User Authentication Settings
    • LDAP Settings

    These section are show in this screen shot. After this screen shot instructions on configuring these sections are provided.

  3. Scroll to the section called User Authentication Settings.
  4. Change the User Authentication Method setting to LDAP.
  5. Configure the LDAP Settings section.
    1. For LDAP Host, Enter the IP address of your Active Directory server.
    2. Do not change the LDAP Port or LDAP Version settings.
    3. On a default Active Directory installation, set the LDAP Base DN to the following:
      CN=Users,DC=YourDomain,DC=tld

      For example, the lab I am demoing this with is LD.Lab so it would be this:

      CN=Users,DC=ld,DC=lab
    4. For LDAP User Filter enter the following:
      (sAMAccountName=%USERNAME%)
    5. For the LDAP Search User, enter a domain user:
      CN=John Doe,CN=Users,DC=ld,DC=lab

      SUGGESTION: Create a service account on the domain with a really intense password and almost no rights, except of course the right to search LDAP so it can be an LDAP Search User.

    6. Obviously for the LDAP Search User Password, enter the password for the LDAP Search User.

      IMPORTANT! You must update this password here when the user’s changes in Active Directory (sorry for the “No duh” moment but it had to be said).

  6. Scroll down and on the bottom right of the Default User Preferences page, click Save.

Go ahead and try to login as a Domain User.

Note On Changing Permissions
Domain Users may appear to get the Administrator role, but this is not really the case. They only get the Anonymous role when they first login. See my forum post here:
How to make an LDAP user an administrator?

Also, it appears that if you want all users who login to get more permissions, then edit the Anonymous role or modify every user individually. (Yeah, so the project needs some features in this area…maybe you want to become a contributor and develop it yourself?)

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Tags: , ,
Category: FreeBSD  |  21 Comments

How to add color to your SSH sessions in FreeBSD so files of different types have different colors when using ls?

November 24, 2009, 5:33 pm by Rhyous

Hey this was really easy. Really, it is just a matter of aliasing your ls commands. However, it is only really easy if you know how to do it. When you forget, it is annoying. So here is another post to store the info I once knew but forgot and had to learn again.

Using sh, the default shell

  1. Edit your .shrc file in your home folder:
    # ee /usr/home/username/.shrc
  2. Add/Change the alias commands as follows:
    alias ls=’ls -G’
    alias ll=’ls -laFoG’
    alias l=’ls -lG’

    The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Logout and login and your shell should have colors when you use ls.

Using bash

  1. Edit your .shrc file in your home folder:
    # ee /usr/home/username/.shrc
  2. Add/Change the alias commands as follows:
    alias ls=’ls -G’
    alias ll=’ls -laFoG’
    alias l=’ls -lG’

    The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Copy the .profile file to .bash_profile.
    # cp /usr/home/username/.profile /usr/home/username/.bash_profile
  5. Edit the .bash_profile and add the following:
    # Source the .shrc
    source .shrc
  6. Logout and login and your bash shell should have colors when you use ls.

Using csh, the default shell for root

  1. As root, edit your .cshrc file in either your home folder or in the home folder for root:

    Your home folder:

    # ee /usr/home/username/.cshrc

    Home folder for root:

    # ee /root/.cshrc
  2. Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
    alias ls ls -G
    alias la ls -aG
    alias lf ls -FAG
    alias ll ls -lAG

    The first one I added, the others I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Logout and login and your shell should have colors when you use ls.

bash and sh for all users

  1. Edit your .shrc file in your home folder:
    # ee /usr/home/username/.shrc
  2. Add/Change the alias commands as follows:
    alias ls=’ls -G’
    alias ll=’ls -laFoG’
    alias l=’ls -lG’

    The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Cat this file to /etc/profile.
    # cat /usr/home/username/.shrc > /etc/profile
  5. Logout and login and your shell should have colors when you use ls.

csh for all users

  1. As root, edit your .cshrc file in either your home folder or in the home folder for root:

    Your home folder:

    # ee /usr/home/username/.cshrc

    Home folder for root:

    # ee /root/.cshrc
  2. Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
    alias ls ls -G
    alias la ls -aG
    alias lf ls -FAG
    alias ll ls -lAG

    The first one I added, the others I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Cat this file to /etc/csh.cshrc.
    # cat /usr/home/username/.cshrc > /etc/csh.cshrc
  5. Logout and login and your shell should have colors when you use ls.

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Tags: , , ,
Category: FreeBSD  |  Comment

How to remove the ^M characters in a file on FreeBSD?

November 24, 2009, 9:25 am by Rhyous

How to remove the ^M characters in a file on FreeBSD?

This is simple:

There are multiple ways to do it. One is actually included in the FreeBSD-tips file:

tr -d \\r < file > newfile
— Originally by Dru

So if you installed the “games” distribution, you get tips every time you log in. And once in a while the above tip will show up.

I had never used that one however, I had always used this one (which I modified) that I found here: http://sed.sourceforge.net/sed1line.txt

sed -i.bak ‘s/^M$//’ filename # in bash/tcsh, press Ctrl-V then Ctrl-M

However, this one works with the sh, tcsh and bash but not with the csh shell.

This one worked on csh but I am not sure if it is recommended as it assumes every line ends with ^M.

sed -i.bak ‘s/.$//’ filename # assumes that all lines end with CR/LF

Anyway, I like how FreeBSD supports the -i parameter. Because if I am doing lots of files, I can have a script that does each file in a directory and then (of course I have a back up just in case) I can run sed -i.bak ‘s/.$//’ filename on each file and then do delete all .bak files so every file “appears to be” edited in place.

Tags: ,
Category: FreeBSD  |  2 Comments

How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

November 22, 2009, 10:00 pm by Rhyous

How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

The basic overview.

  1. Install FreeBSD.
    How do I install FreeBSD?
  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD
  3. Then install Apache + SSL.
    Installing an Apache + SSL on FreeBSD using the ports tree
  4. Then install MySQL.
    How to install MySQL on FreeBSD 7.2 or on Red Hat 5.4?
  5. Configure MySQL to be Unicode.
    How to create a UTF-8 Unicode Database on MySQL and make UTF-8 Unicode the default?Note:
  6. Secure MySQL. I don’t have a post on this, but you can follow these MySQL pages.
    Securing the Initial MySQL Accounts
    General Security Guidelines

    Note: If you know what you are doing, you can go with any database that dotProject supports, such as Postgresql.

  7. Install PHP5and PHP5-Extensions and make sure to include the MySQL extensions and the LDAP extension.

    8. How to install PHP5 and PHP5 Extensions on FreeBSD?

  8. Then install DotProject

I have previous documents about installing each of the steps above installing dotProject. Once you have gone though the above documents, you will be ready for this document. This document will only cover dotProject.

Installing dotProject 2.1.2 from Ports

  1. Install dotProject from ports using one of the following commands (I use the first one when doing virtual hosts and the second one when just using sub directories of the web root).
    #
    #    		 cd /usr/ports/www/dotproject
    make install

    Note: If you Apache directory is /usr/local/www/apache22/data you may want to use this make command:

    #
    #    		 cd /usr/ports/www/dotproject
    make DOTPROJECTDIR=/usr/local/www/apache22/data/dotproject install

  2. Create a database in MySQL for dotProject. Name it whatever you want. For this example, I am going to name the database dotProjDB. If you have read the articles about MySQL that I referenced above, you should know how to log into to MySQL, but just in case you forgot, I will show you again.There are lots of ways to create a database in MySQL, and I am going to give you one example using the shell and the MySQL client.
    # mysql -u root -p

    Enter your password and you should be taken to a mysql prompt.

    mysql> create database dotprojdb

    Yes it is that simple. And at the same time no it is not that simple. There is a lot more to know such as where to put the database files and how fast of drives you need, whether you need faster read speed or faster write speed or both, but this will suffice for now.

  3. Create a mysql user account for this database. We don’t want to user the root account.
    See this page in the MySQL documentation for more information on this: Adding User Accounts

    mysql> CREATE USER ‘dpuser’@’localhost’ IDENTIFIED BY ‘P@sswd!’;
    Query OK, 0 rows affected (0.01 sec)
    mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON dotprojdb.* TO ‘dpuser’@’localhost’;
    Query OK, 0 rows affected (0.01 sec)

  4. Now open a web browser to your server’s site: http://yourserver/dotprojectYou will see the following page.

    No need to do anything on this page because it should redirect you after 5 second to a dotProject configuration web page.

    Now some of the items in red need to be taken care of. Not all of them, just some of them.

    The first group of items are “Requirements” and anything not with a pretty green check mark under the “Requirements” section needs to be fixed.

    However, under the “Database Connectors” section, there are lots of red Xs. We don’t need to fix these. We just need one database, so as long as the database you want to use (in this example it’s MySQL) has a pretty green check mark, you don’t need to do add more “Database Connectors”.

  5. Fix the first error: Session Save Path writable? X Fatal: session.save_path is not setTo do this, follow these steps:
    1. Change to the directory that contains the php.ini file. On FreeBSD that directory is here: /usr/local/etc
      # cd /usr/local/etc

    2. Now by default the PHP5 port on FreeBSD doesn’t install a php.ini file, but instead provides two example php.ini files: php.ini-recommended and php.ini-dist. So copy one of them to php.ini.
      # cp php.ini-recommended php.ini

    3. Edit the php.ini file and remove the comment from this line:
      ;session.save_path = “/tmp”

      I use ee which is the command to open Easy Editor. But you can use vi or whatever.

    4. Save the file and exit.
  6. The other issue is this one: Session AutoStart = ON? X Failed Try setting to ON if you are experiencing a WhiteScreenOfDeathOk. So this issue is fixed is in that same php.ini file. So repeat the steps only this time we don’t remove a comment, we change a setting from 0 to 1. Find the following line and change it from 0 to 1, as shown.
    session.auto_start = 1
  7. Restart apache. This is required and must be done before these settings will take effect.
    # /usr/local/etc/rc.d/apache22 restart

  8. Now you are ready to click the “Start Installation” button. So go ahead and click it. The following page should appear.
  9. Enter the details as shown in the page. Hopefully you have your own database user and password to use.
  10. Should you click the “User persistent connection?” option? Well, read this. http://www.php.net/manual/en/features.persistent-connections.phpI am not going to check it.
  11. Click “Install db and write config”. It should succeed and you should see this new page.
  12. Now go back to the dotproject home page: http://yourserver/dotprojectLogin with the default user name and password and you are ready to go.

    UPDATE:
    Check out my new update to this:
    How to configure dotProject 2.1.2 to authenticate using Active Directory’s LDAP?

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Tags: , , , ,
Category: FreeBSD  |  20 Comments

How to create a Calendar in QlikView 9?

November 20, 2009, 3:35 pm by Rhyous

How to create a Calendar in QlikView 9?

UPDATE: Check out my new calendar here: http://rhyous.com/2009/11/30/my-new-and-improved-calendar-in-qlikview/

Ok, so the fact that I cannot just have one line in a Load Script is a negative for QlikView. In a perfect world, I would have one line that would give me a bunch of possible values I could use for a dimension, such as CalendarDay, CalendarWeek, CalendarMonth, CalendarQuarter, CalendarYear, etc… It would be one line like this:

Calendar(StartDate, EndDate);

Alas…it is not a perfect world, so this feature doesn’t exist in QlikView. (Enhancement Request please!!!!)

So there is a Wiki on how to do it. Here is the link.
http://community.qlikview.com/wikis/qlikview-wiki/how-to-create-a-calendar.aspx

However, the problem is that this didn’t work.

So after some research I remember that internet search engines exist and I don’t have to just search QlikView’s site and documentation. I did a google search for this string:
qlikview how to create a calendar

The script didn’t fail to load…yeah…wait…there is not data in my report that has to do with a Calendar.

This sucks. Why can’t I just create a new Calendar. This is common problem with some software companies. There is a “key features” that can be done, but with great difficulty. However, because it can be done, they don’t spend any more development time on it.

Anyway, I added a post in the QlikView Forum and watched the QlikView free training Video for developers (especially module 8).

Here is the result:

LET vDateMin = Num(MakeDate(2000,1,1));
LET vDateMax = Floor(YearEnd(AddMonths(Today(), 12)));
LET vDateToday = Num(Today());

TempCalendar:
LOAD
$(vDateMin) + RowNo() – 1 AS DateNumber,
Date($(vDateMin) + RowNo() – 1) AS TempDate
AUTOGENERATE 1
WHILE $(vDateMin)+IterNo()-1<= $(vDateMax); MasterCalendar: LOAD TempDate AS CalendarDate, Day(TempDate) AS CalendarDay, WeekDay(TempDate) AS CalendarWeekDay, Week(TempDate) AS CalendarWeek, Month(TempDate) AS CalendarMonth, Year(TempDate) AS CalendarYear, 'Q' & Ceil(Month(TempDate)/3) AS CalendarQuarter, WeekDay(TempDate) & '-' & Year(TempDate) AS CalendarWeekAndYear, Month(TempDate) & '-' & Year(TempDate) AS CalendarMonthAndYear RESIDENT TempCalendar ORDER BY TempDate ASC; DROP TABLE TempCalendar; LET vDateMin = Num(MakeDate(2000,1,1)); LET vDateMax = Floor(YearEnd(AddMonths(Today(), 12))); LET vDateToday = Num(Today()); [/sourcecode] Now when your script loads, you can right click and choose New Sheet Object, Slider/Calendar Object. Choose Calender, not Slider and base it off of the CalendarDate field. Also on the Sort tab, use the Numeric Value to change the sort to Descending.

Tags:
Category: QlikView, Reporting  |  9 Comments

How to create a directory in C++ in Windows?

November 18, 2009, 10:23 am by Rhyous

How to create a directory in C++?

Ok, so this is another task that should be simple but isn’t. Come on C++ Standards people. C++ has been out for decades and you haven’t figured out how to get all Operating Systems to conform to a single piece of code to make a directory? Write an standard and release it.

This document is for Windows, I will talk about FreeBSD some time later.

If wxWidgets can do it with the filefn.h, why can’t the standard C++ Library?

Supposedly Boost can do it also but the standards people are taking their sweet time getting Boost in.

So here is how it can be done. The headers names are the project types I chose in Visual Studio 2008.

Windows Empty Project

Create a main.cpp and put the following in it.

#include <iostream>
#include <string>
#include <direct.h>
#include <sys/stat.h>

using namespace std;

int main ()
{
	string directoryName = "c:\\programdata\\MyApp";

	struct stat st;
	if (stat(directoryName.c_str(), &st) == 0)
	{
		cout << "The directory exists." << endl;
	}
	else
	{
		int mkdirResult = _mkdir(directoryName.c_str());
		if (mkdirResult == 0)
		{
			cout << "The directory is created." << endl;
		}
		else
		{
			cout << "The directory creation failed with error: " + mkdirResult << endl;
		}
	}
}
&#91;/sourcecode&#93;

<strong>Windows CLR Console Application</strong>

[sourcecode language="cpp"]
#include "stdafx.h"

using namespace System;
using namespace System::IO;
int main()
{

   String^ directoryName = "C:\\ProgramData\\MyApp";
   if ( Directory::Exists( directoryName ) )
   {
	   Console::WriteLine( "The directory exists.");
       return 0;
   }
   else
   {
	   try
	   {
		  DirectoryInfo^ directoryInfo = Directory::CreateDirectory(directoryName);
	   }
	   catch ( Exception^ e )
	   {
		   Console::WriteLine(e->ToString());
	   }
   }
}
Category: Development  |  1 Comment

Where is telnet in Windows 7? Or Windows 7 is missing telnet.exe

November 15, 2009, 4:56 pm by Rhyous

So I opened a command prompt to test that a port is open using the standard practive test:

telnet ipaddress port

For example, I was checking if RDP was open to an address:

C:\Users\jbarneck> telnet 10.1.1.1 3389

However, Windows 7 just complained.

‘telnet’ is not recognized as an internal or external command,
operable program or batch file.

So where is telnet in windows 7? Well, I am first going to check Add / Remove Programs to see if I can add it.

  1. Open Add / Remove Programs. Here is how if you don’t know.
    1. Click on Start.
    2. Type in Add / Remove Programs.
    3. Selecte and start Add / Remove Programs.
  2. I then clicked on “Turn Windows Features On or Off”.
  3. I then found the “Telnet Client” option.
  4. I checked the box and clicked OK.And the Telnet client installed.So I have windows 7 ultimate. I understand leaving telnet off Windows 7 home by default, but I don’t understand why to leave it off of Windows 7 Ultimate. Oh, well. I guess we will just have to enable it ever time when we want it.
Category: Windows 7  |  27 Comments

How to add an enum or enumeration to a class in C++?

November 15, 2009, 11:09 am by Rhyous

How to add an enum or enumeration to a class in C++?

Obviously this is simple, but I keep forgetting one element or other of the syntax (usually the terminating semi-colon) so I thought if I made a post about it, I would never forget again, and if I did, I could look at my post and remember.

There are certain parts to an enum configuration:

  1. The enum keyword.
  2. The name of the enumerator. I name this one Items just as an example but it can be named anything you want almost (of course you can’t use C++ keywords).
  3. The open bracket: {
  4. The names of the items separated by comas:
    item1, item2, item3
    Each item has an integer value starting at 0 and incrementing by one. Optionally, you can change a value, and again, ever value thereafter will be +1. So if you want to start at 1 instead of at 0, you would put this:
    item1 = 1, item2, item3
    If you wanted to count from 1,2,3 and then 7,8,9 you could do this:
    item1 = 1, item2, item3, item7 = 7, item8, item9
    Also you can change every item by having every item by assigning every item.

  5. The closing bracket: }
  6. A statement closing semicolon: ;

    So the code for your Items enumerator look like this:

    enum Items
{
    item1 = 1, item2, item3
};

    A basic class is shown here:

    class NewObject
{
public:
    // Public members and functions
    NewObject();
    ~NewObject();
protected:
    // Protected members and functions
private:
    // Private members and functions
};

    So to add an enum to you need to decide, is it a public, protected, or private enum? I think it is most common to have public enumerations so that is what my example shows.

    class NewObject
{
public:
    // Public members and functions
    NewObject();
    ~NewObject();

    enum Items
    {
        item1 = 1, item2, item3
    };

protected:
    // Protected members and functions
private:
    // Private members and functions
};

    Now you can use the enum on any instantiated class.

Category: Development  |  Comment

How to configure Bugzilla to Authenticate to Active Directory?

November 10, 2009, 10:20 pm by Rhyous

So I already have an article on installing Bugzilla. See it here:
How to install Bugzilla on a FreeBSD 7.2 with Apache + SSL and MySQL?

So I am not going to cover installing Bugzilla. Just how to get it to connect to Active Directory. Mostly the documentation was there, but there was not really a good example of actual implementation. If the documentation doesn’t provide an example (preferably multiple real world exmaples) then it is poor documentation. Yes, Bugzilla, you are free to take my documentation and put it in your manual, or link to this page.

  1. Gather the information from your production environment, especially the LDAP information for your Active Directory configuration: 
    • Bugzilla Server name: 
      http://myserver/bugzilla

       

    • The LDAP Servers (Active Directory servers):
      dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

       

    • The LDAP Bind DN info of a user that can read Active Directory. (This can be any active directory user, as long as this user can read active directory’s users, which pretty much an user no matter how locked down can do.)So my username on the domain is JBarneck, but that is not what to use here. The LDAP Bind DN of my user name is like this (with company secret information changed).
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    • The LDAP Base DN, which is the LDAP information for the OU that your users are in.
      My LDAP Base DN for the OU I am in is this (again with company secret information changed). This is exactly what I pasted into my configuration, backslash and all. 

      OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld
    • The LDAPuidattribute, which is sAMAccountName and I don’t know if you can changed in Active Directory.
      sAMAccountName

       

    Note: I’ll be honest. I didn’t have access to a domain controller or Active Directory so I used a tool called LDAPWhoAmI.exe (with an accompanying ldapinfo.dll) that is included in LANDesk’s Management Suite software. I can’t give you these files. But if you wanted to do a trial of LANDesk Management Suite, you could download a Management Suite trial (which is a gig or so) and extract it and get these files. You don’t have to install, just extract and search for the two files. Copy them to a Windows workstation on your domain, then open a command prompt and change to the directory where LDAPWhoAmI.exe and ldapinfo.dll was copied and run LDAPWhoAmI.exe.

  2. Log into Bugzilla as an administrator. There is not default administrative user for Bugzilla. You should have created a user account as part of the install.
  3. Enable the LDAP module.
    1. Click on Administration from the top menu bar.
    2. Click on Parameters.
    3. Click on User Authentication on the left menu bar.
    4. Scroll down to the user_verify_class setting.
    5. Highlight LDAP and click the up arrow so that it is first in the list. I left DB enabled. I left Radius disabled.
    6. At the bottom of the web page (yes you have to scroll all the way to the bottom) click the Save Changes button.
  4. Configure LDAP to connect to Active Directory.
    1. Click on LDAP on the left menu bar.
    2. Under LDAPserver put your Active Directory servers.
      dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

       

    3. Under LDAPbinddn put your user’s ldap info.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    4. Under LDAPBaseDN put your LDAP info for the OU with your users.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

      5. Under LDAPuidattribute put sAMAccountName.

      sAMAccountName

       

    5. At the bottom of the web page click the Save Changes button.
  5. test Authentication.
    1. Either log out or use a different browser or a different machine and connect to your bugzilla url: 
      http://myserver/bugzilla

       

    2. Log in using an Active Directory account. I was unsure if I was supposed use an email or my username and it worked using my Domain user name, JBarneck, and my Domain password.

    I hope this helps all of you get Bugzilla to authenticate using Active Directory much faster than if you had to scour the web for problems.

    Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com. 

Tags:
Category: FreeBSD  |  7 Comments

How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database?

November 10, 2009, 9:28 am by Rhyous

Ok, so I want to have Subversion authentication work from a MySQL database. I am going to try to use Cyrus SASL for this.

I already have instructions for installing the necessary parts:

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Subversion, however, one difference you need to make to the install instructions for subversion. You need to install with SASL2 support. When you run make install it is an option.

    4. How to install subversion 1.6.6 on FreeBSD 7.2

Ok, now that you have everything is installed, you are were I am and ready to try to get this configured.

Configuring Subversion to use SASL to Authenticate to a MySQL database

  1. Create a simple MySQL database. The following is a simple database creation script that creates a database with one table and two rows. 
    CREATE DATABASE UserDB;
USE UserDB;
CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) )
INSERT INTO users VALUES ('user1','pw1');
INSERT INTO users VALUES ('user2@MyReal.com','pw2');
INSERT INTO users VALUES ('user3@myemailaddress.com','pw3');

    Note: I use these accounts to show what works and what does not work because the idea of “realms” is confusing.

    You may be asking why I don’t have three rows, one for each item: User, Password, Realm.

    Well, if you really are creating a new database to handle SVN Users then that is how you should do it and here is it is.

    CREATE DATABASE UserDB;
USE UserDB;
CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) , 'realm' varchar(255))
INSERT INTO users VALUES ('user1','pw1','realm');
INSERT INTO users VALUES ('user2@MyReal.com','pw2','realm');
INSERT INTO users VALUES ('user3@myemailaddress.com','pw3','realm');

    However, because I am assuming that you want to authenticate to users that are in an already existing database, realm won’t really exist. However, you may have usernames that are in email format, or not in email format an that makes a difference because Subversion splits the username at an @ symbol and the username is only what is before the @ symbol. See the troubleshooting realms section below.

  2. Edit the following file:
    /home/svn/repos/MyApp/conf/svnserve.conf

    # ee /home/svn/repos/MyApp/conf/svnserve.conf

    The following are the lines that should NOT be commented out.

    [general]
    anon-access = none
    auth-access = write
    realm = MyDomain.com

    [sasl]
    use-sasl = true

  3. Create and edit the following file:
    /usr/local/lib/sas2/svn.conf

    # ee /usr/local/lib/sas2/svn.conf

    The following are the lines that should NOT be commented out.

    [general]
    pwcheck_method: auxprop
    mech_list: plain
    auxprop_plugin: sql
    sql_hostnames: localhost
    sql_engine: mysql
    sql_user: root
    sql_passwd: pw
    sql_database: UserDB
    sql_select: SELECT password FROM users WHERE username='%u'

    Note: For debugging add log_level: 7 to this file and then watch the /var/log/debug file.

You should now be able to connect with a client such as TortoiseSVN and connect

Troubleshooting Realms

I found some issues with realms that were really confusing.

Change your /usr/local/lib/sas2/svn.conf file to look like this:

[general]
log_level: 7
pwcheck_method: auxprop
mech_list: plain
auxprop_plugin: sql
sql_hostnames: localhost
sql_engine: mysql
sql_user: root
sql_passwd: pw
sql_database: UserDB
sql_select: SELECT password FROM users WHERE username='%u' or username='%u@%r'

I added two changes:

  1. Turned on logging.
  2. Changes the sql statement to look for username='username' or username='username@realm'

I had to do this because if the user was using an email address, such as john@domain.tld, then it actually makes %u only equal John and seems to drop the @domain.tld and replace it with the name of the realm. However, if your username is John@domain.tld and your realm is domain.tld (so realm and domain are the same), then the code above works. If you domain and realm are not the same, I haven't been able to get this to work.

Go ahead and run this command:

# tail -f -n 30 /var/log/debug

And then try to authenticate using a client, such as TortoiseSVN. Test all three users. You will see the SQL Queries that are run. It should work to authenticate as user1 or User2, but it cannot authenticate user3 because it just doesn't work due to the way it handles realms. If you have users that don't have email address in your realm, then you need them to have username that are not email addresses.

Final Question
If the password is stored as an md5, sha1, sha256 hash in the database, how do I make this work?

Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Tags: , , ,
Category: FreeBSD, MySQL  |  25 Comments

How to install subversion 1.6.6 on FreeBSD 7.2

November 7, 2009, 1:47 pm by Rhyous

How to install Subversion 1.6.6 on FreeBSD 7.2.
The basic overivew.

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Subversion.

I have previous documents about installing each of the steps above installing Subversion. This document will only cover Subversion.

Installing Subversion on FreeBSD from ports

  1. Go to /usr/ports/devel/subversion and run make install.

    ServerName#
    ServerName#     		cd /usr/ports/devel/subversion
    make install

    NOTE: If you get a failure due to apr already being installed but not being built correctly, then uninstall apr and reinstall it with the default settings. Then go back and try to install subversion again.

    ServerName#
    ServerName#
    ServerName#     		cd /usr/ports/devel/apr
    make deinstall
    make BATCH=yes install

  2. Configure Subversion to start at bootup.

    #
    #     		echo # Subversion >> /etc/rc.conf
    echo 'svnserve_enable="YES"' >> /etc/rc.conf

  3. Create an svn user using the adduser command line wizard. This command will walk you through creating an svn user. Make sure to use the nologin shell and a random password so the user cannot login.

    # # adduser
    Username: svn
    Full name: svn
    Uid (Leave empty for default):
    Login group [svn]:
    Login group is svn. Invite svn into other groups? []:
    Login class [default]:
    Shell (sh csh tcsh nologin) [sh]: nologin
    Home directory [/home/svn]:
    Home directory permissions (Leave empty for default):
    Use password-based authentication? [yes]:
    Use an empty password? (yes/no) [no]:
    Use a random password? (yes/no) [no]: yes
    Lock out the account after creation? [no]:
    Username : svn
    Password :
    Full Name : svn
    Uid : 1002
    Class :
    Groups : svn
    Home : /home/svn
    Home Mode :
    Shell : /usr/sbin/nologin
    Locked : no
    OK? (yes/no): yes
    adduser: INFO: Successfully added (svn) to the user database.
    adduser: INFO: Password for (svn) is: /2CZct48a
    Add another user? (yes/no): no
    Goodbye!

  4. Make a repos directory in the svn user's home directory.

    # mkdir /home/svn/repos

  5. Create a repository.

    #
    #
    #
    #     		cd /home/svn
    mkdir repos
    cd repos
    svnadmin create MyApp

    This will create a MyApp folder and populate it with the files needed to start a repository.

    This is default subversion repository folder structure:

    /home/svn/repos/MyApp/README.txt
    /home/svn/repos/MyApp/format
    /home/svn/repos/MyApp/conf
    /home/svn/repos/MyApp/confauthz
    /home/svn/repos/MyApp/conf/passwd
    /home/svn/repos/MyApp/confsvnserve.conf
    /home/svn/repos/MyApp/db
    /home/svn/repos/MyApp/db/current
    /home/svn/repos/MyApp/db/format
    /home/svn/repos/MyApp/db/fs-type
    /home/svn/repos/MyApp/db/fsfs.conf
    /home/svn/repos/MyApp/db/min-unpacked-rev
    /home/svn/repos/MyApp/db/rep-cache.db
    /home/svn/repos/MyApp/db/revprops
    /home/svn/repos/MyApp/db/revs
    /home/svn/repos/MyApp/db/transactions
    /home/svn/repos/MyApp/db/txn-current
    /home/svn/repos/MyApp/db/txn-current-lock
    /home/svn/repos/MyApp/db/txn-protorevs
    /home/svn/repos/MyApp/db/uuid
    /home/svn/repos/MyApp/db/write-lock
    /home/svn/repos/MyApp/db/revprops/
    /home/svn/repos/MyApp/db/revprops/0
    /home/svn/repos/MyApp/db/revprops/0/0
    /home/svn/repos/MyApp/db/revs/
    /home/svn/repos/MyApp/db/revs/0
    /home/svn/repos/MyApp/db/revs/0/0
    /home/svn/repos/MyApp/db/transactions/
    /home/svn/repos/MyApp/db/txn-protorevs/
    /home/svn/repos/MyApp/hooks/
    /home/svn/repos/MyApp/hooks/post-commit.tmpl
    /home/svn/repos/MyApp/hooks/post-lock.tmpl
    /home/svn/repos/MyApp/hooks/post-revprop-change.tmpl
    /home/svn/repos/MyApp/hooks/post-unlock.tmpl
    /home/svn/repos/MyApp/hooks/pre-commit.tmpl
    /home/svn/repos/MyApp/hooks/pre-lock.tmpl
    /home/svn/repos/MyApp/hooks/pre-revprop-change.tmpl
    /home/svn/repos/MyApp/hooks/pre-unlock.tmpl
    /home/svn/repos/MyApp/hooks/start-commit.tmpl
    /home/svn/repos/MyApp/locks/
    /home/svn/repos/MyApp/locks/db-logs.lock
    /home/svn/repos/MyApp/locks/db.lock
  6. To configure a Repository and add users, edit the following file:
    /home/svn/repos/MyApp/conf/svnserve.conf

    # ee /home/svn/repos/MyApp/conf/svnserve.conf

    Uncomment lines below or just create a new svnserve.conf file with these lines:

    [general]
    anon-access = read
    auth-access = write
    password-db = /home/svn/userdb

    Now edit the following file:
    /home/svn/repos/MyApp/passwd

    # ee /home/svn/repos/MyApp/passwd

    Add users. For example, to add a user allen1 with a password of P@sswd! and another user jared with a password of My$ecre+1, the file would look like this:

    [users]
    allen1 = P@sswd!
    jared = My$ecre+1
  7. Now start the svn server.

    # /usr/local/etc/rc.d/svnserve start

  8. Now you should be able to connect to your repository with an svn client. TortoiseSVN is a popular windows tool that you can use to connect to your repository.

    Use the following to connect:

    svn://allen1:P@sswd!@ServerName/MyApp

Now i have to figure out a bunch more steps...
How to populate an SVN repository?
How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database?
How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database where the password is stored in a hash? So you can have SVN share Bugzilla users?
How to get Tortoise SVN to connect to an SVN repository?
How to install WebSVN as a web interface to the SVN repository?

Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Tags: ,
Category: FreeBSD  |  18 Comments

Windows 7 hangs when creating a new folder and hangs again when renaming it

November 7, 2009, 1:27 pm by Rhyous

Ok, so I am using Windows 7 64 bit and while I have overall been pleased with Wndows 7, I must be unbiased and post the problems too, right.

Well, I have a problem that is frustrating.

PROBLEM
Windows 7 hangs when creating a new folder and hangs again when renaming it

How it happens
The problem occurs when I create a New Folder. Explorer hangs for about 45 seconds. I am not sure what the problem is, but there is no excuse for taking 45 seconds to create a new folder.

To make the problem worse, the first thing I do when I make a new folder is I rename it. So if I try to rename the folder, it hangs another 45 seconds.

Cause

Unknown…

Could it be my hardware? Maybe. I have a Lenovo T61p with 4 GB of RAM and a 160 GB hard drive that is just shy of two years old.

Could it be some application? Maybe. But I don’t have any of the most likely culprits such as Antivirus installed. I a a developer, but I don’t have MySQL or SQL Server Express running or anything.

How is my processor and memory utilization when this occurs? Fine.
CPU: I don’t have 100% CPU, and I have almost no CPU usage, under 10% (moving between 3 and 9% and once hit 16%).
RAM: 1.3 GB used, 2.7 available.

So this is a the first big fat negative for windows 7. If you have seen this, then that would confirm that it is a wide spread issue and not just an issue on my single machine.

update: 2/20/2010
The cause is obviously something to do with going to full hibernate mode and returning.

Possible Resolutions

Do a clean reboot.
Or restart Explorer.
Or disable Windows Search??

Category: Windows 7  |  75 Comments

How to install Bugzilla on a FreeBSD 7.2 with Apache + SSL and MySQL?

November 6, 2009, 2:06 pm by Rhyous

How to install Bugzilla 3.4.2 on FreeBSD 7.2.

The basic overivew.

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Apache + SSL.
    Installing an Apache + SSL on FreeBSD using the ports tree

  4. Then install MySQL.
    How to install MySQL on FreeBSD 7.2 or on Red Hat 5.4?

  5. Configure MySQL to be Unicode.
    How to create a UTF-8 Unicode Database on MySQL and make UTF-8 Unicode the default?

  6. Then install Bugzilla

I have previous documents about installing each of the steps above installing Bugzilla. This document will over cover bugzilla.

Installing Bugzilla From Ports

You can install easily from Ports. Make sure your ports tree is up to date:

$

su

Password:

ServerName#
ServerName#
ServerName# 		portsnap fetch
portsnap extract
portsnap udpate

Then just do this to install Bugzilla 3.4.2 on FreeBSD 7.2.

ServerName#
ServerName# 		cd /usr/ports/devel/bugzilla
make BUGZILLADIR=/usr/local/www/apache22/data/bugzilla install

Note: Make sure you choose the correct install directory for the BUGZILLADIR parameter. By default Apache 2.2 is only serving up files in /usr/local/www/apache22/data/ so by install bugzilla there, you will be able to access bugzilla with this url: http://www.YourWebSite.com/bugzilla

You will be asked to select your compile options throughout. If you don’t want to be promtped, and you want to accept the defaults, use this command.

ServerName# make BATCH=yes install

Now that you have Bugzilla 3.4.2 on your FreeBSD 7.2 server, you are not finished. We now need to connect to connect it to a database, which I am assuming is MySQL but could just as easily be Postgresql.

Resetting the file ownership recursively on the bugzilla folder

Make sure that the bugzilla folder and all subfolders are owned by www:www.

ServerName# chown -R www:www /usr/local/www/apache22/data/bugzilla

Creating a MySQL Database

  1. Log into mysql. I use the command line and type in mysql -p, enter my password when prompted.
  2. Create a database for Bugzilla.
  3. Create a user that can access Bugzilla.

    4. I use the followiing SQL commands for these steps:

    CREATE DATABASE BugDB

GRANT SELECT, INSERT, UPDATE, DELETE, INDEX, ALTER, CREATE, LOCK TABLES,
           CREATE TEMPORARY TABLES, DROP, REFERENCES
           ON BugDB.* TO BugDBUser@localhost
           IDENTIFIED BY 'P@sswd!';
FLUSH PRIVILEGES;

Run Install Check Script

  1. In a command prompt go to /usr/local/www/data/bugzilla
    ServerName# cd /usr/local/www/data/bugzilla
  2. Run the setup checking script.
    ServerName# ./checksetup.pl
  3. Now you are ready to open and edit the localconfig file.
    ServerName# ee localconfig

    4. Change the following values:

    $webservergroup = ‘www’
    $db_name = ‘BugDB’
    $db_user = ‘BugDBUser’
    $db_pass = ‘P@sswd!’

    Then close and save the localconfig file.

  4. Run ./checksetup.pl again.

    5. Note: If you have installled everything including MySQL using the defaults, you will see this warning:

    WARNING: You need to set the max_allowed_packet parameter in your MySQL configuration to at least 3276750. Currently it is set to 1048576. You can set this parameter in the [mysqld] section of your MySQL configuration file.

    Resolve this using the MySQL configuration file called my.cnf. I discussed the my.cnf earlier in this article, so you should already be familiar with it.
    How to create a UTF-8 Unicode Database on MySQL and make UTF-8 Unicode the default?

    Find the max_allowed_packet settings and change it to 4M.

    max_allowed_packet = 4M

    Restart MySQL.

    ServerName# /usr/local/etc/rc.d/mysql-server restart
  5. Run checksetup.pl again.

    I got this error:

    Creating ./lib/.htaccess…
    No such file or directory at Bugzilla/Install/Filesystem.pm line 445, line 275.

    I had to manually create the /usr/local/www/apache22/data/bugzilla/lib directory then this error disappeared when I ran checksetup.pl again.

  6. Now create an Apache configuration file for bugzilla and put it in /usr/local/etc/apache22/Includes. I name it bugzilla.conf.

    bugzilla.conf

    <Directory "/usr/local/www/apache22/data/bugzilla">
  Options +ExecCGI
  AllowOverride Limit
  DirectoryIndex index.cgi
  AddHandler cgi-script .cgi
</Directory>

    Restart Apache

    ServerName# /usr/local/etc/rc.d/apache22 restart

    7. You should now be able to connect to your server: http://YourServer/bugzilla

    Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Tags: , , ,
Category: FreeBSD, MySQL  |  6 Comments

How to install PHP5 and PHP5 Extensions on FreeBSD?

November 6, 2009, 9:58 am by Rhyous

Note: Article updated for FreeBSD 9

Step 1 – Install FreeBSD

  1. First install FreeBSD. Instructions for installing FreeBSD is contained in one of these article.
    How I install FreeBSD 9?
    How I install FreeBSD? (versions before FreeBSD 9)
  2. Second update FreeBSD and install the ports tree. Instructions for this are in this article.
    What are the first commands I run after installing FreeBSD?

Step 2 – Install PHP

How to install PHP on FreeBSD from Ports

You can install easily from Ports.

  1. Go to the php5 directory in the ports tree. 
    # cd /usr/ports/lang/php5
  2. Run ‘make config’ and select the desired options. 
    # cd /usr/ports/lang/php5

    Note: If you want to integrate with Apache, you must select the Apache option.

  3. Run ‘make BATCH=yes install’ to install PHP5. 
    # make BATCH=yes install

    PHP5 and its dependencies will download, compile, and install automagically for you.

    Note: If you want to script this, including the selecting to use Apache, use this command.

    # make WITH_APACHE=yes BATCH=yes install

How to install PHP on FreeBSD from Packages

  1. You can also install easily as a binary package with this simple command. 
    


    
#
pkg_add -r php

Step 3 – Installing PHP5 Extensions on FreeBSD

You may now want to install PHP5 extensions for integration with your web server, such as Apache. There is a meta port that allows for installing all PHP5 extensions and we will use this for this example, though later we will demonstrate how to install a single extensions.

How to install php5-extensions from Ports

  1. Change to the php5-extensions ports directory. 
    


    
#
cd /usr/ports/lang/php5-extensions
  2. Run ‘make config’ and select the php5-extensions you want to install when prompted. 
    


    
#
make config

    Note 1: If you aren’t sure what to select, use the default, you can always come back and add more extensions later.

    Note 2: It may be important to you to make sure certain extensions are installed, such as extensions for MySQL, MySQLi, or Postgresl, especially if you are installing an Apache, MySQL, PHP server or a variant of such.

    Note 3: The extensions usually link to the release version of MySQL or PostgreSQL unless a new version is already installed. So if you want a later version, you may want to install the desired database port first.

  3. Run ‘make BATCH=yes install’ to install the selected php5-extensions. 
    


    
#
make BATCH=yes install

    The PHP5-extensions and their dependencies will download, compile, and install automagically for you.

How to install PHP Extensions from Packages

  1. You can also install easily as a binary package with this simple command. 
    


    
#
pkg_add -r php5-extensions

    Note: The package may not have all the extensions you desire. If not, use ports.

Step 4 – Integrating with Apache 2.x

  1. Change to the apache configuration directory. 
    # cd /usr/local/etc/apache22
  2. Edit the httpd.conf with your favority edit. I use ‘ee’. 
    # ee httpd.conf
  3. Search for “DirectoryIndex” to find the section where the directory index is configured.
  4. Add index.php as the first item as shown: 
    DirectoryIndex index.php index.html
  5. Save and close the httpd.conf file.
  6. Change to the “Includes” directory. 
    # cd /usr/local/etc/apache22/Includes
  7. Create a file with a name ending in .conf. I used php5.conf. 
    # ee php5.conf
  8. Add the following two lines to the file. 
    AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
  9. Save and close the php5.conf file.

    Note: You could script this as follows:

    


    
#
#
echo AddType application/x-httpd-php .php > /usr/local/etc/apache22/Includes/php5.conf
echo AddType application/x-httpd-php-source .phps >> /usr/local/etc/apache22/Includes/php5.conf
  10. Restart apache. 
    # /usr/local/etc/rc.d/apache22 restart

Step 5 – Test the PHP5 extensions integration with the web server

  1. Go to the web server’s root directory 
    # cd /usr/local/www/apache22/data
  2. Create a file called phpinfo.php. 
    # ee phpinfo.php
  3. Add the following lines to the file. 
    <?php
  phpinfo();
?>

    Note: the phpinfo() function will automatically create a page full of information about the php configuration and the extensions installed and more.

  4. Save and close the phpinfo.php file.
  5. Now from another machine, browse to the server.

    You can connect using name, fqdn, or IP and see which work.

    • http://servername/phpinfo.php
    • http://www.YourDomain.com/phpinfo.php
    • http://192.168.0.100/phpinfo.php

    You can also try to connect with SSL.

    • https://servername/phpinfo.php
    • https://www.YourDomain.com/phpinfo.php
    • https://192.168.0.100/phpinfo.php
  6. You can now analyze the results of the phpinfo() function on this page.

    Note: Don’t forget to delete this file before putting the server in production. You wouldn’t want such an information disclosure vulnerability available for anyone to see.

Adding or Removing PHP5 extensions

You may find yourself needing to add another PHP5 extension. Maybe you didn’t install the database extensions and you need to add it and you can tell from phpinfo() that it is definitely not installed.

There are two ways to add or remove an extension. First, you could reinstall the meta port (though I wouldn’t recommend it). Second, you can find the specific PHP5 extensions you need and run ‘make install’ or ‘make deinstall’ for that specific port.

Note: Specific PHP5 extensions might take you a moment to locate. The php5-extensions meta port is under /usr/ports/lang but specific ports for extensions are not located there. The MySQLi extension, for example, is found under /usr/ports/databases.

Adding the MySQLi extension

  1. Change to the location of the MySQLi php5 extension. 
    # cd /usr/ports/databases/php5-mysqli
  2. Run ‘make BATCH=yes install’ to install the extensions. 
    # make BATCH=yes install

    The php5-mysqli extensions downloads and compiles automagically.

Removing the MySQLi extension

  1. Change to the location of the MySQLi php5 extension. 
    # cd /usr/ports/databases/php5-mysqli
  2. Run ‘make deinstall’ to uninstall the extensions. 
    # make deinstall

    The php5-mysqli extensions is removed.

Category: FreeBSD  |  1 Comment

Installing an Apache + SSL on FreeBSD using the ports tree

November 6, 2009, 9:46 am by Rhyous

Installing Apache + SSL is very easy on FreeBSD.

Note: Tested on FreeBSD 9

  1. First install FreeBSD. Instructions for installing FreeBSD is contained in this article.
    How I install FreeBSD?
    How I install FreeBSD 9?
  2. Second update FreeBSD and install the ports tree. Instructions for this are in this article.
    What are the first commands I run after installing FreeBSD?
  3. Install the latest version of Apache, which is Apache 2.2 as of writing this. 
    

    #
    
#    		
cd /usr/ports/www/apache22
    
make BATCH=yes install

    This will download the Apache 2.2 source and compile and install it. A few other dependencies will be installed as well.

    Apache will not start automatically which is fine because we are not ready to start it yet.

  4. Configure Apache to automatically start when the FreeBSD system boots up. This is done using the /etc/rc.conf file. 
    #
    
#    		
echo # Apache 2.2 >> /etc/rc.conf
    
echo 'apache22_enable="YES"' >> /etc/rc.conf
  5. In order for Apache to use SSL, you must create a certificate. Now you may or may not know how to create one. I have made it easy for you by doing everything in a shell script. I have used SHA-256, because in this day an age, you need higher security than MD5 or SHA1.

    makesha256key.sh

    #!/bin/sh
mkdir -p /root/mycert
cd /root/mycert

mkdir -p /usr/local/etc/apache22/ssl.key
mkdir -p /usr/local/etc/apache22/ssl.crt
chmod 0400 /usr/local/etc/apache22/ssl.key
chmod 0400 /usr/local/etc/apache22/ssl.crt

openssl genrsa -des3 -out $1.key 1024
openssl req -new -x509 -nodes -sha256 -days 365 -key $1.key -out $1.crt

cp $1.key $1.key.orig
openssl rsa -in $1.key.orig -out $1.key

cp $1.key /usr/local/etc/apache22/ssl.key/
cp $1.crt /usr/local/etc/apache22/ssl.crt/
chmod 0400 /usr/local/etc/apache22/ssl.key/$1.key
chmod 0400 /usr/local/etc/apache22/ssl.crt/$1.crt

    This is NOT a fully functional shell script that shows you the command line options and everything. It is really just a list of commands to make this easier for you. Copy this to a shell script and run it. It takes one parameter, the cert name and you should call it like this:

    ./makesha256key.sh certname

    IMPORTANT: The commands in the script will prompt you for a Certificate password, and your Certification information. The only thing you need to make certain of is that when prompted for the “Common Name” you use the URL. For example, if your web site is www.rhyous.com, then www.rhyous.com is your Common Name.

    Or you can run the commands from the shell script manually one at a time if you want (replacing $1 with your desired certificate name).

    Note: In this script, the certificate will be a self-signed certificate, but you can get a signed certificate free here: http://cert.startcom.org

  6. Now configure Apache to read the httpd-ssl.conf file when it starts.

    Open the /usr/local/etc/apache22/httpd.conf using the easy editor or ee.

    #
ee /usr/local/etc/apache22/httpd.conf

    Near the end of the file, remove the comment symbol, the # sign, from the following line:

    Include etc/apache22/extra/httpd-ssl.conf

    Note: While you are in this file you may want to remove the comment from the line for enabling Virtual Hosts too if you are going to have multiple URLs hosted at this page.

  7. Configure the httpd-ssl.conf. 
    #
ee /usr/local/etc/apache22/extra/httpd-ssl.conf

    I only change the two lines to point to the correct certificate. Here is an sample httpd-ssl.conf without the comments.

    Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/var/run/ssl_mutex"
<VirtualHost _default_:443>
  DocumentRoot "/usr/local/www/apache22/data"
  ServerName www.example.com:443
  ServerAdmin you@example.com
  ErrorLog "/var/log/httpd-error.log"
  TransferLog "/var/log/httpd-access.log"

  SSLEngine on

  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  SSLCertificateFile "/usr/local/etc/apache22/ssl.crt/server.crt"

  SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/server.key"

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory "/usr/local/www/apache22/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>

  BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

  CustomLog "/var/log/httpd-ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

  8. Now start or restart Apache. 
    #
/usr/local/etc/rc.d/apache22 start

Now just open a browser (on another system of course) and connect to your new FreeBSD installed web server. You can connect using name, fqdn, or IP and see which work.

  • http://servername
  • http://www.YourDomain.com
  • http://192.168.0.100

You can also try to connect with SSL.

  • https://servername
  • https://www.YourDomain.com
  • https://192.168.0.100

Common Errors

  1. Performing sanity check on apache22 configuration:
httpd: apr_sockaddr_info_get() failed for F9
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Syntax OK
Starting apache22.
httpd: apr_sockaddr_info_get() failed for F9
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
/usr/local/etc/rc.d/apache22: WARNING: failed to start apache22

    If you get this error, you need to update your /etc/hosts file and make sure the system’s hostname there.

    ::1                     localhost YourServerNameHere
127.0.0.1               localhost YourServerNameHere

Install other software

It is now very common to install a database server and a scripting language, such as MySQL and PHP. I have separate documents for each install:

How to install MySQL FreeBSD?

How to install PHP5 and PHP5 Extensions on FreeBSD?

Tags: , ,
Category: FreeBSD  |  14 Comments
« Previous Entries
Next Entries »