[freebsd-questions] Best way to add SSL to Apache 1.3.37

Patrick Baldwin Patrick.Baldwin at studsvikscandpower.com
Mon Jun 11 16:16:10 UTC 2007 

Norberto Meijome wrote:

> On Thu, 07 Jun 2007 12:03:31 -0400
> Patrick Baldwin <Patrick.Baldwin at studsvikscandpower.com> wrote:
> 
> 
>>Hi, I'm running 6.2-RELEASE-p4, and Apache 1.3.37.  I'd like to
>>add SSL support, but I'm not sure of the best way to go about it.
>>
> 
> 
> may I ask why are you using Apache 1.3.x ? I think Apache 2 has shown itself to
> be pretty good and reliable by now


Using 1.3.x because I'm trying to set up a webmail server, and most of 
the docs I could find were written with 1.3.x in mind.  Also, I'm more
familiar with 1.3.x

>>In:
>>
>>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html
>>
>>Specifically section 27.7.5.1, it mentions you can add ssl support with 
>>mod_ssl, but I don't see it in my ports tree.
>>
>>I also found this:
>>http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php
>>
>>Which seems to suggest that I'd need to have installed the apache
>>port /usr/ports/www/apache13-modssl instead of the package apache-1.3.37_3.
> 
> 
> Indeed.
> 
> 
>>
>>So, do I need to remove the apache-1.3.37_3 package (presumably with
>>pkg_delete, as I think that's the cleanest way, please correct me if I'm 
>>wrong),
> 
> 
> pkg_deinstall apache-1.3*


Excellent, thanks.  I hadn't seen pkg_deinstall before, but checking
out the man page seems to suggest I really should have been using
it instead of pkg_delete; understanding wildcards and being able
to recurse through dependencies seems very helpful.

>> and re-install from the apache13-modssl port, or is there in
>>fact some way to just get mod_ssl and add to my existing Apache 
>>configuration?  
> 
> 
> There may be, i haven't touched the 1.3 apache stuff for several years. If you
> install www/apache22, it builds the SSL components by default.
> 
> 
>>If both options are possible, is one better than the
>>other?  
> 
> 
> You cannot have, by default (ie, withouth tinkering and knowing what you are
> doing) both apache13 and apache13-mod_ssl. they are listed conflicts.( in the
> Makefile for the port, search for the CONFLICTS line)
> 

OK, I saw that, and then went and checked it for apache2:

webmail# pwd
/usr/ports/www/apache22
webmail# cat Makefile | grep CONFLICTS
CONFLICTS=      apache+mod_ssl-1.* apache+mod_ssl+ipv6-1.* 
apache+mod_ssl+modsnmp-1.* \
CONFLICTS+=     apr-1.*


This seems to me that I can have apache13 (without any SSL) and
apache22 both installed, which would be great for me as I could
work on building an SSL capable webmail server while users can
still use the old webmail while the new one is in progress.

>>I'd prefer not to have to re-do my apache install, but if
>>there's some compelling reason I should, I'm interested in knowing it.
> 
> 
> if you want ssl... 



Then I'm going to need to re-do apache some way, whether it be
re-install and add SSL support to apache13, or move to apache22,
got it.

>>Also, when I've got it, I want users to have the option to use it,
>>not be forced to (tinkering with a Squirrelmail webmail server here), so
>>any information on that would be more than welcome.
> 
> 
> Not sure what you mean by this. Your users will use HTTPS if they so request
> it, or HTTP if they point it to http://yourserver/....
> 

I want my users to have the option to use SSL, but if they're having 
problems with it (browser issues, etc.) I still want them to be able
to read their email, as sometime it's absolutely essential that they
be able to keep up with email while on the road.

-- 
Patrick Baldwin
Systems Administrator
Studsvik Scandpower, Inc.
1087 Beacon St.
Newton, MA 02459
1-617-965-7455

More information about the freebsd-questions mailing list