Welcome! Log In Create A New Profile


SSl support on pfSENSE (FreeBSD)

Posted by RasKal 
SSl support on pfSENSE (FreeBSD)
September 07, 2009 10:09AM

At first, I know: nginx is not part of the "standard" pfSENSE packages list, but getting it from the port tree is possible, and I think it would be a nice addition.

It seems to me that nginx and nginx-devel have no SSL support (at least from the ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/ repo).

[u]My release:[/u] FreeBSD hostname 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #0: Fri Aug 21 23:03:33 UTC 2009 sullrich@RELENG_2_0__FreeBSD_7_2-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.7 i386

[b]### nginx (stable)[/b]
# ./sbin/nginx -V
nginx version: nginx/0.6.36
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt=-I /usr/local/include --with-ld-opt=-L /usr/local/lib --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-log-path=/var/log/nginx-access.log --with-http_stub_status_module

[b]### nginix-devel[/b]
# /usr/local/sbin/nginx -V
nginx version: nginx/0.7.51
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt=-I /usr/local/include --with-ld-opt=-L /usr/local/lib --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-log-path=/var/log/nginx-access.log --with-http_stub_status_module --with-pcre

The ports were configured without SSL support (missing --with-http_ssl_module)
By the way, it would be nice to have the two below as well.

*) --without-poll_module
*) --with-http_geoip_module

Are nginx FreeBSD ports SSL not compiled because of known issues or is it just an omission?

Tks and kind regards,

P.S. By the way, congratulations for nginx. So far, the test I made (http only) were just amazing!
Re: SSl support on pfSENSE (FreeBSD)
September 07, 2009 01:41PM
I'm not a FreeBSD expert by any means but I am managing one FreeBSD box.

On the "standard" FreeBSD port tree you can install the latest series (0.8.x) from nginx-devel (/usr/ports/www/nginx-devel) and those modules are available. However, as I said, I'm no expert, and soI don't know if you can use that port tree on the "pfSense" distribution.

Jim Ohlstein
open | download - options.png (4.7 KB)
Re: SSl support on pfSENSE (FreeBSD)
September 14, 2009 11:18AM
Ok, I managed to have the latest nginx-devel to compile with the good flags.

I installed a developer ISO, configured pfSENSE to gain Internet connectivity then fetched the ports tree:

[*] portsnap fetch extract
[*] cd /usr/ports/www/nginx-devel
[*] make depends install
[*] Select the modules to compile (the standard ones are already checked in)
[*] Amend pfSENSE lighthttpd to listen to something else than tcp/80
[*] Make sure /etc/rc.conf contains nginx_enable="YES"

Checking that nginx is properly compiled:

# /usr/local/sbin/nginx -V
nginx version: nginx/0.8.14
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-log-path=/var/log/nginx-access.log [b]--with-http_geoip_module[/b] --with-http_realip_module [b]--with-http_ssl_module[/b] --with-http_stub_status_module --with-pcre

And start the daemon: /usr/local/etc/rc.d/nginx start

Check it is running: sockstat -4l | grep nginx

www nginx 32292 7 tcp4 *:80 *:*
root nginx 32291 7 tcp4 *:80 *:*

And point your browser to http://<your_server_ip> ... you should see the "Welcome to nginx" message !

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 109
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready