How to Install Apache Webserver on FreeBSD 14.0

Introduction

Apache is an open-source high-performance webserver for delivering web applications. You can use Apache to serve static web content or integrate it with database servers like MySQL or PostgreSQL to serve dynamic web content.

In this guide, you'll install Apache webserver on FreeBSD 14.0, set up virtual hosts, and configure an SSL certificate to secure the webserver.

Prerequisites

Before you begin:

• Deploy a FreeBSD 14.0 instance on Vultr.
• Access the instance using SSH.
• Create a non-root sudo user.
• Create a new domain A record and point it to the Vultr nameservers. This guide uses the app.example.com example domain.

Install Apache

Apache is available in the default package repositories on FreeBSD 14.0. Follow the steps below to install Apache.

1. Update the server's package information index.

   console Copy

   $ sudo pkg update
   

2. Install Apache.

   console Copy

   $ sudo pkg install apache24
   

Manage the Apache System Service

Apache runs as apache24 system service in FreeBSD 14.0. Follow the steps below to manage the service.

1. Enable the Apache system service to automatically start at boot.

   console Copy

   $ sudo sysrc apache24_enable="YES"
   

   Output:

   apache24_enable: -> YES

2. Start the Apache service.

   console Copy

   $ sudo service apache24 start
   

   Output:

   Syntax OK
   Starting apache24

3. View the Apache service status and verify it's running.

   console Copy

   $ sudo service apache24 status
   

   Output:

   apache24 is running as pid 1634

4. Stop the Apache service.

   console Copy

   $ sudo service apache24 stop
   

   Output:

   Stopping apache24.
   Waiting for PIDS: 1634

5. Restart Apache.

   console Copy

   $ sudo service apache24 restart
   

Create a New Apache Virtual Host

You can configure different Apache virtual hosts to run multiple websites and web applications on one server. Follow the steps below to create a new Apache virtual host for the app.example.com domain.

1. Create a new Apache virtual host configuration file in the /usr/local/etc/apache24/Includes/ directory. For example, app.example.com.conf.

   console Copy

   $ sudo vi /usr/local/etc/apache24/Includes/app.example.com.conf
   

2. Add the following contents to the file. Replace app.example.com with your domain and webadmin@example.com with your web administrator's email address.

   apacheconf Copy

   <VirtualHost *:80>
       ServerAdmin webadmin@example.com
       ServerName app.example.com
   
       DocumentRoot "/usr/local/www/app.example.com"
       DirectoryIndex index.html index.php
   
       <Directory "/usr/local/www/app.example.com">
           Options -Indexes
           AllowOverride All
           Require all granted
       </Directory>
   
       ErrorLog "/var/log/app.example.com-error_log"
       CustomLog "/var/log/app.example.com-access_log" combined
   </VirtualHost>
   

   Save and close the file.

   The above Apache configuration creates a new virtual host that listens for incoming connections for the app.example.com domain. Then, the virtual host serves contents from the /usr/local/www/app.example.com directory. Within the configuration:

   • <VirtualHost *:80>: Configures Apache to listen for incoming requests on the HTTP port 80.
   • ServerAdmin webadmin@example.com: Specifies the Apache web administrator's email for receiving critical error and alert emails.
   • ServerName app.example.com: Sets the virtual host's domain name.
   • DocumentRoot "/usr/local/www/app.example.com": Sets the virtual host's web root directory.
   • DirectoryIndex index.html index.php: Sets the default index file order to serve when a user visits the virtual host domain app.example.com.
   • <Directory "/usr/local/www/app.example.com">: Defines the web root directory configurations.
   • Options -Indexes: Disables Apache directory listing.
   • AllowOverride All: Allows the .htaccess configuration to override the Apache virtual host configuration.
   • Require all granted: Allows all users to access files in the web root directory.
   • ErrorLog "/var/log/app.example.com-error_log": Creates a custom log file to store Apache errors.
   • CustomLog "/var/log/app.example.com-access_log" combined: Creates a custom log file to store the Apache access log with the combined log format.

3. Create the virtual host's web root directory.

   console Copy

   $ sudo mkdir -p /usr/local/www/app.example.com
   

4. Create a new index.html web application file in the /usr/local/www/app.example.com directory using a text editor like vi.

   console Copy

   $ sudo vi /usr/local/www/app.example.com/index.html
   

5. Add the following contents to the index.html file.

   html Copy

   <!DOCTYPE html>
   <html lang="en">
       <head>
           <meta charset="UTF-8">
           <meta name="viewport" content="width=device-width, initial-scale=1.0">
           <title>Apache Virtual Host Application</title>
       </head>
       <body>
           <h1>Greetings from Vultr</h1>
       </body>
   </html>
   

   Save and close the file.

   The above HTML application displays a Greetings from Vultr message when you access your domain URL in a web browser.

6. Test the Apache configuration for errors.

   console Copy

   $ sudo apachectl configtest
   

   Output:

   Performing sanity check on apache24 configuration:
   AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
   Syntax OK

7. Change the /usr/local/www/app.example.com directory ownership to www, the default Apache user and group.

   console Copy

   $ sudo chown -R www:www /usr/local/www/app.example.com
   

8. Restart Apache to apply the configuration changes.

   console Copy

   $ sudo service apache24 restart
   

Secure the Apache Webserver

By default, Apache listens for HTTP connections on port 80. Follow the steps below to enable secure HTTPS connections on port 443 by installing an SSL certificate.

1. Install the Certbot Let's Encrypt client tool for Apache.

   console Copy

   $ sudo pkg install py311-certbot-apache
   

2. Enable the Apache mod_rewrite module.

   console Copy

   $ sudo sed -i '' 's/#LoadModule rewrite_module libexec\/apache24\/mod_rewrite.so/LoadModule rewrite_module libexec\/apache24\/mod_rewrite.so/' /usr/local/etc/apache24/httpd.conf
   

3. Enable the mod_ssl module.

   console Copy

   $ sudo sed -i '' 's/#LoadModule ssl_module libexec\/apache24\/mod_ssl.so/LoadModule ssl_module libexec\/apache24\/mod_ssl.so/' /usr/local/etc/apache24/httpd.conf
   

   The above commands uncomment and enable the following modules in the /usr/local/etc/apache24/httpd.conf file.

   LoadModule rewrite_module libexec/apache24/mod_rewrite.so
   LoadModule ssl_module libexec/apache24/mod_ssl.so

4. Generate a new SSL certificate for your virtual host domain. Replace app.example.com with your actual domain and hello@example.com with your active email address.

   console Copy

   $ sudo certbot --apache -d app.example.com --agree-tos
   

5. Test the Certbot SSL certificate auto-renewal process.

   console Copy

   $ sudo certbot renew --dry-run
   

   Output:

   Account registered.
   Simulating renewal of an existing certificate for app.example.com
   
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Congratulations, all simulated renewals succeeded: 
     /usr/local/etc/letsencrypt/live/app.example.com/fullchain.pem (success)
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6. Restart Apache to apply the SSL configuration changes.

   console Copy

   $ sudo service apache24 restart
   

Set Up Firewall Rules

FreeBSD supports multiple firewall packages that filter network traffic on the server. No default firewall package is active, and you can install or use any firewall tool, such as ipfw to allow network connections on the server. Follow the steps below to enable ipfw and allow HTTP and HTTPS connections on the server.

1. Enable the ipfw firewall service to automatically start ipfw at system boot.

   console Copy

   $ sudo sysrc firewall_enable="YES"
   

   Output:

   firewall_enable: NO -> YES

2. Disable ipfw from outputting information to the standard output (STDOUT).

   console Copy

   $ sudo sysrc firewall_quiet="YES"
   

   Output:

   firewall_quiet: NO -> YES

3. Set the firewall type to workstation.

   console Copy

   $ sudo sysrc firewall_type="workstation"
   

   Output:

   firewall_type: UNKNOWN -> workstation

4. Allow SSH, HTTP, and HTTPS network connections through the firewall.

   console Copy

   $ sudo sysrc firewall_myservices="ssh/tcp http/tcp https/tcp"
   

   Output:

   firewall_myservices:  -> ssh/tcp http/tcp https/tcp

5. Enable network connections from any host to your server.

   console Copy

   $ sudo sysrc firewall_allowservices="any"
   

   Output:

   firewall_allowservices:  -> any

6. Log all blocked network connections to /var/log/security.

   console Copy

   $ sudo sysrc firewall_logdeny="YES"
   

   Output:

   firewall_logdeny: NO -> YES

7. View all active firewall configurations.

   console Copy

   $ cat /etc/rc.conf | grep firewall
   

   Output:

   firewall_enable="YES"
   firewall_quiet="YES"
   firewall_myservices="ssh/tcp http/tcp https/tcp"
   firewall_type="workstation"
   firewall_allowservices="any"
   firewall_logdeny="YES"

8. Start the ipfw firewall service.

   console Copy

   $ sudo service ipfw start
   

9. Access your domain URL in a web browser such as Chrome and verify that your web application runs and displays the Greetings from Vultr message.

   https://app.example.com

   

Conclusion

You have installed Apache webserver on FreeBSD 14.0, set up a virtual host, and configured an SSL certificate to secure the webserver. You can run multiple websites on the same server by configuring additional virtual hosts. For more information, visit the Apache documentation.