Posts tagged ‘SSL’

How to install Bugzilla on a FreeBSD 7.2 with Apache + SSL and MySQL?

How to install Bugzilla 3.4.2 on FreeBSD 7.2.

The basic overivew.

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Apache + SSL.
    Installing an Apache + SSL on FreeBSD using the ports tree

  4. Then install MySQL.
    How to install MySQL on FreeBSD 7.2 or on Red Hat 5.4?

  5. Configure MySQL to be Unicode.
    How to create a UTF-8 Unicode Database on MySQL and make UTF-8 Unicode the default?

  6. Then install Bugzilla

I have previous documents about installing each of the steps above installing Bugzilla. This document will over cover bugzilla.

Installing Bugzilla From Ports

You can install easily from Ports. Make sure your ports tree is up to date:

$

su

Password:

ServerName#
ServerName#
ServerName#
portsnap fetch
portsnap extract
portsnap udpate

Then just do this to install Bugzilla 3.4.2 on FreeBSD 7.2.

ServerName#
ServerName#
cd /usr/ports/devel/bugzilla
make BUGZILLADIR=/usr/local/www/apache22/data/bugzilla install

Note: Make sure you choose the correct install directory for the BUGZILLADIR parameter. By default Apache 2.2 is only serving up files in /usr/local/www/apache22/data/ so by install bugzilla there, you will be able to access bugzilla with this url: http://www.YourWebSite.com/bugzilla

You will be asked to select your compile options throughout. If you don’t want to be promtped, and you want to accept the defaults, use this command.

ServerName# make BATCH=yes install

Now that you have Bugzilla 3.4.2 on your FreeBSD 7.2 server, you are not finished. We now need to connect to connect it to a database, which I am assuming is MySQL but could just as easily be Postgresql.

Resetting the file ownership recursively on the bugzilla folder

Make sure that the bugzilla folder and all subfolders are owned by www:www.

ServerName# chown -R www:www /usr/local/www/apache22/data/bugzilla

Creating a MySQL Database

  1. Log into mysql. I use the command line and type in mysql -p, enter my password when prompted.
  2. Create a database for Bugzilla.
  3. Create a user that can access Bugzilla.
  4. I use the followiing SQL commands for these steps:

    CREATE DATABASE BugDB
    
    GRANT SELECT, INSERT, UPDATE, DELETE, INDEX, ALTER, CREATE, LOCK TABLES,
               CREATE TEMPORARY TABLES, DROP, REFERENCES
               ON BugDB.* TO BugDBUser@localhost
               IDENTIFIED BY 'P@sswd!';
    FLUSH PRIVILEGES;
    

Run Install Check Script

  1. In a command prompt go to /usr/local/www/data/bugzilla
    ServerName# cd /usr/local/www/data/bugzilla
  2. Run the setup checking script.
    ServerName# ./checksetup.pl
  3. Now you are ready to open and edit the localconfig file.
    ServerName# ee localconfig
  4. Change the following values:

    $webservergroup = ‘www’
    $db_name = ‘BugDB’
    $db_user = ‘BugDBUser’
    $db_pass = ‘P@sswd!’

    Then close and save the localconfig file.

  5. Run ./checksetup.pl again.
  6. Note: If you have installled everything including MySQL using the defaults, you will see this warning:

    WARNING: You need to set the max_allowed_packet parameter in your MySQL configuration to at least 3276750. Currently it is set to 1048576. You can set this parameter in the [mysqld] section of your MySQL configuration file.

    Resolve this using the MySQL configuration file called my.cnf. I discussed the my.cnf earlier in this article, so you should already be familiar with it.
    How to create a UTF-8 Unicode Database on MySQL and make UTF-8 Unicode the default?

    Find the max_allowed_packet settings and change it to 4M.

    max_allowed_packet = 4M

    Restart MySQL.

    ServerName# /usr/local/etc/rc.d/mysql-server restart
  7. Run checksetup.pl again.

    I got this error:

    Creating ./lib/.htaccess…
    No such file or directory at Bugzilla/Install/Filesystem.pm line 445, line 275.

    I had to manually create the /usr/local/www/apache22/data/bugzilla/lib directory then this error disappeared when I ran checksetup.pl again.

  8. Now create an Apache configuration file for bugzilla and put it in /usr/local/etc/apache22/Includes. I name it bugzilla.conf.

    bugzilla.conf

    <Directory "/usr/local/www/apache22/data/bugzilla">
      Options +ExecCGI
      AllowOverride Limit
      DirectoryIndex index.cgi
      AddHandler cgi-script .cgi
    </Directory>
    

    Restart Apache

    ServerName# /usr/local/etc/rc.d/apache22 restart
  9. You should now be able to connect to your server: http://YourServer/bugzilla


    Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Installing an Apache + SSL on FreeBSD using the ports tree

Installing Apache + SSL is very easy on FreeBSD.

Note: Tested on FreeBSD 9

  1. First install FreeBSD. Instructions for installing FreeBSD is contained in this article.
    How I install FreeBSD?
    How I install FreeBSD 9?
  2. Second update FreeBSD and install the ports tree. Instructions for this are in this article.
    What are the first commands I run after installing FreeBSD?
  3. Install the latest version of Apache, which is Apache 2.2 as of writing this.
    #
    #
    cd /usr/ports/www/apache22
    make BATCH=yes install

    This will download the Apache 2.2 source and compile and install it. A few other dependencies will be installed as well.

    Apache will not start automatically which is fine because we are not ready to start it yet.

  4. Configure Apache to automatically start when the FreeBSD system boots up. This is done using the /etc/rc.conf file.
    #
    #
    echo # Apache 2.2 >> /etc/rc.conf
    echo 'apache22_enable="YES"' >> /etc/rc.conf
  5. In order for Apache to use SSL, you must create a certificate. Now you may or may not know how to create one. I have made it easy for you by doing everything in a shell script. I have used SHA-256, because in this day an age, you need higher security than MD5 or SHA1.

    makesha256key.sh

    #!/bin/sh
    mkdir -p /root/mycert
    cd /root/mycert
    
    mkdir -p /usr/local/etc/apache22/ssl.key
    mkdir -p /usr/local/etc/apache22/ssl.crt
    chmod 0400 /usr/local/etc/apache22/ssl.key
    chmod 0400 /usr/local/etc/apache22/ssl.crt
    
    openssl genrsa -des3 -out $1.key 1024
    openssl req -new -x509 -nodes -sha256 -days 365 -key $1.key -out $1.crt
    
    cp $1.key $1.key.orig
    openssl rsa -in $1.key.orig -out $1.key
    
    cp $1.key /usr/local/etc/apache22/ssl.key/
    cp $1.crt /usr/local/etc/apache22/ssl.crt/
    chmod 0400 /usr/local/etc/apache22/ssl.key/$1.key
    chmod 0400 /usr/local/etc/apache22/ssl.crt/$1.crt
    

    This is NOT a fully functional shell script that shows you the command line options and everything. It is really just a list of commands to make this easier for you. Copy this to a shell script and run it. It takes one parameter, the cert name and you should call it like this:

    ./makesha256key.sh certname

    IMPORTANT: The commands in the script will prompt you for a Certificate password, and your Certification information. The only thing you need to make certain of is that when prompted for the “Common Name” you use the URL. For example, if your web site is www.rhyous.com, then www.rhyous.com is your Common Name.

    Or you can run the commands from the shell script manually one at a time if you want (replacing $1 with your desired certificate name).

    Note: In this script, the certificate will be a self-signed certificate, but you can get a signed certificate free here: http://cert.startcom.org

  6. Now configure Apache to read the httpd-ssl.conf file when it starts.

    Open the /usr/local/etc/apache22/httpd.conf using the easy editor or ee.

    # ee /usr/local/etc/apache22/httpd.conf

    Near the end of the file, remove the comment symbol, the # sign, from the following line:

    Include etc/apache22/extra/httpd-ssl.conf

    Note: While you are in this file you may want to remove the comment from the line for enabling Virtual Hosts too if you are going to have multiple URLs hosted at this page.

  7. Configure the httpd-ssl.conf.
    # ee /usr/local/etc/apache22/extra/httpd-ssl.conf

    I only change the two lines to point to the correct certificate. Here is an sample httpd-ssl.conf without the comments.

    Listen 443
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl    .crl
    SSLPassPhraseDialog  builtin
    SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
    SSLSessionCacheTimeout  300
    SSLMutex  "file:/var/run/ssl_mutex"
    <VirtualHost _default_:443>
      DocumentRoot "/usr/local/www/apache22/data"
      ServerName www.example.com:443
      ServerAdmin you@example.com
      ErrorLog "/var/log/httpd-error.log"
      TransferLog "/var/log/httpd-access.log"
    
      SSLEngine on
    
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    
      SSLCertificateFile "/usr/local/etc/apache22/ssl.crt/server.crt"
    
      SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/server.key"
    
      <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
      </FilesMatch>
      <Directory "/usr/local/www/apache22/cgi-bin">
        SSLOptions +StdEnvVars
      </Directory>
    
      BrowserMatch ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    
      CustomLog "/var/log/httpd-ssl_request.log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    
    </VirtualHost>
    

  8. Now start or restart Apache.
    # /usr/local/etc/rc.d/apache22 start

Now just open a browser (on another system of course) and connect to your new FreeBSD installed web server. You can connect using name, fqdn, or IP and see which work.

  • http://servername
  • http://www.YourDomain.com
  • http://192.168.0.100

You can also try to connect with SSL.

  • https://servername
  • https://www.YourDomain.com
  • https://192.168.0.100

Common Errors

  1. Performing sanity check on apache22 configuration:
    httpd: apr_sockaddr_info_get() failed for F9
    httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
    Syntax OK
    Starting apache22.
    httpd: apr_sockaddr_info_get() failed for F9
    httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
    /usr/local/etc/rc.d/apache22: WARNING: failed to start apache22
    

    If you get this error, you need to update your /etc/hosts file and make sure the system’s hostname there.

    ::1                     localhost YourServerNameHere
    127.0.0.1               localhost YourServerNameHere
    

Install other software

It is now very common to install a database server and a scripting language, such as MySQL and PHP. I have separate documents for each install:

How to install MySQL FreeBSD?

How to install PHP5 and PHP5 Extensions on FreeBSD?