From owner-freebsd-questions@FreeBSD.ORG Mon Oct 4 06:59:11 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3515C16A4CE for ; Mon, 4 Oct 2004 06:59:11 +0000 (GMT) Received: from relay.pixi.com (relay.pixi.com [206.127.224.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBCEF43D45 for ; Mon, 4 Oct 2004 06:59:10 +0000 (GMT) (envelope-from knowtree@aloha.com) Received: from carter.pixi.com ([206.127.224.102]:4080 "EHLO carter.pixi.com") by relay.pixi.com with ESMTP id S9344AbUJDG7K (ORCPT ); Sun, 3 Oct 2004 20:59:10 -1000 Received: from Internal (206.127.224.85) by carter with SMTP; Mon, 04 Oct 2004 06:59:15 GMT X-Titankey-e_id: <96c85fc2-52ca-443c-ace4-3de90ccf2663> Received: from vaiosr7k.ozland (atm-251-63.pixi.com [206.127.251.63]) by koa.aloha.com (8.12.10/8.12.2) with ESMTP id i946vqBH017257; Sun, 3 Oct 2004 20:57:53 -1000 (HST) From: Gary Dunn To: Remko Lodder In-Reply-To: <415F26E7.1020200@elvandar.org> References: <35BF716A-14B7-11D9-9E70-000D9333E43C@secure-computing.net> <415F1AA5.3080001@elvandar.org> <554B282C-14BE-11D9-9E70-000D9333E43C@secure-computing.net> <415F26E7.1020200@elvandar.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1096872134.2641.17.camel@vaiosr7k.ozland> Mime-Version: 1.0 X-Mailer: Evolution/0.13 (Preview Release) Date: 03 Oct 2004 20:47:35 -1000 cc: Eric Crist cc: FreeBSD Questions Subject: Re: Starting apache at boot with SSL. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2004 06:59:11 -0000 On Sat, 2004-10-02 at 12:08, Remko Lodder wrote: > Eric Crist wrote: > > > > Remko, > > > > My bad. I'm using apache 1: > > Ah, that's a bit of a different story, > > Do you use the next generation startup script? > If so then it would have had the following options > available to you: > > apache_enable="YES" (which you have) > apache_flags="-DSSL" (which you do not yet have). > > This should work according to > /usr/ports/www/apache13-modssl/files/rcng.sh > > Cheers! > > > > > grog# /usr/local/sbin/httpd -v > > Server version: Apache/1.3.31 (Unix) > > Server built: Jul 13 2004 17:51:03 > > > > I have apache_enable="YES" in /etc/rc.conf. I would assume I use > > apachessl_enable="YES"? Thanks. I chose to protect my SSL cert with a passphrase. This makes automatic startup at boot impossible. I use FBSD 4.10, and apache would normally start via a script in /usr/local/etc/rc.conf. I just made sure there was no .sh script for apache, and start it myself using apachectl startssl. The problem with this setup is that if the server reboots in the middle of the night the web server does not come on, but this almost never happens anyway. You have to balance security with convenience to fit your situation, and I chose security.