OVH FreeBSD adventures 6: F34R the Web.
Recovered 2026-07-13 from the Wayback Machine capture of 2009-12-08 of my first blog (“Living in (this|their?) world”). Exact original publication date unknown; 2009-12-08 is the capture date (upper bound). Parts 1-4 of this series were never archived and are lost.
Let’s setup apache and all its friends
Apache 2.2
portmaster www/apache22 www/mod_fcgid
In addition to the defaults I checked the following modules:
-
SUEXEC for php
-
PROXY, PROXY_HTTP and PROXY_BALANCER for mongrel_cluster
Basic configuration in /usr/local/etc/apache22/httpd.conf
LoadModule fcgid_module libexec/apache22/mod_fcgid.so
#LoadModule suexec_module libexec/apache22/mod_suexec.so
ServerAdmin baptiste@bapt.name
DocumentRoot "/usr/local/www/htdocs"
Options -Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AllowOverride None
Options +FollowSymLinks
Order allow,deny
Allow from all
Include etc/apache22/extra/httpd-vhosts.conf
Include etc/apache22/extra/httpd-default.conf
Include etc/apache22/extra/httpd-ssl.conf
Include etc/apache22/extra/httpd-fcgid.con
/usr/local/etc/apache22/extra/httpd-default.conf
ServerTokens Prod
ServerSignature Off
/usr/local/etc/apache22/extra/httpd-ssl.conf
ServerName ns304017.ovh.net:443
ServerAdmin baptiste@bapt.name
SSLCertificateFile "/etc/ssl/apache2/wildcard.bapt.name.cert"
SSLCertificateKeyFile "/etc/ssl/apache2/wildcard.bapt.name.key"
Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf and comment default vhosts.
mkdir /usr/local/www/htdocs
chown www:www /usr/local/www/htdocs
mkdir /var/log/apache2
chown www:www /var/log/apache2
mkdir /usr/local/www/private
chown www:www /usr/local/www/private
Ensure that the configuration is error-free:
apachectl -t
As ususal, edit /etc/rc.conf and start the service
apache22_enable="YES"
/usr/local/etc/rc.d/apache22 start
PHP5
portmaster lang/php5 lang/php5-extensions security/php-suhosin
As I plan using PHP with suexec and Fcgi I did not check build apache module.
Concerning php5-extensions, I checked:
-
BZ2
-
CURL
-
GD
-
MBSTRING
-
MYSQL
-
MYSQLI
-
OPENSSL
-
PGSQL
-
ZIP
-
ZLIB
Here is how to setup a PHP + suexec + fcgi VHost
cd /usr/local/etc
cp php.ini-recommended php.ini
mkdir -p /usr/local/www/fcgi-bin.d/php5-default/
ln -s /usr/local/bin/php-cgi /usr/local/www/fcgi-bin.d/php5-default/php-fcgi-wrapper
Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf
DocumentRoot "/usr/local/www/htdocs/plop.fr"
ServerName plop.fr
ServerAlias ww.plop.fr
Order deny,allow
Deny from all
Allow from all
DirectoryIndex index.php
CustomLog "/var/log/apache2/plop.fr-access_log" common
/usr/local/etc/apache22/extra/httpd-fcgid.conf
AddHandler fcgid-script .fcgi
IPCConnectTimeout 40
IPCCommTimeout 60
IdleTimeout 300
ProcessLifeTime 1800
MaxProcessCount 100
DefaultMaxClassProcessCount 50
DefaultInitEnv PHPRC=/usr/local/etc
AddHandler php-fcgi .php
Action php-fcgi /fcgi-bin/php-fcgi-wrapper
AddType application/x-httpd-php .php
Alias /fcgi-bin/ /usr/local/www/fcgi-bin.d/php5-default/
SetHandler fcgid-script
Options +ExecCGI
/usr/local/etc/rc.d/apache22 restart
Rails
Install ruby gems.
portmaster devel/ruby-gems
As I prefer to manually manage my gems I won’t use the packaged-ones available in the ports, thus let’s install the gems:
gem install rails mongrel_cluster mysql postgres s3sync
I will use s3sync to backup my data on Amazon’s S3, I will give more details on this later.
Subversion
cd /usr/ports/devel/subversion
make config
Check MOD_DAV_SVN, APACHE2_APR
portmaster devel/subversion
mkdir /usr/local/svn
/usr/local/etc/apache22/httpd.conf
LoadModule dav_module libexec/apache22/mod_dav.so
LoadModule dav_fs_module libexec/apache22/mod_dav_fs.so
LoadModule dav_svn_module libexec/apache22/mod_dav_svn.so
LoadModule authz_svn_module libexec/apache22/mod_authz_svn.so
Subversion vhost in /usr/local/etc/apache22/extra/httpd-vhosts.conf<
ServerName svn.bapt.name
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
ServerName svn.bapt.name
SSLEngine on
SSLCipherSuite ALL:!ADH:!DSS:!EXPORT56:!AES256-SHA:!DHE-RSA-AES256-SHA:@STRENGTH:+3DES:+DES
SSLProtocol all -SSLv2
SSLCertificateFile /etc/ssl/apache2/wildcard.bapt.name.cert
SSLCertificateKeyFile /etc/ssl/apache2/wildcard.bapt.name.key
#SSLCACertificateFile /etc/ssl/certs/hg-ca-cert.pem
SSLCACertificatePath /etc/ssl
SSLRequireSSL
SSLVerifyDepth 1
Order deny,allow
Deny from all
Allow from all
DAV svn
SVNListParentPath on
SVNParentPath /usr/local/svn/
AuthType Basic
AuthName "Gwarf SVN repository"
AuthUserFile /usr/local/www/private/svn.htpasswd
AuthzSVNAccessFile /usr/local/www/private/svnperm
#
Require valid-user
Options Indexes FollowSymlinks
AllowOverride none
order deny,allow
deny from all
allow from all
CustomLog "/var/log/apache2/svn.bapt.name-access_log" common
/usr/local/etc/rc.d/apache22 restart