The default method FreeBSD uses to build the apache webserver from ports is too inflexible for my liking. This is a general guide intended to show you how to build apache with mod-ssl and mod-perl enabled.

The advantage over a ports or package install is that we know exactly what we are getting in the end. The disadvantage with doing it this way is that the ports are not registered in the package database and that we’ll have to install the init scripts into /usr/local/etc/rc.d.

Shell access is assumed. You should perform the following as root.

We begin by making a directory for our source tarballs. In this example I have chosen to place the sources under a directory under /usr/local. You may wish to use some other directory to suit your taste.

mkdir /usr/local/src
cd /usr/local/src

Next we fetch the needed tarballs. I have used the fetch command here, alternatively you could use wget if you have installed it or Lynx if it is installed.

1. Fetch source tarballs.


fetch ftp://ftp.ossp.org/pkg/lib/mm/mm-1.3.1.tar.gz
fetch http://www.openssl.org/source/openssl-0.9.8.tar.gz
fetch http://www.modssl.org/source/mod_ssl-2.8.23-1.3.33.tar.gz
fetch http://httpd.apache.org/dist/httpd/apache_1.3.33.tar.gz
fetch http://perl.apache.org/dist/mod_perl-1.0-current.tar.gz


2. Unpack source tarballs.


tar zxvf mm-1.3.1.tar.gz
tar zxvf openssl-0.9.8.tar.gz
tar zxvf mod_ssl-2.8.23-1.3.33.tar.gz
tar zxvf apache_1.3.33.tar.gz
tar zxvf mod_perl-1.0-current.tar.gz

After untarring the tarballs you can delete them or put them in a temporary directory in case you need to use them again. I tend to put them in a directory called tarballs and keep them until I’m happy with the install.

mkdir /usr/local/src/tarballs


mv mm-1.3.1.tar.gz /usr/local/src/tarballs
mv openssl-0.9.8.tar.gz /usr/local/src/tarballs
mv mod_ssl-2.8.23-1.3.33.tar.gz /usr/local/src/tarballs
mv apache_1.3.33.tar.gz /usr/local/src/tarballs
mv mod_perl-1.0-current.tar.gz /usr/local/src/tarballs


3. Configure and build mm:

OSSP mm is a 2-layer abstraction library which simplifies the usage of shared memory between forked (and this way strongly related) processes under Unix platforms.


cd /usr/local/src/mm-1.3.1/
./configure --disable-shared
make
make install


4. Configure and build openssl.

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.


cd /usr/local/src/openssl-0.9.8
sh config no-idea -fPIC
make depend
make
make test
make install


5. Configure and build mod_ssl.

This module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson.


cd /usr/local/src/mod_ssl-2.8.19-1.3.33
./configure --with-apache=../apache_1.3.33 --with-ssl=../openssl-0.9.8 --with-mm=../mm-1.3.1


You will see a message at the end of the make instructing you to change to the apache source directory. Rather than follow these instructions we will pass our own directives to apache, after we build mod_perl.

6. Configure and build mod_perl

The following perl modules are needed to build mod_perl. They can be installed from ports or via cpan.

cd /usr/ports/www/p5-HTML-Parser
make
make install
make clean
make distclean


cd /usr/ports/www/p5-LWP-Authen-Wsse
make
make install
make clean
make distclean

Once the perl-modules are installed, we configure mod_perl and build it.

cd /usr/local/src/mod_perl
perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.33/src USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1
make
make install


7. Configure and build apache.

Before building apache, we need to add the user and group that apache will run under:

First we add the group www, with gid of 80

pw groupadd www -g 80

Now we add the username www,

pw useradd www -u 80 -g www -h - \
-s "/sbin/nologin" -d "/nonexistent" \
-c "World Wide Web Owner"


This adds the username www, with uid 80, under the group www. The -h - option means that no logins will be accepted (see man pw for details). The user www is added with default shell /sbin/nologin and with user directory /nonexistent.

After we have built and configured openssl, mod_ssl and mod_perl, we are ready to configure and build apache.

cd /usr/local/src/apache_1.3.33


./configure --prefix=/usr/local \
--server-uid=www \
--server-gid=www \
--with-perl=/usr/bin/perl \
--with-layout=FreeBSD \
--datadir=/usr/local/www \
--htdocsdir=/usr/local/www/data \
--cgidir=/usr/local/www/cgi-bin \
--without-confadjust \
--enable-module=most \
--enable-module=auth_db \
--enable-module=mmap_static \
--disable-module=auth_dbm \
--enable-shared=max \
--enable-module=rewrite \
--enable-module=so \
--enable-shared=ssl \
--enable-module=ssl \
--activate-module=src/modules/perl/libperl.a \
--enable-module=perl


make
make certificate
make install



+--------------------------------------------------------+
| You now have successfully built and installed the
| Apache 1.3 HTTP server. To verify that Apache actually
| works correctly you now should first check the
| (initially created or preserved) configuration files
|
| /usr/local/etc/apache/httpd.conf
|
| and then you should be able to immediately fire up
| Apache the first time by running:
|
| /usr/local/sbin/apachectl start
|
| Or when you want to run it with SSL enabled use:
|
| /usr/local/sbin/apachectl startssl
|
| Thanks for using Apache. The Apache Group
| http://www.apache.org/
+--------------------------------------------------------+


As you can see from the message above, the apache configuration files
are in /usr/local/etc/apache. You may want to edit httpd.conf now
before you run up apache for the first time.

You can go ahead and run up apache now. Just type in

/usr/local/sbin/apachectl start

or simply apachectl start if apachectl is in your path.

We now proceed to some final configuration steps.

8. Install boot scripts and enable apache at boot time

To enable apache at boot time, we add apache.sh to /usr/local/etc/rc.d/

We copy the apache.sh script provide under /usr/ports/www/apache13/files

cp /usr/ports/www/apache13/files/apache.sh /usr/local/etc/rc.d/apache.sh

The file needs a few adjustments,

cd /usr/local/etc/rc.d

and edit apache.sh with your favourite text editor.

Look for the line .%%RC_SUBR%% and replace it with ./usr/local/etc/rc.subr

Next look for the line command="%%PREFIX%%/sbin/httpd"
and replace it with command="/usr/local/sbin/httpd"

Finally, we need to make sure apache.sh is executable,

chmod 755 apache.sh

and we need to add a line to rc.d to enable apache at boot time

echo 'apache_enable="YES"' >> /etc/rc.conf