amin’s info at online

I. Download and Extract 

root@freebsd:/tmp# cd /tmp

root@freebsd:/tmp#

 fetch http://superb-west.dl.sourceforge.net/sourceforge/

phpmyadmin/phpMyAdmin-2.10.0.2-all-languages-utf-8-only.tar.gz

root@freebsd:/tmp#
 tar zxvf phpMyAdmin-2.10.0.2-all-languages-utf-8-only.tar.gz

II. Move it to the Right Place

root@freebsd:/tmp#
  cd phpMyAdmin-2.10.0.2-all-languages-utf-8-only

root@freebsd:
/tmp/phpMyAdmin-2.10.0.2-all-languages-utf-8-only#
 mv * /usr/local/www/phpmyadmin.aminonline.com/

III. Generate Configuration

root@freebsd:/tmp/phpMyAdmin-2.10.0.2-all-languages-utf-8-only# 

cd  /usr/local/www/phpmyadmin.aminonline.com/

root@freebsd:/usr/local/www/phpmyadmin.aminonline.com#
 mkdir config

root@freebsd:/usr/local/www/phpmyadmin.aminonline.com#
 chmod o+rw config

Now lets go to https://phpmyadmin.aminonline.com/scripts/
setup.php and generating the configuration file.
Remember to click save button on the website to save your
configuration, which is what will generate the configuration
 file we need. This is what I set mine up like:

IV. Apply the Configuration

Copy the configuration file that you generated using

the web interface and remove the config directory for security.

root@freebsd:/usr/local/www/phpmyadmin.aminonline.com#

 mv config/config.inc.php .

root@freebsd:/usr/local/www/phpmyadmin.aminonline.com#
  chmod o-rw config.inc.php

root@freebsd:/usr/local/www/phpmyadmin.aminonline.com#
  chown -R www:wheel *

root@freebsd:/usr/local/www/phpmyadmin.aminonline.com#
  rm -R config/

We should already have the old .htaccess we created before for our phpmyadmin.aminonline.com and so now if we try to go to the https://phpmyadmin.aminonline.com/ we should be prompted for the username and password. Then you should see the phpmyadmin website.   

Set Defaults for openssl

amin@freebsd:/home/amin> su

     Password:

root@freebsd:/home/mikey# vi /etc/ssl/openssl.cnf

     dir = /root/sslCA  # Where everything is kept

     default_days= 3650 # how long to certify for

     countryName_default= CA

     stateOrProvinceName_default = ONTARIO

     0.organizationName_default = sao

II. Create a Script to Generate the
Certificate of Authority

root@freebsd:/home/mikey# cd ~

root@freebsd:/root# vi createCA.sh

     #!/bin/sh

     ##############################################

     # CA Creator

     # http://www.freebsdmadeeasy.com/

     #

     # This Script creates a certificate of authority

     # using OpenSSL. It was written and tested on

     # FreeBSD 6.1-RELEASE  Use at your own risk

     #

     #

     ##############################################

     echo “Setting up the directories”

     mkdir ~/sslCA

     echo “sslCA”

     mkdir ~/sslCA/certs

     echo “sslCA/certs”

     mkdir ~/sslCA/private

     echo “sslCA/private”

     mkdir ~/sslCA/newcerts

     echo “sslCA/newcerts”

     cd ~/sslCA

     echo 1000 > serial

     touch index.txt

     echo “Setting the permission to 700 on sslCA”

     chmod -R 700 ~/sslCA

     echo “Creating the CA”

     echo “Use a strong password and keep it safe!”

     openssl req -new -x509 -days 3650 -extensions v3_ca 

-keyout private/cakey.pem -out cacert.pem -config 

/etc/ssl/openssl.cnf     

 

     more ~/sslCA/cacert.pem

     more ~/sslCA/private/cakey.pem

     echo “sslCA/cacert.pem”

     echo “sslCA/private/cakey.pem”

     echo “All Done!”

III. Create the Certificate of Authority

root@freebsd:/root# sh createCA.sh

     Setting up the directories

     sslCA

     sslCA/certs

     sslCA/private

     sslCA/newcerts

     Setting the permission to 700 on sslCA

     Creating the CA

     Use a strong password and keep it safe!

     Generating a 1024 bit RSA private key

     …..++++++

     …….++++++

     writing new private key to ‘private/cakey.pem’

     Enter PEM pass phrase: 

…………………………………………………………………………

sslCA/cacert.pem

     sslCA/private/cakey.pem

     All Done!

For the next step, enter *.aminonline.com for
the Common Name, to also use this certificate
for the subdomains. Leave challenge password blank,
 or it will ask for it every time the Apache restarts.

9:50 root@freebsd:/root# cd ~root/sslCA

9:50 root@freebsd:/root/sslCA#
  openssl req -new -nodes -out NoobTechDev-req.pem
 -keyout private/NoobTechDev-key.pem –config
  /etc/ssl/openssl.cnf

 Generating a 1024 bit RSA private key

     ……………++++++

     ….++++++

 writing new private key to ‘private/NoobTechDev-key.pem’

     -----

 You are about to be asked to enter information that will
 be incorporated into your certificate request.

What you are about to enter is what is called a
 Distinguished Name or a DN.There are quite a few
 fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

     -----

Country Name (2 letter code) [CA]:

State or Province Name (full name) [ONTARIO]:

Locality Name (eg, city) []:

Organization Name (eg, company) [NoobTech]:

Organizational Unit Name (eg, section) []:

Common Name (eg, YOUR name) []:*.aminonline.com

     Email Address []:

 Please enter the following ‘extra’ attributes

 to be sent with your certificate request

 A challenge password []:
 Leave this blank, or it will ask for password
 every time you start up apache

An optional company name []:

root@freebsd:/root/sslCA#
 openssl ca -days 3650 -config /etc/ssl/openssl.cnf
 -out NoobTechDev-cert.pem -infiles NoobTechDev-req.pem

 Using configuration from /etc/ssl/openssl.cnf

 Enter pass phrase for /root/sslCA/private/cakey.pem:
 Enter the password you used in the earlier step.

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 4096 (0×1000)

Validity

Not Before: Apr 12 13:58:15 2007 GMT

Not After : Apr  9 13:58:15 2017 GMT

Subject:

countryName               = CA

stateOrProvinceName       = ONTARIO

organizationName          = sao

commonName                = *.aminonline.com

 X509v3 extensions:

 X509v3 Basic Constraints:

   CA:FALSE

   Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

66:28:06:78:DC:91:7E:7B:D1:B1:88:21:41:11:1B:10:74:31:18:AA

X509v3 Authority Key Identifier:

keyid:7A:EC:BB:DF:CF:0A:6B:8A:7B:C1:A0:ED:7D:BC:6F:61:32:EB:C1:74

DirName:/C=CA/ST=ONTARIO/O=NoobTech

serial:D1:CD:8D:62:59:1B:2F:2D

certificate is to be certified until Apr
   9 13:58:15 2017 GMT (3650 days)

     Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

     Write out database with 1 new entries

     Data Base Updated

IV. Configure HTTPS Virtual Hosts with generated CoA

Copy the certificate and key we generated earlier to a
public place for use with apache.
root@freebsd:/root/sslCA# mkdir /etc/ssl/crt
root@freebsd:/root/sslCA# mkdir /etc/ssl/key
root@freebsd:/root/sslCA#
cp ~/sslCA/NoobTechDev-cert.pem /etc/ssl/crt
root@freebsd:/root/sslCA#
cp ~/sslCA/private/NoobTechDev-key.pem /etc/ssl/key

Uncomment the following Include line in httpd.conf

root@freebsd:/usr/local/etc/apache22#
 cd /usr/local/etc/apache22

root@freebsd:/usr/local/etc/apache22#
 vi httpd.conf

     # Secure (SSL/TLS) connections

     Include etc/apache22/extra/httpd-ssl.conf

For the next part, I deleted the whole <VirtualHost>
 section and left the rest of the file intact.
 Then I added the following at the end of the file.

root@freebsd:/usr/local/etc/apache22#
  vi extra/httpd-ssl.conf

     # This must be added, or you will get a nice warning,
  when you try to host more then 1
  VirtualHost on the port 443

     # [warn] _default_ VirtualHost overlap on port 443,

# the first has precedence

     NameVirtualHost *:443

     <VirtualHost *:443>

 ServerName phpmyadmin.noobtechdev.com

 SSLEngine on

 SSLCertificateFile /etc/ssl/crt/NoobTechDev-cert.pem

 SSLCertificateKeyFile /etc/ssl/key/NoobTechDev-key.pem

 DocumentRoot /usr/local/www/phpmyadmin.noobtechdev.com

 CustomLog /usr/local/www/logs/phpmyadmin.noobtechdev.com.
 ssl.access.log combined

  ErrorLog /usr/local/www/logs/phpmyadmin.noobtechdev.com.
 ssl.error.log

  <Directory /usr/local/www/phpmyadmin.noobtechdev.com>

Order Deny,Allow

Allow from all

DirectoryIndex index.php index.html index.htm

      </Directory>

     </VirtualHost>

Now I’m going to create a directory for this new virtual
 host, and create a test page as well for testing purpose.

root@freebsd:/usr/local/etc/apache22#
 mkdir /usr/local/www/phpmyadmin.noobtechdev.com

root@freebsd:/usr/local/etc/apache22#
 echo “Hello World from SLL site” >
 /usr/local/www/phpmyadmin.noobtechdev.com/index.html

18:11 root@freebsd:/usr/local/etc/apache22#
  apachectl restart

Now navigate to https://phpmyadmin.noobtechdev.com/
 and you should be asked to accept a certificate from
 an untrusted authority, which is fine,
 because all we need it for is to use encryption.
After you accept the certificate you see a Hello World
from SLL site message.After this you should now have a working Apache22 with
 PHP5 and SSL. Also you should now be able
to create your own virtual hosts. It took me quite a while
 to get all this working together,
mostly because somehow I had Apache13 installed and then
 when I build my PHP5 it built it for
Apache13 and that most the source of my problems.
 But after I discovered that, and deinstalled
the Apache13 and installed Apache22, I started to
 have problems with PHP, not working with it so
I ended up having to deinstall and distclean the php
 port and reinstall that. And since that point
everything went pretty smooth following this tutorial:
http://www.freebsdmadeeasy.com/tutorials/web-server/
install-php-5-for-web-hosting.php
The one thing to note in that I’ve added a
<Directory> section to the VirtualHost.
Without that I kept getting Access Denied errors
 in my logs like so:
“… client denied by server configuration:
 /usr/local/www/ …”
Also when I tried to go to the website I got
 Restricted: Access denied

Things to note. Installed minimal FreeBSD 6.2, and MySQL 5.1 and Apache 2.2. Now I will install PHP5 for Apache.

I. Install PHP5

Install the PHP5. If you need to reconfigure the
settings again, you can edit it by typing make config.

root@freebsd:/usr/ports/lang/php5# cd /usr/ports/lang/php5

root@freebsd:/usr/ports/lang/php5# make install

 +--------------------------------------------------+

¦                     Options for php5 5.2.1_3                       ¦

¦ +----------------------------------------------------------------+ ¦

¦  [ ] CLI        Build CLI version                              ¦ ¦

¦  [ ] CGI        Build CGI version                              ¦ ¦

¦  [X] APACHE     Build Apache module                            ¦ ¦

¦  [ ] DEBUG      Enable debug                                   ¦ ¦

¦  [X] SUHOSIN    Enable Suhosin protection system               ¦ ¦

¦  [X] MULTIBYTE  Enable zend multibyte support                  ¦ ¦

¦  [X] IPV6       Enable ipv6 support                            ¦ ¦

¦  [ ] MAILHEAD   Enable mail header patch                       ¦ ¦

¦  [ ] REDIRECT   Enable force-cgi-redirect support (CGI only)   ¦ ¦

¦  [ ] DISCARD    Enable discard-path support (CGI only)         ¦ ¦

¦  [ ] FASTCGI    Enable fastcgi support (CGI only)              ¦ ¦

¦  [ ] PATHINFO   Enable path-info-check support (CGI only)      ¦ ¦

+----------------------------------------------------------------+-¦

¦                       [  OK  ]       Cancel                        ¦

+----------------------------------------------------+

root@freebsd:/usr/ports/lang/php5#
cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini 

II. Configure PHP5 for Apache

Add support for PHP to the Apache.

root@freebsd:/usr/local/etc/apache22#
cd /usr/local/etc/apache22

root@freebsd:/usr/local/etc/apache22#
 vi httpd.conf

# This line should have been added by the PHP5 installation,
 #if you had Apache22 installed

 LoadModule php5_module libexec/apache22/libphp5.so

# Then I edited the DirectoryIndex and added index.php

     <IfModule dir_module>

          DirectoryIndex index.php index.html

     </IfModule>

# And also added this to the <IfModule mime_module> section

     AddType application/x-httpd-php .php

     AddType application/x-httpd-php-source .phps

Create a test page.

root@freebsd:/usr/local/etc/apache22#
 echo “<? phpinfo(); ?>” >
 /usr/local/www/www.aminonline.com/test.php

root@freebsd:/usr/local/etc/apache22#
 apachectl configtest

         Syntax OK

root@freebsd:/usr/local/etc/apache22#
 apachectl restart

Now I point my browser to http://www.aminonline.com/test.php
and I should see a page showing details of my PHP configuration.
You should see a page similiar to this:

Installing MySQL Server 5.1 on FreeBSD 6.2

I will be installing MySQL Server 5.1 on FreeBSD 6.2 from ports.Log-in as root using the su, switch to the directory and begin the installation.

root@freebsd:/usr/ports/databases/mysql51-server# 

cd /usr/ports/databases/mysql51-server

root@freebsd:/usr/ports/databases/mysql51-server# 

make install

root@freebsd:/usr/ports/databases/mysql51-server#

We need to issue a rehash for the tcsh shell in order to
 reload the commands installed by the port.

root@freebsd:/usr/ports/databases/mysql51-server# 

rehash 

Now we need to do some configuration of the MySQL server.
Set the database to use mysql user account, which will
get created. Copy the default configuration file.

root@freebsd:/usr/ports/databases/mysql51-server#

 mysql_install_db --user=mysql

root@freebsd:/usr/ports/databases/mysql51-server# 

cp /usr/local/share/mysql/my-medium.cnf /var/db/mysql/my.cnf

root@freebsd:/usr/ports/databases/mysql51-server#

 chown mysql:wheel /var/db/mysql/my.cnf

Start the MySQL Daemon

root@freebsd:/usr/local#
 cd /usr/local ; /usr/local/bin/mysqld_safe &

Set the password for root user of the MySQL Database.
root@freebsd:/usr/local#
 /usr/local/bin/mysqladmin -u root password ‘xxxxx’
root@freebsd:/usr/local#
 /usr/local/bin/mysqladmin -u root -h freebsd.noobtechdev.com
password ‘xxxxx’
Add MySQL to system startup. Also make it run under
user mysql and only only the local interface 127.0.0.1
 since I will only be accessing it from the same server.

root@freebsd:/usr/local# vi /etc/rc.conf

mysql_enable=”YES”
    mysql_args=”––user=mysql ––bind-address=127.0.0.1″

I’m going to restart my server now to make sure
 that the MySQL starts, and is only bound to 127.0.0.1 

I. Install and Configure Apache 2.2

Login as root using the su command and lets get started.

 root@freebsd:/usr/ports/www/apache22# cd /usr/ports/www/apache22
root@freebsd:/usr/ports/www/apache22# make install
root@freebsd:/usr/ports/www/apache22#

Lets make the apache start with the system.

 root@freebsd:/usr/ports/www/apache22# vi /etc/rc.conf
	apache22_enable=”YES”

Now we need to edit 2 lines in the httpd.conf file. Take a note of these 2 lines and what you set them to. Later on when we create virtual hosts, the first entry must use the same settings as these according to the documentation.

 root@freebsd:/usr/ports/www/apache22# vi /usr/local/etc/apache22/httpd.conf
	ServerName www.aminonline.com:80 
	ServerAdmin amin@aminonline.com

We need to load this before the http daemon will run. We will also add it to load at boot time so that next time we reboot the system apache will be able to load.

:/usr/ports/www/apache22">root@freebsd:/usr/ports/www/apache22# kldload accf_http
root@freebsd:/usr/ports/www/apache22# vi /boot/loader.conf
	accf_http_load=”YES”

We have to rehash the tcsh shell to get the commands installed by the port available to the shell. Then we test the apache configuration and start the apache server.

 root@freebsd:/usr/ports/www/apache22# rehash
 root@freebsd:/usr/ports/www/apache22# apachectl configtest
	Syntax OK
root@freebsd:/usr/ports/www/apache22# apachectl start

Test the server from your browser like so for example http://10.25.2.5/
If all is well you should see a “It Works!” message. Now we’re going to move the apache22 web directory to a standard directory.

root@freebsd:/usr/ports/www/apache22# cd /usr/local/www/apache22
root@freebsd:/usr/local/www/apache22# mv * ../
root@freebsd:/usr/local/www/apache22# cd ..
root@freebsd:/usr/local/www# rmdir apache22/

Now we have to replace all occurences of
 “/usr/local/www/apache22″ with “/usr/local/www” in the “/usr/local/etc/apache22/httpd.conf” file.

I will use a confirmation when replacing, just in case. I got to replace it in 5 locations within the file.

root@freebsd:/usr/local/www# vi /usr/local/etc/apache22/httpd.conf
	:1,$s//usr/local/www/apache22//usr/local/www/gc
	Confirm change? [n]y
	Confirm change? [n]y
	Confirm change? [n]y
	Confirm change? [n]y
	Confirm change? [n]y

Lets test out configuration, and restart apache server.

 root@freebsd:/usr/local/etc/apache22# apachectl configtest
     Syntax OK
root@freebsd:/usr/local/etc/apache22# apachectl restart

At this point I get Access Denied when I try to browse the site.
Which will get fixed when I add virtual domains and set access restrictions for them.

I. Setting up Virtual Hosts

Now if that is working we’re going to add some virtual domains to it and alter the access setting so that everyone can view them. Uncomment the following Include statement. If you do not have it, then you might be using the older version of apache server, make sure you’re using 2.2.

 root@freebsd:/usr/local/www# cd /usr/local/etc/apache22
 root@freebsd:/usr/local/etc/apache22# vi httpd.conf
	# Virtual hosts
	Include etc/apache22/extra/httpd-vhosts.conf

The first VirtualHost section must contain the same ServerName as defined in the global httpd.conf earlier. This Virtualhost will catch any hosts that do not match the other virtual hosts. The directory section is necessary, since Apache2.2 restricts access to the virtual hosts so we can override in here for each virtual host which is actually nicer. Pay attention to the bold fields, which is what we set in the httpd.conf file earlier, make these the same as that.

 root@freebsd:/usr/local/etc/apache22# vi extra/httpd-vhosts.conf
     NameVirtualHost *:80       

     # First Virtual Host; Any unknown ServerName or ServerAlias will also get sent here
     <VirtualHost *:80>
     ServerAdmin amin@aminonline.com
     DocumentRoot /usr/local/www/www.noobtechdev.com
     ServerName www.aminonline.com
     CustomLog /usr/local/www/logs/www.aminonline.com.access.log combined
     ErrorLog /usr/local/www/logs/www.aminonline.com.error.log
     <Directory /usr/local/www/www.aminonline.com>
          Order Deny,Allow
          Allow from all
          DirectoryIndex index.php index.html index.htm
     </Directory>
     </VirtualHost>       

     # Second Virtual Host, will only process the specified ServerName
     <VirtualHost *:80>
     ServerAdmin amin@aminonline.com 
     DocumentRoot /usr/local/www/blog.aminonline.com
     ServerName blog.aminonline.com
     CustomLog /usr/local/www/logs/blog.aminonline.com.access.log combined
     ErrorLog /usr/local/www/logs/blog.aminonline.com.error.log
     <Directory /usr/local/www/blog.aminonline.com>
          Order Deny,Allow
          Allow from all
          DirectoryIndex index.php index.html index.htm
     </Directory>
     </VirtualHost>

Now we create directories for the Virtual Hosts we created as well as for their logs. Also I’m going to add a simple Hello World page to each Virtual Host for testing purposes.

 root@freebsd:/usr/local/etc/apache22# mkdir /usr/local/www/www.aminonline.com
root@freebsd:/usr/local/etc/apache22#
echo Hello World from www.aminonline.com > /usr/local/www/www.aminonline.com/index.html
root@freebsd:/usr/local/etc/apache22# mkdir /usr/local/www/blog.aminonline.com
root@freebsd:/usr/local/etc/apache22#
echo Hello World from blog.aminonline.com > /usr/local/www/blog.aminonline.com/index.html
 root@freebsd:/usr/local/etc/apache22# mkdir /usr/local/www/logs
root@freebsd:/usr/local/etc/apache22# apachectl configtest
	Syntax OK root@freebsd:/usr/local/etc/apache22# apachectl restart

Before the virtual hosts will work, you need to have the defined in your nameserver. My DNS setup for bind looks like this. I will bold the fields to pay attention to. If you want you can make your freebsd a local ip for testing locally as to bypass your firewall till you have everything working property. When changing DNS settings, remember to change the serial number entry (Data+revision) so that the nameservers will know it’s been updated. Also set the machine you are using the web browser on to test the apache to point to your name server directly. Especially when you’re testing it locally, so that every time you make a change it will be instant after you reload the DNS server.

     $TTL 6h
     @    IN SOA    ns1.aminonline.com. hostmaster.aminonline.com. (
			     2007041505
			     10800
			     3600
			     604800
			     86400 )       

     @           IN NS     ns1.aminonline.com.
     @           IN NS     ns2.aminonline.com.       

     ns1         IN A      72.140.6.193
     ns2         IN A      72.140.6.193       

     localhost   IN A      127.0.0.1       

     @           IN MX 10  mx-routes01.editdns.net.       

     mail        IN A      72.140.6.193       

     @           IN A      72.140.6.193
     celeron     IN A      72.140.6.193
     freebsd     IN A      72.140.6.193       

     ftp         IN CNAME  celeron
     smtp        IN CNAME  celeron
     pop3        IN CNAME  celeron       

     ; HTTP Apache server on freebsd, public IP virtual hosts
     www         IN CNAME  freebsd
     blog        IN CNAME  freebsd
     phpmyadmin  IN CNAME  freebsd
     awstats     IN CNAME  freebsd       

After you make changed to your nameserver, update the serial number and reload the nameserver. On my windows machine I reload bind like so: C:\WINDOWS\system32\dns\bin\rndc reload I installed BIND9 because the windows name server was starting to drive me a little bit nutty, since it’s been adding things in magically to point to local IPs instead of the public ones.
Now test your virtual hosts by pointing them to http://www.noobtechdev.com/ and then to http://blog.noobtechdev.com/ and see whether the proper pages display. Also try pointing your browser to your IP like so http://10.25.2.1/ and see if that takes you to the same page as http://www.aminonline.com which is sposed to catch all unknown hosts requests.

You should now have a working copy of the Apache with the ability to add virtual hosts to it. Restart your server and make sure that everything loaded ok on it’s own.

I. Problems I’ve Encountered

My DNS entries were not resolving to the proper hosts.

My computer was using cached DNS entried from my IPCop’s DNS server, so the subdomains I added to my domain were either pointing to their old IP or were not resolving at all. So I pointed my test machine directly to my DNS server and that fixed it. From then on whenever I made a change to DNS and reloaded it, it took affect immediately. Also a few time I forgot to update the serial number in the DNS zone file for my domain, which resulted in the data not getting reloaded by the DNS server.

 

I have been a Linux user way back from the first time I was introduced to an alternate OS than windows. Even though I was aware of other Unices like FreeBSD and Solaris, I hadn’t come around to installing them on my machine. Some days back, things changed when I downloaded the latest FreeBSD version 6.2 from their official website. It consists of 2 ISO images .

I burned the images on to two CDs using K3B CD burning software and then started the installation.

FreeBSD comes with a text based installer which is quite intuitive. But a person installing a non-windows OS for the first time will initially find it a bit confusing.

I have followed the official handbook of Freebsd to install.

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install.html

Just follow it.

After that I have to configure various servers in the system.

I will write about installations of MySQL 5.1, Apache 2.2, PHP5, phpMyAdmin 2.10.0.2, WordPress 2.1.3 step by step.

Just stay here.