pkg search apache yields amongst others: apache24-2.4.23_1
# pkg install apache23-2.4.23_1
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 5 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
apache24: 2.4.23_1
apr: 1.5.2.1.5.4
gdbm: 1.12
db5: 5.3.28_4
pcre: 8.39
Number of packages to be installed: 5
The process will require 81 MiB more space.
18 MiB to be downloaded.
Proceed with this action? [y/N]: y
Fetching apache24-2.4.23_1.txz: 100% 5 MiB 4.9MB/s 00:01
Fetching apr-1.5.2.1.5.4.txz: 100% 402 KiB 411.7kB/s 00:01
Fetching gdbm-1.12.txz: 100% 144 KiB 147.7kB/s 00:01
Fetching db5-5.3.28_4.txz: 100% 12 MiB 6.4MB/s 00:02
Fetching pcre-8.39.txz: 100% 1 MiB 1.2MB/s 00:01
Checking integrity... done (0 conflicting)
[1/5] Installing gdbm-1.12...
[1/5] Extracting gdbm-1.12: 100%
[2/5] Installing db5-5.3.28_4...
[2/5] Extracting db5-5.3.28_4: 100%
[3/5] Installing apr-1.5.2.1.5.4...
[3/5] Extracting apr-1.5.2.1.5.4: 100%
[4/5] Installing pcre-8.39...
[4/5] Extracting pcre-8.39: 100%
[5/5] Installing apache24-2.4.23_1...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[5/5] Extracting apache24-2.4.23_1: 100%
Message from apache24-2.4.23_1:
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.
Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR
If build with modular MPM and no MPM is activated in
httpd.conf, then mpm_prefork will be activated as default
MPM in etc/apache24/modules.d to keep compatibility with
existing php/perl/python modules!
Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Due to these notes, addition of a line in /etc/hosts:
192.168.1.5 server2016 server2016.hellsnet.lu
The configuration files reside under /usr/local/etc/apache24
The official documentation regarding apache on FreeBSD is here: https://www.freebsd.org/doc/handbook/network-apache.html
Edit httpd.conf in /usr/local/etc/apache24, adapt the ServerAdmin to a local email address (bofh.web@hellsnet.lu), set the ServerName to server2016.hellsnet.lu.
apachectl configtest → ok
service apache24 start → runs
Add line to /etc/rc.conf, if it isn't there yet:
apache24_enable="YES"
To get PHP support, install the package www/mod_php56
# pkg install www/mod_php56
...
[activating module `php5' in /usr/local/etc/apache24/httpd.conf]
Message from mod_php56-5.6.24:
***************************************************************
Make sure index.php is part of your DirectoryIndex.
You should add the following to your Apache configuration file:
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
***************************************************************
Edit httpd.conf to add index.php to DirectoryIndex
In /usr/local/etc/apache24/modules.d, create file 080_mod_php.conf (name gleaned from the README_modules.d there) and add the FilesMatch stuff indicated in the note above. Followup with apachectl configtest and apachectl reload, test via telnet 192.168.1.5 80 and a normal GET / HTTP/1.0 command.
As I'm used to dokuwiki, might as well stay with it. A pkg is available:
# pkg search dokuwiki dokuwiki-20160626a Simple and easy to use wiki, no database required p5-HTML-WikiConverter-DokuWiki-0.53_1 Convert HTML to DokuWiki markup
which as of 2016-08-05 is acceptably recent, so I'll use that rather than go to the source.
The installer wants a bunch of dependencies:
# pkg install dokuwiki-20160626a
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 12 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
dokuwiki: 20160626a
php56-gd: 5.6.24
php56: 5.6.24
png: 1.6.21
t1lib: 5.1.2_4,1
jpeg-turbo: 1.4.2
php56-session: 5.6.24
php56-xml: 5.6.24
php56-mbstring: 5.6.24
oniguruma5: 5.9.6_1
php56-openssl: 5.6.24
php56-zlib: 5.6.24
Number of packages to be installed: 12
The process will require 38 MiB more space.
7 MiB to be downloaded.
Proceed with this action? [y/N]: y
...
Message from dokuwiki-20160626a:
======================================================================
INSTALLATION NOTES
The wiki program have been installed to /usr/local/www/dokuwiki.
Please configure your web server to allow running PHP scripts there.
Please create dedicated data directory outside the installation directory
and make it owned by the process running these PHP scripts. It is important
to make sure that your PHP intepreter does not allow running PHP scripts
there.
For first install, you may have to manually copy the contents from
/usr/local/www/dokuwiki/data into the newly created data directory and change
the owner of /usr/local/www/dokuwiki/conf to the web server.
Please go to http://www.your.host/dokuwiki/install.php to finish the
installation. For FULL configuration instructions, see
http://wiki.splitbrain.org/wiki:config
After installation please change the permissions of
/usr/local/www/dokuwiki/conf back to root:wheel.
======================================================================
Adding a virtualhost for the wiki, I found surprises as to the HTTP server not entirely accepting connections, giving 403 errors. I finally had to add a virtualhost for the default server too. An important ingredient also was a directory directive in the wiki virtualhost with a “Require all granted” instruction. In the php part modules.d/080_mod_php.conf, I also added a couple of lines:
AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps
It was now a pretty straightforward migration of data from the old server to the new one: copy over the pages/ and media/ directory contents and apply the proper ownership.
Also copy over the ACLs into conf/acl.auth.php (possibly adding users as present in users.auth.php).
I quite like tt-rss. A pkg is available:
# pkg search tt-rss tt-rss-16.1.2016.02.23_1 Tiny Tiny RSS: web-based news feed (RSS/Atom) aggregator
Considering tt-rss doesn't have releases any more but is continually upgraded in its git repository, the package doesn't impress me as recent. I'll pass on this and install from source.
TT-RSS is home at https://tt-rss.org/, the first install instructions figure at https://tt-rss.org/gitlab/fox/tt-rss/wikis/InstallationNotes.
Installing tt-rss needs git. As that's not installed by default, let's look for it:
# pkg search git abbayedesmorts-git20150512 Cross-platform port of l'Abbaye des Morts by Locomalito bzr-git-0.6.8_1 Plugin for bzr to work with git trees cgit-0.12 Hyperfast web frontend for Git repositories digitemp-3.6.0 Dallas Semiconductor 1-wire device reading console application easygit-0.98 Easy wrapper for git geany-plugin-git-changebar-1.27 Geany plugin: highlight changed files tracked with Git git-2.9.0 Distributed source code management tool git-bzr-ng-git20140423 Bi-directional git to bzr bridge git-codereview-0.0.0.2016030201 Command-line tool for working with Gerrit git-cola-2.6 Sleek and powerful Git GUI git-cvs-0.0.1.20151027 Tool to incrementally import changesets from CVS into Git git-extras-4.1.0 Sub-commands for repo summary, repl, changelog population, and more git-gui-2.9.0 Distributed source code management tool (GUI enabled) git-lite-2.9.0 Distributed source code management tool (lite package) git-merge-changelog-20140202 Git "merge" driver for GNU style ChangeLog files git-modes-emacs24-1.2.0,1 GNU Emacs modes for Git-related files git-review-1.25.0 Allow to push code to review and interact with a Gerrit server git-subversion-2.9.0 Distributed source code management tool with FreeBSD subversion bindings gitblit-1.8.0 Open-source servlet for Git repositories gitflow-1.8.0 Git extensions to provide high-level repository operations gitg-3.19.6 GTK-based git repository viewer gitg0-0.0.8_1 GTK-based git repository viewer (gtk2 version) github-backup-utils-2.4.0 GitHub Enterprise Backup Utilities gitinspector-0.3.2 Statistical analysis tool for git repositories gitlab-8.8.7 Web GUI for managing git repositories gitlab-shell-2.7.2_1 GitLab Shell handles git commands for GitLab gitlab-workhorse-0.7.1 Smart reverse proxy for GitLab gitlist-0.5.0 Web based Git repository browser written in PHP gitolite-3.6.5,1 Access control layer on top of git gitolite2-2.3.1_1 Access control layer on top of git gitphp-0.2.8_1 Web based git repository browser written in PHP gittrac-2.0.1_1 Web-Based Bug And Patch-Set Tracking System For Git griels-quest-git20150512 Griel's Quest for the Sangraal gtk-digital-cream-theme-1.0_8 Neat and clean theme for GNOME desktop gtk-digital-harmony-theme-1.1_8 Another popular theme for GNOME desktop hs-git-annex-5.20150727_1 Manage files with git, without checking their contents into git hs-gitit-0.11.1 Wiki using happstack, git or darcs, and pandoc libgit2-0.24.0 Portable, pure C implementation of the Git core libgit2-glib-0.24.0 Glib wrapper library around the libgit2 git access library libvterm-git20160104 Implementation of a VT220/xterm/ECMA-48 terminal emulator magit-emacs24-2.5.0 Interface to Git for Emacs metacity-digital-cream-theme-1.0_8 Neat and clean theme for GNOME desktop metacity-digital-harmony-theme-1.1_8 Another popular theme for GNOME desktop osmium-git20130522_10 C++/Javascript framework for working with OSM files p5-Algorithm-CheckDigits-1.3.2 Perl extension to generate and test check digits p5-App-GitGot-1.333 Tool to make it easier to manage multiple git repositories p5-App-GitHub-1.0.1_1 GitHub Command Tools p5-Config-GitLike-1.16 Simple git-compatible config file parser for Perl p5-Git-PurePerl-0.52 Pure Perl interface to Git repositories p5-Git-Repository-1.320 Perl interface to Git repositories p5-Git-Repository-Plugin-Log-1.314 Add a log() method to Git::Repository p5-Git-Sub-0.130270_1 Git commands imported into the git:: namespace p5-Git-Version-Compare-1.004 Functions to compare Git versions p5-Git-Wrapper-0.045 Wrap git(7) command-line interface p5-GitDDL-0.03 Perl extension for database migration utility by git managed sql p5-GitDDL-Migrator-0.07 Perl extension to extended p5-GitDDL p5-Net-GitHub-0.83 Perl interface to github.com p5-Test-Requires-Git-1.006 Check your test requirements against the available version of Git p5-WWW-GitHub-Gist-0.17_1 Perl interface to Gist p5-github_creator-0.15_1 Create a Github repository for your Perl module pear-SebastianBergmann_Git-1.2.0 Simple wrapper for Git pear-VersionControl_Git-0.4.4 OO interface to handle Git repository py27-GitPython-1.0.1 Python Git Library py27-django-taggit-0.15.0_1 Reusable Django application for simple tagging py27-git-up-1.3.0 Python implementation of 'git up' py27-gitdb-0.6.4_2 Pure Python git object database py27-gitosis-0.2.20090917_1 Software for hosting git repositories py27-hg-git-0.8.3 Mercurial extension to pull from or push to a Git repository py27-pygit2-0.24.0 Python bindings for libgit2 py27-pygithub-1.26.0 Python library implementing the full GitHub API v3 py27-python-digitalocean-1.8 API to manage digitalocean.com droplets py27-setuptools-git-1.1 Setuptools plugin for git py27-wsgitools-0.3 Useful middlewares and filters for wsgi as well as scgi servers qgit-qt4-2.3_1 Graphical interface to git repositories rubygem-gemnasium-gitlab-service-0.2.6 Gemnasium support for GitLab projects rubygem-git-1.2.9.1 Ruby wrapper library around git(1) rubygem-git-version-bump-0.15.1 Manage your app version entirely via git tags rubygem-github-linguist-4.8.5 GitHub Language detection rubygem-github-markdown-0.6.9 Self-contained Markdown parser for GitHub rubygem-github-markup-1.4.0_1 Render any fancy markup rubygem-github_api-0.14.0 Wrapper that supports all of the GitHub API v3 methods rubygem-gitlab-flowdock-git-hook-1.0.1 GitLab-patched Git Post-Receive hook for Flowdock rubygem-gitlab-gollum-lib-1.1.0_3 Simple, Git-powered wiki with a sweet API and local frontend rubygem-gitlab-grack-2.0.2_2 Ruby/Rack Git Smart-HTTP Server Handler rubygem-gitlab-grit-2.8.1_1 Library for extracting information from a git repository rubygem-gitlab-linguist-3.0.1 GitHub Language detection rubygem-gitlab-pygments.rb-0.5.4 Exposes the pygments syntax highlighter to Ruby rubygem-gitlab_emoji-0.3.1 Provides Gitlab Emoji assets rubygem-gitlab_git-10.1.1 GitLab wrapper around git objects rubygem-gitlab_meta-7.0 GitLab meta gem rubygem-gitlab_omniauth-ldap-1.2.1 LDAP strategy for OmniAuth rubygem-html-pipeline-gitlab-0.2.0 Extension filters for html-pipeline used by GitLab rubygem-omniauth-github-1.1.2 Official OmniAuth strategy for GitHub rubygem-omniauth-github-discourse-1.1.2 Fork of Official OmniAuth strategy for GitHub rubygem-omniauth-gitlab-1.0.2 OmniAuth strategy for GitLab rubygem-svn2git-2.3.2_1 Ruby utilities for exporting SVN repo to git sagittarius-scheme-0.7.4 R6RS/R7RS Scheme system svn2git-1.0.11.a.20151201 Imports svn repositories into git uwsgitop-0.9 uWSGI top-like app xtgyoretsu-git20140822 Extended ncurses version of "Renshu-cho gyoretsu"
The basic git-2.9.0 sounds about right. To install:
# pkg info git-2.9.0
pkg: No package(s) matching git-2.9.0
root@server2016:~ # pkg install git-2.9.0
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 14 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
git: 2.9.0
p5-Error: 0.17024
cvsps: 2.1_2
p5-Authen-SASL: 2.16_1
p5-Digest-HMAC: 1.03_1
p5-GSSAPI: 0.28_1
curl: 7.50.1
ca_root_nss: 3.26
p5-Net-SMTP-SSL: 1.03
p5-IO-Socket-SSL: 2.029
p5-Net-SSLeay: 1.74
p5-IO-Socket-IP: 0.37
p5-Socket: 2.021
p5-Mozilla-CA: 20160104
Number of packages to be installed: 14
The process will require 29 MiB more space.
7 MiB to be downloaded.
Proceed with this action? [y/N]: y
Fetching git-2.9.0.txz: 100% 4 MiB 3.9MB/s 00:01
Fetching p5-Error-0.17024.txz: 100% 24 KiB 24.8kB/s 00:01
Fetching cvsps-2.1_2.txz: 100% 41 KiB 42.3kB/s 00:01
Fetching p5-Authen-SASL-2.16_1.txz: 100% 44 KiB 45.1kB/s 00:01
Fetching p5-Digest-HMAC-1.03_1.txz: 100% 9 KiB 9.5kB/s 00:01
Fetching p5-GSSAPI-0.28_1.txz: 100% 41 KiB 41.7kB/s 00:01
Fetching curl-7.50.1.txz: 100% 2 MiB 2.3MB/s 00:01
Fetching ca_root_nss-3.26.txz: 100% 336 KiB 344.5kB/s 00:01
Fetching p5-Net-SMTP-SSL-1.03.txz: 100% 11 KiB 10.8kB/s 00:01
Fetching p5-IO-Socket-SSL-2.029.txz: 100% 153 KiB 157.0kB/s 00:01
Fetching p5-Net-SSLeay-1.74.txz: 100% 234 KiB 240.0kB/s 00:01
Fetching p5-IO-Socket-IP-0.37.txz: 100% 27 KiB 27.4kB/s 00:01
Fetching p5-Socket-2.021.txz: 100% 37 KiB 38.0kB/s 00:01
Fetching p5-Mozilla-CA-20160104.txz: 100% 147 KiB 150.8kB/s 00:01
Checking integrity... done (0 conflicting)
[1/14] Installing p5-Socket-2.021...
[1/14] Extracting p5-Socket-2.021: 100%
[2/14] Installing p5-Net-SSLeay-1.74...
[2/14] Extracting p5-Net-SSLeay-1.74: 100%
[3/14] Installing p5-IO-Socket-IP-0.37...
[3/14] Extracting p5-IO-Socket-IP-0.37: 100%
[4/14] Installing p5-Mozilla-CA-20160104...
[4/14] Extracting p5-Mozilla-CA-20160104: 100%
[5/14] Installing p5-Digest-HMAC-1.03_1...
[5/14] Extracting p5-Digest-HMAC-1.03_1: 100%
[6/14] Installing p5-GSSAPI-0.28_1...
[6/14] Extracting p5-GSSAPI-0.28_1: 100%
[7/14] Installing ca_root_nss-3.26...
[7/14] Extracting ca_root_nss-3.26: 100%
[8/14] Installing p5-IO-Socket-SSL-2.029...
[8/14] Extracting p5-IO-Socket-SSL-2.029: 100%
[9/14] Installing p5-Error-0.17024...
[9/14] Extracting p5-Error-0.17024: 100%
[10/14] Installing cvsps-2.1_2...
[10/14] Extracting cvsps-2.1_2: 100%
[11/14] Installing p5-Authen-SASL-2.16_1...
[11/14] Extracting p5-Authen-SASL-2.16_1: 100%
[12/14] Installing curl-7.50.1...
[12/14] Extracting curl-7.50.1: 100%
[13/14] Installing p5-Net-SMTP-SSL-1.03...
[13/14] Extracting p5-Net-SMTP-SSL-1.03: 100%
[14/14] Installing git-2.9.0...
===> Creating groups.
Creating group 'git_daemon' with gid '964'.
===> Creating users
Creating user 'git_daemon' with uid '964'.
[14/14] Extracting git-2.9.0: 100%
Message from ca_root_nss-3.26:
********************************* WARNING *********************************
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.
Assessment and verification of trust is the complete responsibility of the
system administrator.
*********************************** NOTE **********************************
This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.
This enables SSL Certificate Verification by client software without manual
intervention.
If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.
* /etc/ssl/cert.pem
* /usr/local/etc/ssl/cert.pem
* /usr/local/openssl/cert.pem
***************************************************************************
Message from cvsps-2.1_2:
===> NOTICE:
The cvsps port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:
https://bugs.freebsd.org/bugzilla
More information about port maintainership is available at:
https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from git-2.9.0:
------------------------------------------------------------------------
*************************** GITWEB *************************************
If you installed the GITWEB option please follow these instructions:
In the directory /usr/local/share/examples/git/gitweb you can find all files to
make gitweb work as a public repository on the web.
All you have to do to make gitweb work is:
1) Copy the files /usr/local/share/examples/git/gitweb/* to a directory on
your web server (e.g. Apache2) in which you are able to execute
CGI-scripts.
2) In gitweb.cgi, adjust the variable $projectroot to point to
your git repository (that is where you have your *.git project
directories).
*************************** GITWEB *************************************
*************************** CONTRIB ************************************
If you installed the CONTRIB option please note that the scripts are
installed in /usr/local/share/git-core/contrib. Some of them require
other ports to be installed (perl, python, etc), which you may need to
install manually.
*************************** CONTRIB ************************************
------------------------------------------------------------------------
Also, TTRSS needs a database. I chose to use postgresql, moving away from mysql. To create the necessary user/db:
# su - pgsql $ psql template1 psql (9.5.3) Type "help" for help. template1=# create user ttrss with password 'xxxxxxxx'; CREATE ROLE template1=# create database ttrss; CREATE DATABASE template1=# grant all privileges on database ttrss to ttrss; GRANT template1=# \q $
It is now possible to connect using:
psql -d ttrss -U ttrss
but there won't be a query for a password. This is due to the very trusting configuration in /usr/local/pgsql/data/pg_hba.conf which says:
local all all trust
Replace that “trust” at the end with “md5”, but only after setting a proper password for the superuser, which is pgsql:
$ psql template1 psql (9.5.3) Type "help" for help. template1=# alter user pgsql password 'xxxxxxxx'; template1=# \q
After altering pg_hba.conf, reload postgres and verify the result in the log:
service postgresql reload less /var/log/messages
You should now be able to connect, but with providing a password.
For the same effect using a localhost network connection, also change the IPv4 line from trust to md5, possible the IPv6 one if you use that.
Thankfully, by default only local connections are accepted, no remote ones.
Following the instructions from ttrss, the first step is to clone the git repository:
cd /usr/local/www git clone https://tt-rss.org/git/tt-rss.git tt-rss
This will create the tt-rss directory and put the ttrss files in there.
Next is the VirtualHost config in /usr/local/etc/apache24/extra/httpd-vhosts.conf:
<VirtualHost *:80>
ServerAdmin webmaster@hellsnet.lu
DocumentRoot "/usr/local/www/tt-rss"
<Directory "/usr/local/www/tt-rss">
Require all granted
</Directory>
ServerName ttrss2.hellsnet.lu
ServerAlias www.ttrss2.hellsnet.lu
ErrorLog "/var/log/ttrss.hellsnet.lu-error_log"
CustomLog "/var/log/ttrss.hellsnet.lu-access_log" common
</VirtualHost>
and reload apache.
Make sure to add the corresponding entry in your /etc/hosts file to be able to access it.
Now navigate to the ttrss installer at http://ttrss2.hellsnet.lu/install/, which gives us the installer. Enter the postgresql coordinates there and test the configuration. Oh surprise, some things are missing for now:
PHP support for JSON is required, but was not found.
PHP support for PostgreSQL is required for configured pgsql in config.php
PHP support for hash() function is required but was not found.
PHP support for iconv is required to handle multiple charsets.
PHP support for DOMDocument is required, but was not found.
Ok, let's look at this. The installed PHP is of the 5.6 family, according to “php –version”. Using “pkg search php | grep json”, we find packages php56-json-5.6.30 and php70-json-7.0.15, of which we want the first. Thus, we run:
pkg install php56-json-5.6.30
and, after reloading apache, retry the ttrss test - tada, no more complaining about missing JSON support.
Similarly, we need:
After reloading apache, the re-test is in the green, it does recommend support for CURL though. After adding that then, the only notice is about internationalization functions needed for internationalized domain names.
The next step is to initialize the database. Pressing the corresponding button generates the configuration file contents needed, this is to be copy/pasted into config.php in the tt-rss directory.
Now it should be possible to log straight into ttrss with the default coordinates, but we get errors about some directories not being writeable. Rather than chmod'ing them all to 0777 as instructed, I chose to change ownership to the www user, which succeeded, and giving the group write permission there.
Now log into ttrss with the defaults, and immediately change the admin password. Next, create a normal user and assign it a password. Use that for normal use, add your feeds there.
The feed updater is to be run through cron, not as root but with a user corresponding to the webserver. This can be achieved running from root's crontab anyway, but su'ing to the www user:
su -m www -c "cd /usr/local/www/tt-rss && /usr/local/bin/php ./update.php --feeds --quiet"
I choose to run the feed update every half hour.
To make it work though, there's a thing - ttrss assumes the php executable is located at /usr/bin/php, which it isn't here: it's at /usr/local/bin/php. There are two instances in config.php and update.php to be fixed.
FreeBSD & OpenSSL - check documentation at https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html
A self-signed certificate is ok by me. I'm not interested in dealing with a Let's Encrypt or similar external entity.
mkdir openssl cd openssl openssl req -new -nodes -out req.pem -keyout cert.key -sha256 -newkey rsa:2048 Generating a 2048 bit RSA private key ...........+++ ...................+++ writing new private key to 'cert.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:LU State or Province Name (full name) [Some-State]:Luxembourg Locality Name (eg, city) []:Luxembourg Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hell's Net Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:*.hellsnet.lu Email Address []:webmaster@hellsnet.lu Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:hellsnet.lu root@server2016:~/openssl # ls -l total 8 -rw-r--r-- 1 root wheel 1708 Feb 6 11:55 cert.key -rw-r--r-- 1 root wheel 1090 Feb 6 11:55 req.pem # openssl genrsa -rand -genkey -out cert.key 2048 0 semi-random bytes loaded Generating RSA private key, 2048 bit long modulus .+++ ...............+++ e is 65537 (0x10001) openssl req -new -x509 -days 365 -key cert.key -out cert.crt -sha256 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:LU State or Province Name (full name) [Some-State]:Luxembourg Locality Name (eg, city) []:Luxembourg Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hell's Net Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:*.hellsnet.lu Email Address []:webmaster@hellsnet.lu # ls -l total 12 -rw-r--r-- 1 root wheel 1415 Feb 6 11:58 cert.crt -rw-r--r-- 1 root wheel 1675 Feb 6 11:56 cert.key -rw-r--r-- 1 root wheel 1090 Feb 6 11:55 req.pem root@server2016:~/openssl # ls /etc/ssl/ cert.pem openssl.cnf root@server2016:~/openssl # cp cert.key /etc/ss ssh/ ssl/ root@server2016:~/openssl # cp cert.key /etc/ssl/hellsnet-cert.key root@server2016:~/openssl # cp cert.crt /etc/ssl/hellsnet-cert.crt root@server2016:~/openssl # ls -l /etc/ssl/ total 20 lrwxr-xr-x 1 root wheel 38 Jan 12 02:20 cert.pem -> /usr/local/share/certs/ca-root-nss.crt -rw-r--r-- 1 root wheel 1415 Feb 6 12:00 hellsnet-cert.crt -rw-r--r-- 1 root wheel 1675 Feb 6 12:00 hellsnet-cert.key -rw-r--r-- 1 root wheel 10926 Oct 22 19:06 openssl.cnf
Check the documentation at: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html
Looking at /usr/local/etc/apache24/httpd.conf, mod_ssl is currently not yet enabled.
According to:
cd /usr/ports/www/apache24/ make config
it would seem that SSL support is built in.
The module is there at /usr/local/libexec/apache24/mod_ssl.so
Uncomment in httpd.conf:
LoadModule ssl_module libexec/apache24/mod_ssl.so Include etc/apache24/extra/httpd-ssl.conf
In extra/httpd-ssl.conf:
root@server2016:/usr/local/etc/apache24/extra # apachectl configtest Performing sanity check on apache24 configuration: AH00526: Syntax error on line 92 of /usr/local/etc/apache24/extra/httpd-ssl.conf: SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
In httpd.conf, uncomment the line
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
# apachectl configtest Performing sanity check on apache24 configuration: Syntax OK
Now add vhosts for HTTPS in httpd-vhosts.conf Duplicate the default VirtualHost, change the :80 to :443 and add the lines:
SSLEngine on
SSLCertificateFile "/etc/ssl/hellsnet-cert.crt"
SSLCertificateKeyFile "/etc/ssl/hellsnet-cert.key"
apachectl configtest ist still OK.
Same for the other VirtualHosts.
Add some comments for better overview of the VirtualHosts.
As I'm used to roundcube, might as well stay with it. A pkg is available:
# pkg search roundcube roundcube-1.2.0_1,1 Fully skinnable XHTML/CSS webmail written in PHP roundcube-air-1.4 Theme for RoundCube Web Mail roundcube-automatic_addressbook-0.4.1 Roundcube webmail automatic addressbook plugin roundcube-carddav-1.0.0_1 Roundcube CardDAV plugin roundcube-contextmenu-2.1.2 RoundCube webmail contextmenu plugin roundcube-groupvice-0.1.2 Theme for RoundCube Web Mail roundcube-html5_notifier-0.6.2 HTML5 desktop notifier plugin for roundcube roundcube-login_info-1.2_1 Roundcube login info plugin roundcube-markasjunk2-1.9 Roundcube mark-as-junk / mark-as-not-junk plugin roundcube-mobilecube-3.1.0.030110A Theme for RoundCube Web Mail roundcube-mvision2-2_1 Theme for RoundCube Web Mail roundcube-sauserprefs-1.10_1 Roundcube plugin to manage SpamAssassin prefs roundcube-sieverules-2.1.2,1 Roundcube webmail sieve plugin roundcube-thunderbird_labels-1.1.3 Thunderbird Labels plugin for RoundCube webmail roundcube-umich-20090813 Theme for RoundCube Web Mail roundcube-veximaccountadmin-0.1_2 Roundcube vexim account admin plugin
By 2017-02-07, the package versions for roundcube have changed:
# pkg search roundcube roundcube-1.2.3,1 Fully skinnable XHTML/CSS webmail written in PHP roundcube-air-1.4 Theme for RoundCube Web Mail roundcube-automatic_addressbook-0.4.2 Roundcube webmail automatic addressbook plugin roundcube-carddav-2.0.0 Roundcube CardDAV plugin roundcube-contextmenu-2.1.2 RoundCube webmail contextmenu plugin roundcube-groupvice-0.1.2 Theme for RoundCube Web Mail roundcube-html5_notifier-0.6.2 HTML5 desktop notifier plugin for roundcube roundcube-login_info-1.2_1 Roundcube login info plugin roundcube-markasjunk2-1.9 Roundcube mark-as-junk / mark-as-not-junk plugin roundcube-mobilecube-3.1.0.030110A Theme for RoundCube Web Mail roundcube-mvision2-2_1 Theme for RoundCube Web Mail roundcube-sauserprefs-1.10_1 Roundcube plugin to manage SpamAssassin prefs roundcube-sieverules-2.1.2,1 Roundcube webmail sieve plugin roundcube-thunderbird_labels-1.1.3 Thunderbird Labels plugin for RoundCube webmail roundcube-umich-20090813 Theme for RoundCube Web Mail roundcube-veximaccountadmin-0.1_2 Roundcube vexim account admin plugin
Install roundcube itself:
# pkg install roundcube-1.2.3,1
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Updating database digests format: 100%
The following 10 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
roundcube: 1.2.3,1
php56-exif: 5.6.30
php56-pdo_mysql: 5.6.30
php56-mysql: 5.6.30
pecl-intl: 3.0.0_7
icu: 58.2,1
php56-filter: 5.6.30
php56-zip: 5.6.30
libzip: 1.1.3
php56-fileinfo: 5.6.30
Number of packages to be installed: 10
The process will require 62 MiB more space.
12 MiB to be downloaded.
Proceed with this action? [y/N]: y
Fetching roundcube-1.2.3,1.txz: 100% 3 MiB 2.9MB/s 00:01
Fetching php56-exif-5.6.30.txz: 100% 24 KiB 25.0kB/s 00:01
Fetching php56-pdo_mysql-5.6.30.txz: 100% 16 KiB 16.3kB/s 00:01
Fetching php56-mysql-5.6.30.txz: 100% 17 KiB 17.9kB/s 00:01
Fetching pecl-intl-3.0.0_7.txz: 100% 105 KiB 107.5kB/s 00:01
Fetching icu-58.2,1.txz: 100% 9 MiB 4.7MB/s 00:02
Fetching php56-filter-5.6.30.txz: 100% 19 KiB 19.7kB/s 00:01
Fetching php56-zip-5.6.30.txz: 100% 19 KiB 20.0kB/s 00:01
Fetching libzip-1.1.3.txz: 100% 203 KiB 207.4kB/s 00:01
Fetching php56-fileinfo-5.6.30.txz: 100% 191 KiB 195.6kB/s 00:01
Checking integrity... done (0 conflicting)
[1/10] Installing php56-mysql-5.6.30...
[1/10] Extracting php56-mysql-5.6.30: 100%
[2/10] Installing icu-58.2,1...
[2/10] Extracting icu-58.2,1: 100%
[3/10] Installing libzip-1.1.3...
[3/10] Extracting libzip-1.1.3: 100%
[4/10] Installing php56-exif-5.6.30...
[4/10] Extracting php56-exif-5.6.30: 100%
[5/10] Installing php56-pdo_mysql-5.6.30...
[5/10] Extracting php56-pdo_mysql-5.6.30: 100%
[6/10] Installing pecl-intl-3.0.0_7...
[6/10] Extracting pecl-intl-3.0.0_7: 100%
[7/10] Installing php56-filter-5.6.30...
[7/10] Extracting php56-filter-5.6.30: 100%
[8/10] Installing php56-zip-5.6.30...
[8/10] Extracting php56-zip-5.6.30: 100%
[9/10] Installing php56-fileinfo-5.6.30...
[9/10] Extracting php56-fileinfo-5.6.30: 100%
[10/10] Installing roundcube-1.2.3,1...
[10/10] Extracting roundcube-1.2.3,1: 100%
Message from php56-mysql-5.6.30:
****************************************************************************
The following line has been added to your /usr/local/etc/php/ext-20-mysql.ini
configuration file to automatically load the installed extension:
extension=mysql.so
****************************************************************************
Message from php56-exif-5.6.30:
****************************************************************************
The following line has been added to your /usr/local/etc/php/ext-20-exif.ini
configuration file to automatically load the installed extension:
extension=exif.so
****************************************************************************
Message from php56-pdo_mysql-5.6.30:
****************************************************************************
The following line has been added to your /usr/local/etc/php/ext-30-pdo_mysql.ini
configuration file to automatically load the installed extension:
extension=pdo_mysql.so
****************************************************************************
Message from pecl-intl-3.0.0_7:
****************************************************************************
The following line has been added to your /usr/local/etc/php/ext-20-intl.ini
configuration file to automatically load the installed extension:
extension=intl.so
****************************************************************************
Message from php56-filter-5.6.30:
****************************************************************************
The following line has been added to your /usr/local/etc/php/ext-20-filter.ini
configuration file to automatically load the installed extension:
extension=filter.so
****************************************************************************
Message from php56-zip-5.6.30:
****************************************************************************
The following line has been added to your /usr/local/etc/php/ext-20-zip.ini
configuration file to automatically load the installed extension:
extension=zip.so
****************************************************************************
Message from php56-fileinfo-5.6.30:
****************************************************************************
The following line has been added to your /usr/local/etc/php/ext-20-fileinfo.ini
configuration file to automatically load the installed extension:
extension=fileinfo.so
****************************************************************************
Message from roundcube-1.2.3,1:
---------------------------------------------------------------------
FIRST INSTALLATION
If this is a first installation of RoundCube you have to create
a new database and a db user. Read INSTALL for detailed instructions.
UPGRADING
If you already had a previous version of RoundCube installed,
you should check your config files and DB schema are up-to-date.
Read UPGRADING for detailed instructions.
---------------------------------------------------------------------
The roundcube documentation resides in
# ls /usr/local/share/doc/roundcube/ CHANGELOG INSTALL README.md UPGRADING
According to the INSTALL file, we should be fine with postgresql for database.
roundcube itself was installed to /usr/local/www/roundcube. The temp and logs directories must be writable by the webserver, this is the case.
We'll need to create a DB and user for roundcube, plus a VirtualHost in apache, where we'll use breifkescht2.hellsnet.lu
To create the DB:
# su - pgsql
$ psql template1
Password:
psql (9.3.15, server 9.5.5)
WARNING: psql major version 9.3, server major version 9.5.
Some psql features might not work.
Type "help" for help.
template1=# create user roundcube with password 'xxxxxxxxxxxxxx';
CREATE ROLE
template1=# create database roundcube;
CREATE DATABASE
template1=# grant all privileges on database roundcube to roundcube;
GRANT
template1=# \q
$
This we can test right away:
$ psql -d roundcube -U roundcube
Password for user roundcube:
psql (9.3.15, server 9.5.5)
WARNING: psql major version 9.3, server major version 9.5.
Some psql features might not work.
Type "help" for help.
roundcube=> \q
$
The VirtualHost can look like:
# #### breifkescht2.hellsnet.lu ####
<VirtualHost *:80>
ServerAdmin webmaster@hellsnet.lu
DocumentRoot "/usr/local/www/roundcube"
ServerName breifkescht2.hellsnet.lu
RedirectMatch permanent .* https://breifkescht2.hellsnet.lu
ErrorLog "/var/log/breifkescht.hellsnet.lu-error_log"
CustomLog "/var/log/breifkescht.hellsnet.lu-access_log" common
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@hellsnet.lu
DocumentRoot "/usr/local/www/roundcube"
<Directory "/usr/local/www/roundcube">
Require all granted
AllowOverride all
</Directory>
ServerName breifkescht2.hellsnet.lu
ErrorLog "/var/log/breifkescht.hellsnet.lu-error_log"
CustomLog "/var/log/breifkescht.hellsnet.lu-access_log" common
SSLEngine on
SSLCertificateFile "/etc/ssl/hellsnet-cert.crt"
SSLCertificateKeyFile "/etc/ssl/hellsnet-cert.key"
</VirtualHost>
This setup would force redirects to the HTTPS.
The “AllowOverride all” makes sure the htaccess file can be properly interpreted.
One may want to add htaccess protection, as having one's webmail compromised can be extremely annoying.
The INSTALL file also recommends enabling mod_rewrite, so in httpd.conf, uncomment the line:
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
After restarting apache, we can browse to the installer at http://url-to-roundcube/installer/ which here will be http://breifkescht2.hellsnet.lu/installer/ or rather https://breifkescht2.hellsnet.lu/installer/
Once the steps from the installer are done, the installer is to be removed.
Also, one will want to “up” the upload_max_filesize as defined in the .htaccess file, the default of 2M being rather small. Be aware that email attachments are blown up by a factor of 1.4 due to base64 encoding, and individual email sizes are generally limited by the mail servers to reasonable values, allowing for normally sized documents, but not big stuff.
Well, running the installer shows a problem - installing the php56-pgsql package has installed its dependency postgresql93-client, thus deinstalling the postgresql95-server and -client which were in place.
Based on http://stackoverflow.com/questions/37239441/can-pkg-install-without-dependencies-in-freebsd-10-3, one should install php-pgsql from the ports system.
From the FreeBSD Handbook
# cd /usr/ports # make fetchindex (to get the index of ports) # make search name=php56-pgsql Port: php56-pgsql-5.6.30 Path: /usr/ports/databases/php56-pgsql Info: The pgsql shared extension for php Maint: ale@FreeBSD.org B-deps: autoconf-2.69_1 autoconf-wrapper-20131203 gettext-runtime-0.19.8.1_1 indexinfo-0.2.6 libxml2-2.9.4 m4-1.4.18,1 pcre-8.40 perl5-5.24.1 php56-5.6.30 postgresql93-client-9.3.16 readline-6.3.8 R-deps: gettext-runtime-0.19.8.1_1 indexinfo-0.2.6 libxml2-2.9.4 pcre-8.40 perl5-5.24.1 php56-5.6.30 postgresql93-client-9.3.16 readline-6.3.8 WWW: http://www.php.net/
Ok, the recommendation at https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html goes a slightly different way:
# portsnap fetch (takes quite a while) # portsnap extract (for first use) # portsnap fetch # portsnap update # portsnap fetch update (simpler in one go) # cd /usr/ports/databases/php56-pgsql # make install # make clean (or: # make install clean in one go) # cd /usr/ports/databases/php56-pdo_pgsql # make install clean
There's been another issue - my use of TLS and a self-signed certificate. It turns out OpenSSL will try to verify that but will fail. There is a possibility however according to https://bbs.archlinux.org/viewtopic.php?id=193012, indeed you can add a few undocumented parameters in the configuration:
$config['default_host'] = 'tls://mail.my_domain.org';
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => 'mail.my_domain.org',
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
'cafile' => '/etc/ssl/certs/ssl-cert-cyrus.my_domain.org.pem',
),
);
The domain as provided in the PEM file needs to correspond to the peer_name, the default_host needs to be prefixed with
tls://
, then things end up working.
Candidates:
Comparison Docs:
Candidates: