Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37
Olivier Nicole wrote: [snip] configuration? If both options are possible, is one better than the other? I'd prefer not to have to re-do my apache install, but if there's some compelling reason I should, I'm interested in knowing it. You would have to modify the httpd.conf to activate SSL anyway. Have you a lot of things in the config yet? Just what I needed to get our webmail server running. Initially tried Horde, but ended up running into some problems with that, now trying Squirrelmail. Also, when I've got it, I want users to have the option to use it, not be forced to (tinkering with a Squirrelmail webmail server here), so any information on that would be more than welcome. Any reason why you don't want to force your user to go SSL. They will be exchanging password over the network, better it is crypted, don't you think? Yes, absolutely, that's why I want the option to use SSL. However, we have some users that travel a lot, and sometime they absolutely need to be able to get to their email. SSL introduces another layer of complexity, and thus possibility for failure, into checking their email. While I prefer the security of SSL, if it's a choice between no email access for our travellers and access without SSL, my boss has been pretty clear that access, however it's achieved, is the key issue. If it is a matter of not purchasing a certificate, you can put up a page on the way to install the certificate once for all so the users are not requested again to accept the certificate. While that's not really the issue for me, I'm interested in this idea anyway, as it saves some money and keeps us a little more self sufficient. If you'd care to explain this in further detail, or just point me at a doc somewhere that does, it would be much appreciated. Usual configuration of Apache normally allows you to set-up two servers, one on port 80 that is not crypted and one on port 443 that is using SSL. Both services can share the same web pages, giving acces both with and without SSL. I guess now I need to hit Google and find out how to do this on FreeBSD, as it sounds just like what I want, thanks! Regards, -- Patrick Baldwin Systems Administrator Studsvik Scandpower, Inc. 1087 Beacon St. Newton, MA 02459 1-617-965-7455 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37
Norberto Meijome wrote: On Thu, 07 Jun 2007 12:03:31 -0400 Patrick Baldwin <[EMAIL PROTECTED]> wrote: Hi, I'm running 6.2-RELEASE-p4, and Apache 1.3.37. I'd like to add SSL support, but I'm not sure of the best way to go about it. may I ask why are you using Apache 1.3.x ? I think Apache 2 has shown itself to be pretty good and reliable by now Using 1.3.x because I'm trying to set up a webmail server, and most of the docs I could find were written with 1.3.x in mind. Also, I'm more familiar with 1.3.x In: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html Specifically section 27.7.5.1, it mentions you can add ssl support with mod_ssl, but I don't see it in my ports tree. I also found this: http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php Which seems to suggest that I'd need to have installed the apache port /usr/ports/www/apache13-modssl instead of the package apache-1.3.37_3. Indeed. So, do I need to remove the apache-1.3.37_3 package (presumably with pkg_delete, as I think that's the cleanest way, please correct me if I'm wrong), pkg_deinstall apache-1.3* Excellent, thanks. I hadn't seen pkg_deinstall before, but checking out the man page seems to suggest I really should have been using it instead of pkg_delete; understanding wildcards and being able to recurse through dependencies seems very helpful. and re-install from the apache13-modssl port, or is there in fact some way to just get mod_ssl and add to my existing Apache configuration? There may be, i haven't touched the 1.3 apache stuff for several years. If you install www/apache22, it builds the SSL components by default. If both options are possible, is one better than the other? You cannot have, by default (ie, withouth tinkering and knowing what you are doing) both apache13 and apache13-mod_ssl. they are listed conflicts.( in the Makefile for the port, search for the CONFLICTS line) OK, I saw that, and then went and checked it for apache2: webmail# pwd /usr/ports/www/apache22 webmail# cat Makefile | grep CONFLICTS CONFLICTS= apache+mod_ssl-1.* apache+mod_ssl+ipv6-1.* apache+mod_ssl+modsnmp-1.* \ CONFLICTS+= apr-1.* This seems to me that I can have apache13 (without any SSL) and apache22 both installed, which would be great for me as I could work on building an SSL capable webmail server while users can still use the old webmail while the new one is in progress. I'd prefer not to have to re-do my apache install, but if there's some compelling reason I should, I'm interested in knowing it. if you want ssl... Then I'm going to need to re-do apache some way, whether it be re-install and add SSL support to apache13, or move to apache22, got it. Also, when I've got it, I want users to have the option to use it, not be forced to (tinkering with a Squirrelmail webmail server here), so any information on that would be more than welcome. Not sure what you mean by this. Your users will use HTTPS if they so request it, or HTTP if they point it to http://yourserver/ I want my users to have the option to use SSL, but if they're having problems with it (browser issues, etc.) I still want them to be able to read their email, as sometime it's absolutely essential that they be able to keep up with email while on the road. -- Patrick Baldwin Systems Administrator Studsvik Scandpower, Inc. 1087 Beacon St. Newton, MA 02459 1-617-965-7455 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37
> Which seems to suggest that I'd need to have installed the apache > port /usr/ports/www/apache13-modssl instead of the package apache-1.3.37_3. Right. > So, do I need to remove the apache-1.3.37_3 package (presumably with > pkg_delete, as I think that's the cleanest way, please correct me if I'm You use the same/reverse way to remove that you use to install. > wrong), and re-install from the apache13-modssl port, or is there in > fact some way to just get mod_ssl and add to my existing Apache The you install apache-modssl from the ports. Of course you can install mod-ssl from the source by hand. > configuration? If both options are possible, is one better than the > other? I'd prefer not to have to re-do my apache install, but if > there's some compelling reason I should, I'm interested in knowing it. You would have to modify the httpd.conf to activate SSL anyway. Have you a lot of things in the config yet? > Also, when I've got it, I want users to have the option to use it, > not be forced to (tinkering with a Squirrelmail webmail server here), so > any information on that would be more than welcome. Any reason why you don't want to force your user to go SSL. They will be exchanging password over the network, better it is crypted, don't you think? If it is a matter of not purchasing a certificate, you can put up a page on the way to install the certificate once for all so the users are not requested again to accept the certificate. Usual configuration of Apache normally allows you to set-up two servers, one on port 80 that is not crypted and one on port 443 that is using SSL. Both services can share the same web pages, giving acces both with and without SSL. Bests, olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37
On Thu, 07 Jun 2007 12:03:31 -0400 Patrick Baldwin <[EMAIL PROTECTED]> wrote: > Hi, I'm running 6.2-RELEASE-p4, and Apache 1.3.37. I'd like to > add SSL support, but I'm not sure of the best way to go about it. > may I ask why are you using Apache 1.3.x ? I think Apache 2 has shown itself to be pretty good and reliable by now > In: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html > > Specifically section 27.7.5.1, it mentions you can add ssl support with > mod_ssl, but I don't see it in my ports tree. > > I also found this: > http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php > > Which seems to suggest that I'd need to have installed the apache > port /usr/ports/www/apache13-modssl instead of the package apache-1.3.37_3. Indeed. > > > So, do I need to remove the apache-1.3.37_3 package (presumably with > pkg_delete, as I think that's the cleanest way, please correct me if I'm > wrong), pkg_deinstall apache-1.3* > and re-install from the apache13-modssl port, or is there in > fact some way to just get mod_ssl and add to my existing Apache > configuration? There may be, i haven't touched the 1.3 apache stuff for several years. If you install www/apache22, it builds the SSL components by default. > If both options are possible, is one better than the > other? You cannot have, by default (ie, withouth tinkering and knowing what you are doing) both apache13 and apache13-mod_ssl. they are listed conflicts.( in the Makefile for the port, search for the CONFLICTS line) > I'd prefer not to have to re-do my apache install, but if > there's some compelling reason I should, I'm interested in knowing it. if you want ssl... > Also, when I've got it, I want users to have the option to use it, > not be forced to (tinkering with a Squirrelmail webmail server here), so > any information on that would be more than welcome. Not sure what you mean by this. Your users will use HTTPS if they so request it, or HTTP if they point it to http://yourserver/ _ {Beto|Norberto|Numard} Meijome "Throughout the centuries there were [people] who took first steps down new paths armed only with their own vision." Ayn Rand I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"