A howto get a full functioning webserver on pfsense via vhost
-
A requested HowTo
For those that wish to have a functional webserver on their pfsense router/firewall to handle content internally ( or otherwise)
I simplified it as easy as possibleInstalling the packages and preparing pfsense vhost
( from a clean install)go to system > packages
install BandwidthD ( installs most of GD libaries)
install Vhostthen go to System > advance
give pfsense a non standard TCP port ie: 11111 ( do not forget to be able to log into pfsense you have to add the port number to your ip ie: https://192.168.1.1:11111)
disable WebGUI redirect
enable secure shellyou should now be able to use port 80 as your webserver port ( internal (lan) and externally (wan) )
now use putty or terminal to ssh into pfsence
ie: ssh root@192.168.1.1go to shell (8 )
copy and paste each line to shell command line and press enter ( any deviation can break pfsense)
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-gd-5.2.13_3.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/t1lib-5.1.2_1,1.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/libX11-1.3.3,1.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/libXpm-3.5.7.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/libxcb-1.6.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/libXau-1.0.5.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/libXdmcp-1.0.3.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/libpthread-stubs-0.3_3.tbz
pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/mysql-server-5.1.48.tbz
pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/mcrypt-2.6.8_1.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/php52-mcrypt-5.2.13_3.tbz
pkg_add -rfi http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/libltdl-2.2.6b.tbztouch /etc/php_dynamodules/pdo
touch /etc/php_dynamodules/pdo_sqlite
touch /etc/php_dynamodules/gd
touch /etc/php_dynamodules/mysql
touch /etc/php_dynamodules/json
touch /etc/php_dynamodules/mcrypt
touch /etc/php_dynamodules/dom
touch /etc/php_dynamodules/sqlite/etc/rc.php_ini_setup
/usr/local/bin/mysql_install_db
chmod 777 /var/db/mysql
chmod 777 /var/db/mysql/mysql
chmod 777 /var/db/mysql/mysql/.
mv /usr/local/etc/rc.d/mysql-server /usr/local/etc/rc.d/mysql-server.shnow if you are familar with vi continue to enter this line and then edit the following
vi /usr/local/etc/rc.d/mysql-server.sh
changed
: ${mysql_enable="NO"}
to
: ${mysql_enable="YES"}save the file
I am not so great at vi so I usually use filezilla log into the server and use the ftp program to edit the file
to log in pfsense with filezilla the user name is not admin it is always root and the port is 22 –
then negotiate to /usr/local/etc/rc.d and edit the file mysql-server.shonce the line is edited
exit
restart webconfiguator ( 11 )
reboot ( 5 )once it reboots ssh into it again and give mysql a password
mysqladmin -u root password "your new password"
now you have a fully functioning webserver on PFsense
To get the web Server running ( vhost)
services > vhosts
click add +
Host: create a simple name ie: info or admin this will create a folder in your web server directory
ip address; assign this to to your wan, lan, opt or virtual ip that you created on your system
post the default is 8001 but if you disabled Webgui redirect as mentioned above then you can use port 80 ( I would suggest if it some form of administration website use a non standard port)
Directory leave this one blank on some installs it breaks vhost if you enter in anything
Certificate & key also leave blank unless you want https websitenow start the vhost services
status > services
click start vhost
( it will not change to green status but it is functioning )test web server
enter in ip plus directory name in browser
ie: Ip 192.168.1.1
if using port 8001 and the host is called info – http://192.168.1.1:8001/info
if using port 80 and host is called admin – http://192.168.1.1/admin
or you can use servers host name ie: http:// pfsense.localdomain/adminIt should display a PHP webpage describing what php module you have installed
Uploading your website
install filezilla or similar program that can handle sftp – http://filezilla-project.org/
host: ip of your pfsense box
user name root
password whatever your password is for you pfsense box
port 22negotiate your way to vhost directories /usr/local/vhosts
copy your php or html websites to your host directory
your DONE
test to see if the website works
Useful php websites
to maintain mysql create vhost and install phpmyadmin ( probably not on port 80 for security reasons)
http://www.phpmyadmin.net
other usefull programs:
server monitor
http://sourceforge.net/projects/phpservermon/a very good content manager
www.joomla.organd much much more
Good luck and have fun ;D
-
Nice write up! :)
You should probably add a security disclaimer of some sort. ;)Steve