Install Apache In Freenas Jail Host



Once the system is updated proceed to install MySQL server. Install MySQL Server. To install MySQL run the following command. Pkg install mysql57-server mysql57-client. This command will install version 5.7 on to the the server. Enable the server to run at startup with. Sysrc mysqlenable='yes' And finally, start the server. It is assumed that a FreeNAS jail has been setup as per Issue #329 and root access has been obtained. Update the ports tree: portsnap fetch extract Once that is done, build mariadb55-server from the ports tree, the uninstall mariadb55-server. This is to resolve the source dependencies for recompiling the MariaDB server later on with wsrep. Step One — Install Apache. The Apache web server is currently the most popular web server in the world, which makes it a great choice for hosting a website. We can install Apache easily using FreeBSD’s package manager, pkg. A package manager allows us to install most software pain-free from a repository maintained by FreeBSD. Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un.x-like operating systems. It only takes a minute to sign up.

Apache

Learn how to install GitWeb to browse the repositories on your server. Build the Git package from the Ports collection to install GitWeb on an Apache server. Optionally, configure access over HTTPS and LDAP authentication.

Note: I recently moved my Git server to Gitea. To learn how to install Gitea,see Installing a Gitea server on FreeBSD.

The following screenshot shows GitWeb displaying tworepositories:

Preparing the jail

The instructions in this post host the app server in a jail on FreeBSD. To learnwhy we use jails for this purpose, check theApplication server section ofour self-hosted architecture post.

Install

In this section, you’ll perform the following tasks:

Freenas Create Jail

  • Create a jail.
  • Configure networking on the jail.
  • Install the prerequisite packages.

Run the commands from a session in your FreeBSD host.

Apache

To create a jail:

  1. Fetch or update the release version of FreeBSD for jail usage:
  2. Create a jail named gitweb:

To configure networking on the jail:

  1. Configure the IP address. The following example sets the IP address to192.168.1.123 using a subnet maskof 24 bits on theem0 interface. The command uses theCIDR notation.
  2. Configure the default router. The following example sets the default routerto 192.168.1.1:

Start the jail and open a session to complete the rest of the tasks in thissection:

Install the following packages:

  • apache24
  • mod_php73
  • portmaster

Installing GitWeb from Ports

GitWeb is not included by default in the Git package. To get the GitWebbinaries, you need to install Git from the Ports collection.

Freenas
  1. Download and extract the Ports Collection:
  2. Build and install the Git package the GitWeb binaries:

    The build system shows the configuration prompts for the Git package and itsdependencies, but the GitWeb option is preselected. Accepting the defaultoptions work well for most installations.

Install Apache In Freenas Jail Host Command

Configuring the web service

  1. Copy the example GitWeb directory that is included with the Git package:
  2. In the /usr/local/etc/apache24/httpd.conf file:
    • Uncomment the LoadModule directives to enable the CGI modules byremoving the leading # character:
    • Replace the following DocumentRoot and Directory entries:

      with the entries of your GitWeb directory:

  3. Configure service start:
  4. Restart the web server:

Create the common root directory

The repositories must be stored in a common root directory, which by default islocated in the /pub/git directory. To create the /pub/git directory:

If you followed our post about installing a Git server on FreeNAS and chose theoption to store the repositories on a ZFS dataset, then you can just mountthe dataset on /pub/git by running the following command from aFreeNAS shell.

Otherwise, create a repository to test the installation:

  1. Create a repository:
  2. Create a commit in the repository:

Open a browser and go to http://192.168.1.123 to checkthe GitWeb interface.

Configure access over HTTPS

To configure access over HTTPS, you need an SSL certificate, such as the onesprovided by Let’s Encrypt.

  1. Copy the ca, crt, and key files of your certificate to a folder in thejail.
  2. By default, any .conf file in the Includes folder is added to the Apacheconfiguration. Create the /usr/local/etc/apache24/Includes/my-conf.conffile with the following contents:
  3. Restart the web server:

Configure LDAP authentication

You can configure Apache to validate the users against an LDAP directory, suchas OpenLDAP. If you configure authentication using this method, make sure toenable HTTPS because the credentialsare transmitted over the network in plain text.

This section assumes you already have a working LDAP server. For moreinformation, check the Installing an OpenLDAP server tutorial.

Apache doesn’t include the modules required for LDAP authentication by default.To get the modules, you need to install Apache from the Ports collection. Toinstall Apache from the Ports collection:

  1. Remove the apache24 package:
  2. Install the apr1 package. Make sure to select the LDAP option from thefirst dialog:
  3. Install the apache24 package. Make sure to select the AUTHNZ_LDAP andLDAP options from the first dialog:

Install Drivers Freenas

In /usr/local/etc/apache24/httpd.conf, configure the web server to use theLDAP modules and provide your LDAP server parameters:

Freenas Jail Upgrade

  1. To enable the LDAP modules, add the following LoadModule directives:
  2. Replace the Directory element added in the Configuring the webservice section with the following:
  3. Restart the web server:

    Let’s review the new parameters in this configuration:

    • AuthType: Selects that method that is used to authenticate the user.TheBasicAuth method sends the credentials through the network in plaintext. This is the reason why you must configure HTTPS before enabling LDAPauthentication.
    • AuthBasicProvider: Selects the provider to use with basic authentication.In this case, LDAP.
    • AuthLDAPURL: This parameter configures several options:
      • Protocol: Depending on your LDAP service, you can select ldap orldaps.
      • LDAP URL: The URL of your LDAP server. In the example,ldapserver.example.org.
      • Container where to look for users. In this case,ou=users,dc=example,dc=org.
      • Attribute to match with the username entered in the login field. In thiscase, uid. It’s advised to use a field that is unique in the LDAPdirectory, using an attribute that can be shared in multiple accounts,such as cn can lead to authentication issues.
      • Connection type. In this example, STARTTLS, which establishes a secureconnection on the default LDAP port (389). You can establish an unsecureconnection on the default LDAP port using the NONE option.
    • AuthLDAPBindDN: The account used to bind to and query the LDAP directory.
    • AuthLDAPBindPassword: The password of the account used to bind to the LDAP directory.
    • Require: Provides the authorization part of the process. In this case,valid-user accepts any user in the LDAP directory.