Help starting Apache with OpenSSL on FreeBSD 5.1
Roumen Semov
I will be forever grateful to anyone who gives me an idea or
suggestion about the situation I have!
I am running FreeBSD 5.1 and I installed Apache 2.0.46 from source
with options "./configure --enable-so --enable-ssl" after I installed
openssl-0.9.7b from source with options
"./config --prefix=/usr/local/ssl/install
--openssldir=/usr/local/ssl/install/openssl".
After I edited my openssl.conf and httpd.conf config files (I'll
enclose them too) I tried to run apache like this:
"/usr/local/apache2/bin/apachectl startssl" and it started, opened
port 80, it serves http pages but it never opened the https port 443.
What is wrong? I checked the log file(I enclosed this one too) and
there's nothing that gives me a clue about what's wrong, there's no
single error showing there. I had such configuration running really
smoothly before on my FreeBSD 4.7 machine, I even compared the config
files of that old install with the configs of the current one and it
still doesn't work.
Here is my httpd.conf file (without commented lines):
====================================
ServerRoot "/usr/local/apache2"
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
</IfModule>
</IfModule>
<IfModule !mpm_netware.c>
<IfModule !perchild.c>
</IfModule>
</IfModule>
<IfModule !mpm_netware.c>
PidFile logs/httpd.pid
</IfModule>
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild 0
</IfModule>
<IfModule beos.c>
StartThreads 10
MaxClients 50
MaxRequestsPerThread 10000
</IfModule>
<IfModule mpm_netware.c>
ThreadStackSize 65536
StartThreads 250
MinSpareThreads 25
MaxSpareThreads 250
MaxThreads 1000
MaxRequestsPerChild 0
</IfModule>
<IfModule mpmt_os2.c>
StartServers 2
MinSpareThreads 5
MaxSpareThreads 10
MaxRequestsPerChild 0
</IfModule>
Listen 0.0.0.0:80
Listen [::]:80
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
User nobody
Group #-1
</IfModule>
</IfModule>
ServerAdmin y...@your.address
UseCanonicalName Off
DocumentRoot "/usr/local/apache2/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/usr/local/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
UserDir public_html
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log common
ServerTokens Full
ServerSignature On
Alias /icons/ "/usr/local/apache2/icons/"
<Directory "/usr/local/apache2/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /manual "/usr/local/apache2/manual"
<Directory "/usr/local/apache2/manual">
Options Indexes FollowSymLinks MultiViews IncludesNoExec
AddOutputFilter Includes html
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
<IfModule mod_cgid.c>
</IfModule>
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage he .he
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage ko .ko
AddLanguage pt .pt
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .sv
AddLanguage cs .cz .cs
AddLanguage ru .ru
AddLanguage zh-TW .zh-tw
AddLanguage hr .hr
LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca
es sv tw
ForceLanguagePriority Prefer Fallback
AddDefaultCharset ISO-8859-1
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
AddType application/x-tar .tgz
AddType image/x-icon .ico
AddHandler type-map var
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider"
redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>
=============================================
And here is my /usr/local/apache2/conf/ssl.conf file:
=============================================
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost _default_:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName www.semov.com
ServerAdmin y...@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
==============================================
And here is my /usr/local/apache2/logs/error_log (considering I had
"LogLevel debug" in the /usr/local/apache2/conf/httpd.conf file):
=============================================
[Sat Jun 21 19:59:53 2003] [info] Init: Initializing OpenSSL library
[Sat Jun 21 19:59:53 2003] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Sat Jun 21 19:59:53 2003] [info] Loading certificate & private key of
SSL-aware server
[Sat Jun 21 19:59:53 2003] [debug] ssl_engine_pphrase.c(497):
unencrypted RSA private key - pass phrase not required
[Sat Jun 21 19:59:53 2003] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Sat Jun 21 19:59:55 2003] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Sat Jun 21 19:59:55 2003] [debug] ssl_scache_dbm.c(422):
Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Sat Jun 21 19:59:55 2003] [info] Init: Initializing (virtual) servers
for SSL
[Sat Jun 21 19:59:55 2003] [info] Configuring server for SSL protocol
[Sat Jun 21 19:59:55 2003] [debug] ssl_engine_init.c(436): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Sat Jun 21 19:59:55 2003] [debug] ssl_engine_init.c(611): Configuring
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Sat Jun 21 19:59:55 2003] [debug] ssl_engine_init.c(739): Configuring
RSA server certificate
[Sat Jun 21 19:59:55 2003] [debug] ssl_engine_init.c(778): Configuring
RSA server private key
[Sat Jun 21 19:59:55 2003] [info] Server: Apache/2.0.46, Interface:
mod_ssl/2.0.46, Library: OpenSSL/0.9.7a
[Sat Jun 21 19:59:55 2003] [info] Init: Initializing OpenSSL library
[Sat Jun 21 19:59:55 2003] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Sat Jun 21 19:59:55 2003] [info] Loading certificate & private key of
SSL-aware server
[Sat Jun 21 19:59:55 2003] [debug] ssl_engine_pphrase.c(497):
unencrypted RSA private key - pass phrase not required
[Sat Jun 21 19:59:55 2003] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Sat Jun 21 19:59:58 2003] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Sat Jun 21 19:59:58 2003] [info] Init: Initializing (virtual) servers
for SSL
[Sat Jun 21 19:59:58 2003] [info] Configuring server for SSL protocol
[Sat Jun 21 19:59:58 2003] [debug] ssl_engine_init.c(436): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Sat Jun 21 19:59:58 2003] [debug] ssl_engine_init.c(611): Configuring
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Sat Jun 21 19:59:58 2003] [debug] ssl_engine_init.c(739): Configuring
RSA server certificate
[Sat Jun 21 19:59:58 2003] [debug] ssl_engine_init.c(778): Configuring
RSA server private key
[Sat Jun 21 19:59:58 2003] [info] Server: Apache/2.0.46, Interface:
mod_ssl/2.0.46, Library: OpenSSL/0.9.7a
[Sat Jun 21 19:59:58 2003] [notice] Apache/2.0.46 (Unix)
mod_ssl/2.0.46 OpenSSL/0.9.7a configured -- resuming normal operations
[Sat Jun 21 19:59:58 2003] [info] Server built: Jun 21 2003 02:02:40
[Sat Jun 21 19:59:58 2003] [debug] prefork.c(1039): AcceptMutex: flock
(default: flock)
=============================================
If anyone has a clue why Apache won't open the https port and run the
SSL I would greatly appreciate it!
Thank you,
Roumen.
Rainer Duffner
> Hello, everyone!
> I will be forever grateful to anyone who gives me an idea or
> suggestion about the situation I have!
> I am running FreeBSD 5.1 and I installed Apache 2.0.46 from source
> with options "./configure --enable-so --enable-ssl" after I installed
> openssl-0.9.7b from source with options
> "./config --prefix=/usr/local/ssl/install
> --openssldir=/usr/local/ssl/install/openssl".
Try to install from a port (is there a reason why you didn't ?)
cd /usr/ports/www/apache2 && make install clean
or, if you have portupgrade installed
portinstall apache2
See the makefile for various options - SSL is standard.
See
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html
for information about the ports-collection.
cheers,
Rainer
Roumen Semov
> sem...@concord.edu (Roumen Semov) wrote in message news:<428fe16b.03062...@posting.google.com>...
> > Hello, everyone!
> > I will be forever grateful to anyone who gives me an idea or
> > suggestion about the situation I have!
> > I am running FreeBSD 5.1 and I installed Apache 2.0.46 from source
> > with options "./configure --enable-so --enable-ssl" after I installed
> > openssl-0.9.7b from source with options
> > "./config --prefix=/usr/local/ssl/install
> > --openssldir=/usr/local/ssl/install/openssl".
>
> Try to install from a port (is there a reason why you didn't ?)
> cd /usr/ports/www/apache2 && make install clean
> or, if you have portupgrade installed
> portinstall apache2
harder path - as a learning experience, also I always had it installed
from source on previous FreeBSD versions. This time I think I am
getting tired of trying without any success so I may get me the
binaries soon and finish this thing up.
Thank you for your response.
Roumen.
