From owner-freebsd-questions@FreeBSD.ORG Mon Jun 11 16:16:10 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2FD4616A469 for ; Mon, 11 Jun 2007 16:16:10 +0000 (UTC) (envelope-from Patrick.Baldwin@studsvik.com) Received: from bostonserver.studsvik-analytic.com (firewall.studsvik-analytic.com [155.212.59.75]) by mx1.freebsd.org (Postfix) with ESMTP id EADF113C44C for ; Mon, 11 Jun 2007 16:16:09 +0000 (UTC) (envelope-from Patrick.Baldwin@studsvik.com) Received: from [127.0.0.1] (pc245.studsvik-analytic.com [192.168.169.245]) by bostonserver.studsvik-analytic.com (8.12.5/8.12.5) with ESMTP id l5BFm82l022801 for ; Mon, 11 Jun 2007 11:48:09 -0400 (EDT) Message-ID: <466D7112.5060304@studsvik.com> Date: Mon, 11 Jun 2007 11:58:10 -0400 From: Patrick Baldwin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 CC: freebsd-questions@freebsd.org References: <46682C53.8060505@studsvikscandpower.com> <20070608110303.49a9a605@localhost> In-Reply-To: <20070608110303.49a9a605@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner: Found to be clean Subject: Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2007 16:16:10 -0000 Norberto Meijome wrote: > On Thu, 07 Jun 2007 12:03:31 -0400 > Patrick Baldwin wrote: > > >>Hi, I'm running 6.2-RELEASE-p4, and Apache 1.3.37. I'd like to >>add SSL support, but I'm not sure of the best way to go about it. >> > > > may I ask why are you using Apache 1.3.x ? I think Apache 2 has shown itself to > be pretty good and reliable by now Using 1.3.x because I'm trying to set up a webmail server, and most of the docs I could find were written with 1.3.x in mind. Also, I'm more familiar with 1.3.x >>In: >> >>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html >> >>Specifically section 27.7.5.1, it mentions you can add ssl support with >>mod_ssl, but I don't see it in my ports tree. >> >>I also found this: >>http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php >> >>Which seems to suggest that I'd need to have installed the apache >>port /usr/ports/www/apache13-modssl instead of the package apache-1.3.37_3. > > > Indeed. > > >> >>So, do I need to remove the apache-1.3.37_3 package (presumably with >>pkg_delete, as I think that's the cleanest way, please correct me if I'm >>wrong), > > > pkg_deinstall apache-1.3* Excellent, thanks. I hadn't seen pkg_deinstall before, but checking out the man page seems to suggest I really should have been using it instead of pkg_delete; understanding wildcards and being able to recurse through dependencies seems very helpful. >> and re-install from the apache13-modssl port, or is there in >>fact some way to just get mod_ssl and add to my existing Apache >>configuration? > > > There may be, i haven't touched the 1.3 apache stuff for several years. If you > install www/apache22, it builds the SSL components by default. > > >>If both options are possible, is one better than the >>other? > > > You cannot have, by default (ie, withouth tinkering and knowing what you are > doing) both apache13 and apache13-mod_ssl. they are listed conflicts.( in the > Makefile for the port, search for the CONFLICTS line) > OK, I saw that, and then went and checked it for apache2: webmail# pwd /usr/ports/www/apache22 webmail# cat Makefile | grep CONFLICTS CONFLICTS= apache+mod_ssl-1.* apache+mod_ssl+ipv6-1.* apache+mod_ssl+modsnmp-1.* \ CONFLICTS+= apr-1.* This seems to me that I can have apache13 (without any SSL) and apache22 both installed, which would be great for me as I could work on building an SSL capable webmail server while users can still use the old webmail while the new one is in progress. >>I'd prefer not to have to re-do my apache install, but if >>there's some compelling reason I should, I'm interested in knowing it. > > > if you want ssl... Then I'm going to need to re-do apache some way, whether it be re-install and add SSL support to apache13, or move to apache22, got it. >>Also, when I've got it, I want users to have the option to use it, >>not be forced to (tinkering with a Squirrelmail webmail server here), so >>any information on that would be more than welcome. > > > Not sure what you mean by this. Your users will use HTTPS if they so request > it, or HTTP if they point it to http://yourserver/.... > I want my users to have the option to use SSL, but if they're having problems with it (browser issues, etc.) I still want them to be able to read their email, as sometime it's absolutely essential that they be able to keep up with email while on the road. -- Patrick Baldwin Systems Administrator Studsvik Scandpower, Inc. 1087 Beacon St. Newton, MA 02459 1-617-965-7455