Install Apache

Install Apache via ports:

#cd /usr/ports/www/apache22
#make all install clean
(Menu defaults are fine)

Edit /usr/local/etc/apache22/httpd.conf file:

...
ServerAdmin webmaster@domain.tld
...
ServerName www.domain.tld:80
...
# Various default settings
Include etc/apache22/extra/httpd-default.conf

# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
…

Create SSL certificate for Apache:

#mkdir -p /etc/ssl/apache
#cd /etc/ssl/apache
#openssl genrsa -des3 -out server.key 1024
#openssl req -new -key server.key -out server.csr
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
#chmod 0400 /etc/ssl/apache/server.key
#chmod 0400 /etc/ssl/apache/server.crt

Remove SSL passphrase:
(This is entirely optional. I just had a lot of requests for this)

#cd /etc/ssl/apache
#cp server.key server.key.orig
#openssl rsa -in server.key.orig -out server.key

Protect our Apache key files:

#chmod 400 /etc/ssl/apache/*

Edit /usr/local/etc/apache22/extra/httpd-default.conf file:

...
ServerTokens Prod
...
ServerSignature Off
...
HostnameLookups Off
...

Edit /usr/local/etc/apache22/extra/httpd-ssl.conf file:

...
ServerName www.domain.tld:443
...
ServerAdmin webmaster@domain.tld
...
SSLCertificateFile "/etc/ssl/apache/server.crt"
...
SSLCertificateKeyFile "/etc/ssl/apache/server.key"
...

Install Apache startup script and start it:

#echo 'apache22_enable="YES"' >> /etc/rc.conf
#/usr/local/etc/rc.d/apache22 start

Test:

Visiting either “http://domain.tld/” or “http://YOUR_IP/” should now bring up your machine’s default Apache web page (Something along the lines of “It Works!“. Then, visit either “https://domain.tld/” or “https://YOUR_IP/” to test the SSL/TLS. If you see both pages, you’re ready to rock. If not, browse to the top of this Apache Install page and try again. Also, be sure to check your logs to find out if there are any errors. The logs will be located in “/var/log/httpd-*” by default. Seriously, I cannot stress checking logs enough…