解法方法:
原來是不小心重覆啟動二次
先看看 /etc/rc.conf
sshd_enable="YES" (或者 sshd2_enable="YES" ,視你安裝的 sshd 而定) 以及 inetd_enable="YES"
看到sshd-跟inetd都被enable起來
我們到 /etc/inetd.conf 看到二行註解都被拿掉了,所以代表上面啟動一次 這裡又啟動一次 ,我們把上面 sshd_enable="YES" 改成 sshd_enable="NO" 重新啟動就可以了。
ssh stream tcp nowait root /usr/local/sbin/sshd sshd -i -4
ssh stream tcp6 nowait root /usr/local/sbin/sshd sshd -i -6
1.查看有那一些apache版本
pkg search apache
2.安裝 最新apache
pkg install apache24
改 /etc/rc.conf 文件,加入 apache24_enable=”YES” 这一行
直接啟動
service apache24 start or
/usr/local/etc/rc.d/apache24 start
會有一些錯誤訊息所以要修改一下Servername
修改 vi/usr/local/ect/apache24/httpd.conf 找到ServerName
改成 把前面#拿掉改成ServerName 172.16.0.241:80 一樣存檔離開
重新啟動apache發現錯誤訊息沒有了
# /usr/local/etc/rc.d/apache24 restart
2.再裝MySql 先找看看有什麼版本
pkg search mysql | grep server
安裝mysql57
pkg install mysql57-server
安裝完加入 啟動
直接在 /etc/rc.conf 中加入 mysql-server_enable=”YES”
啟動mysql
service mysql-server start
安裝好 MySQL 後, MySQL root 密碼預設是空密碼, 執行 mysql_secure_installation, 修改 MySQL 的 root 密碼:
然後它會詢問輸入現時的 root 密碼, 直接留空白按 “Enter”, 然後就可以輸入新的 MySQL root 密碼。其他問題可以直接按 “Enter” 用預設值即可, 之後便完成 MySQL 的安裝了。
3.安裝PHP72版本 PHP要安裝的很多如果缺少什麼就另外安裝
pkg install mod_php72 php72-mysqli
pkg install php72-gd
pkg install php72-pdo_mysql
pkg install php72-session
以上是我有安裝到的提供給大家參考
把這個檔案copy改檔名 /usr/local/etc/php.ini-product /usr/local/etc/php.ini 。
cp /usr/local/etc/php.ini-product /usr/local/etc/php.ini
/usr/local/etc/apache24/httpd.conf 中加入這幾行:
如果httpd.conf有看到 LoadModule php7_module libexec/apache24/libphp7.so 這一行就不必在加了
LoadModule php7_module libexec/apache24/libphp7.so<FilesMatch "\.php$"> SetHandler application/x-httpd-php</FilesMatch><FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source</FilesMatch>DirectoryIndex index.html
改成: DirectoryIndex index.html index.htm index.php 一樣存檔離開
這樣就大部份安裝完成了
首先先安裝:Node.js
1. pkg install node
2. cd /usr/ports/www/node-devel
make install clean
3. pkg install www/npm
npm install n -g
4. 檢查版本 node -v
npm -v
會出現版本訊息 這樣就ok了
安裝Etherpad http://etherpad.org/#download
# /usr/local/www/apache24/data/ether/bin
# ./run.sh
使用 etherpad
開啟瀏覽器, 輸入網址 http://my.linux.host:9001
點擊 New Pad (新記事本) 以隨機名稱建立記事本
於方框輸入記事本名稱 (中文亦可) 建立或進入指定記事本
輸入網址 http://my.linux.host:9001/p/記事本名稱 亦可建立或進入指定記事本\
除所有記事本內容
# rm -f ~etherpad/etherpad-lite/var/*
刪除指定記事本
Step 1. 取得 API Key # cat ~etherpad/etherpad-lite/APIKEY.txt
Step 2. 開啟瀏覽器, 輸入網址 http://my.linux.host:9001/api/1/deletePad?apikey=myAPIkey&padID=padName
使用帳號密碼進行簡易防護
# vi ~etherpad/etherpad-lite/settings.json
取消註解以下內容, 並設置帳號密碼
"requireAuthentication" : true,
"users": {
"admin": {
"password": "密碼",
"is_admin": true
},
"帳號": {
"password": "密碼",
"is_admin": false
}
},
使用加密連線
# cd /etc/pki/tls/certs
# make epl-server.pem
# chown etherpad:etherpad epl-server.pem
# mv epl-server.pem ~etherpad/etherpad-lite/
# vi ~etherpad/etherpad-lite/settings.json取消註解並修改以下內容
"ssl" : {
"key" : "/home/etherpad/etherpad-lite/epl-server.pem",
"cert" : "/home/etherpad/etherpad-lite/epl-server.pem"
},
安裝 Plugin 或編輯設定檔
開啟瀏覽器, 連入 http://my.linux.host:9001/admin/
To install the port:
# cd /usr/ports/www/apache24/ && make install clean
Or, to add the package:
# pkg install www/apache24
Sample outputs:
Fig. 01: Install apache
Add following to the end of “/etc/rc.conf” file to launch Apache at start up:
echo 'apache24_enable="YES"' >> /etc/rc.conf |
To start Apache to make sure it works:
# /usr/local/etc/rc.d/apache24 start
To restart Apache server:
# /usr/local/etc/rc.d/apache24 restart
To stop Apache server:
# /usr/local/etc/rc.d/apache24 stop
You can also use the service command for starting/stoping/restarting Apache server on FreeBSD:
## service command to control Apache server ## service apache24 start service apache24 restart service apache24 stop service apache24 status |
Sample outputs:
Fig.02: Starting/Stopping Apache
Note: If you are getting this error “Could not reliably determine the server's fully qualified domain name, using 127.0.0.1.” Set the ‘ServerName’ directive globally to suppress this message:
Add next line to /usr/local/ect/apache24/httpd.conf file:
ServerName localhost
Replace localhost with the server’s domain name which can be obtained with:
# hostname -f
The package or port to be installed will depend on available MySQL version. As of this writing, the maximum available version is 5.6.
To install the port:
# cd /usr/ports/databases/mysql56-server/ && make install clean
or, to add the package:
# pkg install databases/mysql56-server
Fig.03: Installing mysql database server
To install the port:
# cd /usr/ports/databases/mysql56-client/ && make install clean
or, to add the package:
# pkg install databases/mysql56-client
Finally, /etc/rc.conf must contain the following line to allow the MySQL server to start:
echo 'mysql_enable="YES"' >> /etc/rc.conf |
To start the Mysql server type:
# /usr/local/etc/rc.d/mysql-server start
To restart the Mysql server type:
# /usr/local/etc/rc.d/mysql-server restart
To stop the Mysql server type:
# /usr/local/etc/rc.d/mysql-server stop
You can also use the service command for starting/stoping/restarting mysql server on FreeBSD:
## command to start/stop mysql servers on a FreeBSD 10 ## service mysql-server start service mysql-server restart service mysql-server stop service mysql-server status |
Sample outputs:
Fig.04: Starting/Stopping mysql server
安裝好 MySQL 後, MySQL root 密碼預設是空密碼, 執行 mysql_secure_installation, 修改 MySQL 的 root 密碼:
然後它會詢問輸入現時的 root 密碼, 直接留空白按 “Enter”, 然後就可以輸入新的 MySQL root 密碼。其他問題可以直接按 “Enter” 用預設值即可, 之後便完成 MySQL 的安裝了。
When you build PHP, you need to add the configuration option so that PHP build includes support for the Apache server. Type the following commands:
# cd /usr/ports/lang/php56
# make config
When the menu comes up to select/deselect various build options. You should select:
Fig.05: Build PHP using ports collection
Now you will do the make clean command. I normally do these commands all in one but to get the configuration menu, I do them apart.
# make install clean
Type the following commands to build mod_php for Apache:
# cd /usr/ports/www/mod_php56
# make install clean
Sample outputs:
Fig.06: Install mod_php for Apache
If you aren’t sure if it’s or you didn’t check it with your MySQL install, you will do it the commands the same way so you get the menus to configure to add support for both MySQL and MySQLi to communicate with the MySQL server.
# cd /usr/ports/lang/php56-extensions/
# make config
Fig.07: Install popular extensions for Apache
//選擇幾個常用的項目:CTYPE、CURL、EXIF、GD、GETTEXT、ICONV、IMAP、MBSTRING、OPENSSL、PCRE、SESSION、SOAP、XMLRPC、ZIP、ZLIB
You may also select other extensions as per your PHP apps requirements. Then finish up with:
# make install clean
To configure it you will type the following command that just makes a copy of a file:
# cp /usr/local/etc/php.ini-development /usr/local/etc/php.ini
To configure Apache and open the file:
# ee /usr/local/etc/apache24/httpd.conf
I use ee (feel free to use vi or Emacs) text editor for simple edits, look for this line:
DirectoryIndex index.html
And change it so it reads as follows:
DirectoryIndex index.html index.htm index.php
Find and set the following values as per your domain, IP, and port number:
ServerAdmin webmaster@cyberciti.biz ServerName www.cyberciti.biz:80 Listen :80 |
Save and close the file. Create a file called /usr/local/etc/apache24/modules.d/001_mod_php.conf as follows:
# cat /usr/local/etc/apache24/modules.d/001_mod_php.conf
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
Now restart Apache server:
# /usr/local/etc/rc.d/apache24 restart
OR
# service apache24 restart
Create a file called /usr/local/www/apache24/data/test.php:
# vi /usr/local/www/apache24/data/test.php
Append the following code:
<?php
phpinfo();
?> |
Save and close the file. Fire a web-browser and type the url:
http://your-domain-name/test.php http://your-ip-address/test.php
Sample outputs:
三、安裝PhpMyAdmin
# cd /usr/ports/databases/phpmyadmin
# make install clean;
# mv /usr/local/www/phpMyAdmin /usr/local/www/apache24/data/phpmyadmin
# cd /usr/local/www/data/phpmyadmin
# cp config.inc.php.sample config.inc.php
http://ip/phpmyadmin
裝好 database/phpmyadmin
注意!在編譯設定時,要把APC取消掉,因為它不支援php5.5
預設安裝路徑是/usr/local/www/phpMyAdmin你可以去 www/nginx 下
# ln -s ../phpMyAdmin phpmyadmin
或是透過設定 nginx.conf 來指定 phpMyAdmin 的位置
可以先連線到 localhost/phpmyadmin 測試看看可不可以登入
帳號是root 密碼就是前面設定的那一個
接著到 phpmyadmin 複製設定檔
# cp config.sample.inc.php config.inc.php
如果登入phMyAdmin 出現密碼過期重新設定mysql密碼
接著要修改 mysql root 密碼
# mysqladmin -u root -p password Enter password:(預設密碼是NULL 直接輸入Enter換行) New password: Confirm new password:
Fig.08: Apache + PHP server ready on FreeBSD
step1) 允許使用root與密碼登入
# vi /etc/ssh/sshd_config
------------------------------
......
PermitRootLogin yes
......
PasswordAuthentication yes
......
------------------------------
step2) 開啟SSH可以使用root遠端登入
# vi /etc/inetd.conf
------------拿掉註解------------------
......
ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
......
----------------------------------------
step3) 開機後自動啟動SSH service
# vi /etc/rc.conf
------------------------------
......
sshd_enable="YES"
......
------------------------------
step4)
# /etc/rc.d/sshd restart
轉貼來源:https://pydio.com/en/docs/kb/system/installing-freebsd-nginx-and-php-fpm
Installing the FreeBSD Ports Tree:
First, you need to download the source code for the ports needed with this command:
portsnap fetch extract
Upgrading pkg:
Next, you need to upgrade pkg, which is used to install ports and FreeBSD packages with the following command:
cd /usr/ports/ports-mgmt/pkg && make reinstall clean
Installing nginx, PHP, and MySQL:
Installing nginx:
Now you need to run the following command to get your jail or system ready to install nginx:
cd /usr/ports/www/nginx && make config-recursive
When a configuration dialog pops up, accept the defaults.
In the same directory, run this command to begin the installation of nginx:
make install clean
A dialog box will popup asking what modules to add when compiling nginx, check the following in addition to the defaults:
HTTP_DAV, HTTP_GZIP_STATIC, HTTP_PERL, HTTP_SSL, HTTP_DAV_EXT
On future dialog boxes, accept the defaults.
Installing PHP:
Next, run the following to install PHP5:
cd /usr/ports/lang/php5 && make install clean
A dialog box will popup, asking what options to add when compiling PHP. In addition to the defaults, select:
FPM
On future dialog boxes, accept the defaults.
Next, run the following to install PHP5-Extensions (Modules):
cd /usr/ports/lang/php5-extensions && make install
A dialog box will popup asking what modules to add when compiling PHP-Extension. In addition to the defaults, select:
CURL, GD, IMAP, MBSTRING, MCRYPT, MySQL, MySQLi, OPENSSL, PDO_MySQL, ZIP, ZLIB
On future dialog boxes, accept the defaults.
Installing MySQL:
Now, run the following command to install MySQL:
cd /usr/ports/databases/mysql55-server/ && make install clean
Configuring Auto-start:
Next, you need to make nginx, PHP-FPM, and MySQL start on boot. To do this, edit the rc.conf file with the following command:
ee /etc/rc.conf
Then add the following lines at the end of the file:
nginx_enable="YES"
php_fpm_enable="YES"
mysql_enable="YES"
Configuring MySQL:
To configure MySQL, create the following configuration file with:
ee /usr/local/etc/my.cnf
Then add the following:
# The MySQL server configuration
[mysqld]
socket = /tmp/mysql.sock
# Don't listen on a TCP/IP port at all.
skip-networking
skip-name-resolve
#Expire binary logs after one day:
expire_logs_days = 1
This configuration will disable networking, which you won’t need since Pydio and MySQL will be in the same jail/system. You’ll have to modify this if you plan to have them on separate systems or jails.
Now you can start MySQL with the following command:
service mysql-server start
Next, to further secure MySQL, run the following:
mysql_secure_installation
This command will start up a wizard and ask a series of questions, it is fairly self-explanatory.
Creating the MySQL Database:
Next, startup a MySQL command prompt with this command:
mysql -u root -p
After entering the MySQL root password, you can create a database for Pydio with this command:
CREATE DATABASE pydiodb;
Then create the database user with the following:
CREATE USER "pydio"@"localhost" IDENTIFIED BY "ChangeThisPassword";
Next assign the pydio database user the required rights to pydiodb:
GRANT ALL PRIVILEGES ON pydiodb.* TO "pydio"@"localhost";
Now run the following command to make the changes take effect immediately:
FLUSH PRIVILEGES;
Now you may quit MySQL with the following:
quit
Setting Up Your SSL Certificates:
I recommend you use a purchased and trusted certificate from a Third-Party CA. Once you do so, you may follow their instructions and place your private key and your certificate in (using the mv or cp command):
/usr/local/etc/nginx
Then rename the private key as:
server.key
And rename the certificate (this file typically contains the certificate issued to you, an intermediary CA, and a CA bundled in one crt file) as:
ssl-bundle.crt
However, if you want to use a self-signed certificate, run the following commands:
cd /usr/local/etc/nginx
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out ssl-bundle.crt
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key
Configuring PHP:
To configure PHP, copy the sample PHP config into production with the following command:
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
Next, you need to edit php.ini with this command:
ee /usr/local/etc/php.ini
Then find the following in php.ini:
output_buffering = 4096
;session.save_path = "/tmp"
upload_max_filesize = 2M
post_max_size = 8M
date.timezone = America/Los_Angeles
And set them to something along these lines:
output_buffering = OFF
session.save_path = "/tmp"
upload_max_filesize = 5120M
post_max_size = 5120M
date.timezone = America/New_York
If you want to change the max size for uploads via Pydio, edit the lines upload_max_filesize and post_max_size (the config above changes it to 5GBs).
To find your appropriate timezone, visit PHP’s List of Supported Timezones.
Note: output_buffering may be listed twice in the php.ini file. I’d recommend searching through the file and commenting those out.
Configuring PHP-FPM:
Next, you must edit the PHP-FPM configuration, run the following command:
ee /usr/local/etc/php-fpm.conf
Replace the default config with the following:
[global]
pid = run/php-fpm.pid
[PYDIO]
listen = /var/run/phph-fpm.socket
listen.owner = www
listen.group = www
listen.mode = 0666
listen.backlog = -1
listen.allowed_clients = 127.0.0.1
user = www
group = www
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
Then you must edit the fastcgi_params file with this command:
ee /usr/local/etc/nginx/fastcgi_params
And replace the default contents of the file with this:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
Now you can start PHP-FPM with this command:
service php-fpm start
Configuring nginx:
To edit the nginx configuration, run the following command:
ee /usr/local/etc/nginx/nginx.conf
Then replace the default config with the following:
user www;
### Change the number of workers to the same number of cores your server has
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 512;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# GENERAL
ignore_invalid_headers on;
sendfile on;
server_name_in_redirect off;
server_tokens off;
#SSL
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# TCP
tcp_nodelay off;
tcp_nopush on;
# Timeouts
client_body_timeout 65;
client_header_timeout 65;
keepalive_timeout 65 65;
send_timeout 65;
# Compression
gzip on;
gzip_buffers 256 8k;
gzip_comp_level 9;
gzip_http_version 1.0;
gzip_min_length 0;
gzip_types text/css text/javascript text/mathml text/plain text/xml application/x-javascript application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# Redirects HTTP to HTTPS
server {
listen 80;
### Change the following two lines to match your website name
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
# Prevent Clickjacking
add_header X-Frame-Options "SAMEORIGIN";
}
# PYDIO (ssl/tls)
server {
listen 443 ssl;
### Change the following line to match your website name
server_name example.com www.example.com;
root /usr/local/www/pydio;
index index.php;
### If you changed the maximum upload size in PHP.ini, also change it below
client_max_body_size 5120M;
# Prevent Clickjacking
add_header X-Frame-Options "SAMEORIGIN";
# SSL Settings
### If you are using different names for your SSL certificate and key, change them below:
ssl_certificate /usr/local/etc/nginx/ssl-bundle.crt;
ssl_certificate_key /usr/local/etc/nginx/server.key;
add_header Strict-Transport-Security "max-age=16070400; includeSubdomains";
# Set the custom error pages
error_page 404 = /data/public/404.html;
error_page 403 = /data/public/404.html;
# Logs
error_log /var/log/pydio.nginx.error.log;
### Uncomment the line below if you don't want nginx logging access to the server.
#access_log off;
# Remove direct access to the following folders & files
location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) {
deny all;
}
location ~* /data/public/.*.(ser|htaccess)$ {
deny all;
}
# Stops the annoying error messages in the logs
location ~* ^/(favicon.ico|robots.txt) {
log_not_found off;
}
# WebDAV Rewrites
location /shares {
if (!-f $request_filename) {
rewrite ^/shares /dav.php last;
break;
}
if (!-d $request_filename) {
rewrite ^/shares /dav.php last;
break;
}
}
# Enables PHP
location ~ \.php$ {
fastcgi_pass unix:/var/run/phph-fpm.socket;
try_files $uri =404;
fastcgi_param HTTPS on;
include fastcgi_params;
}
# Enables Caching
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
}
Important: Next, go through the configuration file and look at the comments with three hash symbols (###), and change them to match your environment. If you don’t have DNS setup yet, you can change the redirect (HTTP –> HTTPS) to an IP address.
Downloading and Installing Pydio:
Start off by finding the direct download URL from here:
https://pyd.io/download/
Once you’ve found the URL, run this command to download Pydio to your server,
fetch "http://download.url.here"
Next, you need to extract Pydio with this command:
tar -xzvf pydio-*
Then move the extracted contents to the www folder with this command:
mv pydio-core-5.x.x /usr/local/www/pydio
Note: make sure you replace pydio-core-5.x.x with the name of the extracted folder you see.
Next, you should change ownership and permissions of the pydio folder with these commands:
chown -R www:www /usr/local/www/pydio
chmod -R 770 /usr/local/www/pydio
Next you need to set the locale for Pydio with this command:
ee /usr/local/www/pydio/conf/bootstrap_conf.php
Then set the following:
//define("AJXP_LOCALE", "en_EN.UTF-8");
To:
define("AJXP_LOCALE", "en_US.UTF-8");
Now you can start up nginx with the following:
service nginx start
Accessing Pydio and configuring Pydio:
With all that done, you should now be able to access Pydio at https://192.168.x.x (or whatever the IP address is of your web server).
From there you will be greeted with the Pydio configuration page. On that page, start off by setting up “Admin access”. From there, set a name, a display name, and a passphrase for the Administrator account. Afterwards, go to “Global options” and choose “English” as the “Default Language”.
Then in the “Configurations storage” area, fill in the fields as follows:
Storage Type: Database
Enable Notifications: Yes
Database: MySQL
Host: localhost
Database: pydiodb
User: pydio
Password: The password you chose earlier
Next, click on “Try connecting to the database”. This will verify the connection between Pydio and the MySQL server.
If the configuration is correct, you will have this message: “Connection established!”
Then you may click on “Install Pydio Now!”
Pydio is now setup and ready for you to login with the Administrator account.
Tips:
Upgrading FreeBSD Ports:
When new releases of PHP, nginx, and MySQL come out, you may want to upgrade them. To do this, first install a tool called portupgrade with this command:
cd /usr/ports/ports-mgmt/portupgrade/ && make install clean
When configuration dialog boxes appear, accept the defaults.
Next, you have to update the FreeBSD port tree with this command:
portsnap fetch update
Then to upgrade all ports at once, use the following:
portupgrade -a
Alternatively, you can have portupgrade prompt you before upgrading each port with this:
portupgrade -ai
Afterwards, your ports should all be up to date.
Note: I highly recommend taking a ZFS snapshot if possible before upgrading any ports.
Accessing Mounted Storage In Your Jail With Pydio:
After mounting storage into your jail, it may be tempting to grant your files 777 access to give Pydio access to them. With that said, don’t do it; there is an easy work around. Basically, you can add groups to the jail with the same GroupID as the ones on the host system.
Once at a shell prompt within the jail, find out what the GroupID is of the group that is assigned permissions on the mount with this command:
ls -l /mnt
You’ll then see a list of mount points such as this one:
drwxrwx---+ 7 1002 1001 8 Mar 3 18:35 Finance
The column with 1002 is the UserID, and 1001 is the GroupID. If you want Pydio to have access to the Finance mount, you need need to create the Finance group with a GroupID of 1001 in the jail, and have the www user in it.
To do this, start by editing /etc/group with this command:
ee /etc/group
Then add this to the bottom of the file:
Finance:*:1001:www
After saving the file, you can look at the permissions of the mount again by using:
ls -l /mnt
Now, you should see the following instead:
drwxrwx---+ 7 1002 Finance 8 Mar 3 18:35 Finance
You are now done. Pydio (www user) will now have access to the Finance mount.
Setting up Email For Pydio:
To setup email for Pydio, you may follow this tutorial and scroll down to FreeBSD:
Setting a Default umask for PHP-FPM:
Although Pydio does allow for a default chmod on new files in a workspace, it will overwrite the inherited ZFS ACLs. This can cause issues when you’d like users to be able to access these same files on a Samba 4+ share.
A workaround for this is to set a default umask for PHP-FPM. To do this, edit PHP-FPM’s startup script with this command:
ee /usr/local/etc/rc.d/php-fpm
Next, add the following under “rcvar=php_fpm_enable”:
umask 0006
This will grant files and folders the following permissions:
Owner: rwx
Group: rwx
Everyone:
My inherited ACLs remain such as this:
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWc--s:fd----:allow
For this change to take effect, restart PHP-FPM with the following command:
service php-fpm restart
Fixing The 404 Error Page:
Depending on what URL is requested and not found/forbidden, the image (circle with a line through it) on the error page may not show up properly since the image src is using a relative path.
To fix this, edit the error page with this command:
ee /usr/local/www/pydio/data/public/404.html
Then change this:
<img src="button_cancel.png" style="position: absolute;left: 41px;border: 0px; top:36px;">
To the following, while replacing example.com with your domain name:
<img src="https://example.com/data/public/button_cancel.png" style="position: absolute;left: 41px;border: 0px; top:36px;">
Using the OpenSSL port instead of the one included with FreeBSD:
To ensure OpenSSL remains up to date, it’s best to use the ports version of it instead of the one included with FreeBSD. That way if a vulnerability is found, you can easily update OpenSSL with portupgrade.
To start, make sure your port tree is up to date with this command:
portsnap fetch update
Now edit /etc/make.conf:
ee /etc/make.conf
Then add the following line to /etc/make.conf. This will ensure that when ports require OpenSSL, they will use the ports version during compilation instead of the one included with FreeBSD:
WITH_OPENSSL_PORT=yes
Now install the OpenSSL port:
cd /usr/ports/security/openssl && make install clean
Since you’ve most likely already installed many applications that use OpenSSL, you’ll have to reinstall them so that they use the ports version with this command:
portupgrade -Rrf security/openssl
Note: If you don’t have portupgrade already installed, you can follow the steps a few sections above.
Nginx, MySQL, and PHP can be combined together easily as a powerful solution for serving dynamic content on the web. These three pieces of software can be installed and configured on a FreeBSD machine to create what is known as a FEMP stack.
In this guide, we will demonstrate how to install a FEMP stack on a FreeBSD 10.1 server. We will be installing the software using packages in order to get up and running more quickly. These packages provide reasonable defaults that work well for most servers.
To begin, we will install all of the software we need using FreeBSD packages system. The "install" command will update our local copy of the available packages and then install the packages we have requested:
sudo pkg install nginx mysql56-server php56 php56-mysql
This will download and install an Nginx web server to serve our content, a MySQL database server used to store information, and the PHP processing language to process dynamic content.
Once the installation is complete, make sure to run the rehash command if you are running the default tcsh shell. This makes the shell aware of the new applications you installed:
rehash
When you are finished, you can move on to begin enabling and configuring your components.
In the last section, we downloaded three separate services that will need to run on our server.
In order for FreeBSD to start these as conventional services, we need to tell FreeBSD that we want to enable them. This will allow us to handle them as services instead of one-time applications and it will also configure FreeBSD to automatically start them at boot.
First, we need to know the correct rc parameter to set for each service. The service scripts, which are located in the /usr/local/etc/rc.d directory, define the parameter that should be used to enable each server using the rcvar variable. We can see what each service's rcvar is set to by typing:
grep rcvar /usr/local/etc/rc.d/*
You should get a listing like this:
/usr/local/etc/rc.d/avahi-daemon:rcvar=avahi_daemon_enable
/usr/local/etc/rc.d/avahi-dnsconfd:rcvar=avahi_dnsconfd_enable
/usr/local/etc/rc.d/dbus:rcvar=dbus_enable
/usr/local/etc/rc.d/mysql-server:rcvar=mysql_enable
/usr/local/etc/rc.d/nginx:rcvar=nginx_enable
/usr/local/etc/rc.d/php-fpm:rcvar=php_fpm_enable
/usr/local/etc/rc.d/rsyncd:rcvar=rsyncd_enable
As you can see, this allows us to easily output the parameter that we need to set for each of our services. The name of the script itself (the last component of the path until the colon character) is also notable as it tells us the actual name that FreeBSD uses for the service.
To enable these services, we will edit the /etc/rc.conf file with sudo privileges:
sudo vi /etc/rc.conf
Inside, we will add a line for each of the services that we wish to start. We can use the rcvar parameter we discovered for each service and set it to "YES" to enable each one:
mysql_enable="YES"
nginx_enable="YES"
php_fpm_enable="YES"
Save and close the file when you are finished.
Next, we will configure our PHP-FPM service, which will be responsible for processing PHP requests sent from our web server.
To start, change to the /usr/local/etc directory, where configuration files for our optional programs are stored:
cd /usr/local/etc
There are a number of PHP configuration files in this directory that we will want to modify. We will start with the PHP-FPM configuration file itself. Open this with sudo privileges:
sudo vi php-fpm.conf
Inside, we want to adjust a few different options. First, we want to configure PHP-FPM to use a Unix socket instead of a network port for communication. This is more secure for services communicating within a single server.
Find the line that looks like this:
listen = 127.0.0.1:9000
Change this to use a socket within the /var/run directory:
listen = /var/run/php-fpm.sock
Next, we will configure the owner, group, and permissions set of the socket that will be created. There is a commented-out group of options that handle this configuration that looks like this:
;listen.owner = www
;listen.group = www
;listen.mode = 0660
Enable these by removing the comment marker at the beginning:
listen.owner = www
listen.group = www
listen.mode = 0660
Save and close the file when you are finished.
Next, we need to create a php.ini file that will configure the general behavior of PHP. Two sample files were included that we can choose to copy to the php.ini file that PHP reads.
The php.ini-production file will be closer to what we need, so we will use that one. Copy the production version over to the file PHP checks for:
sudo cp php.ini-production php.ini
Open the file for editing with sudo privileges:
sudo vi php.ini
Inside, we need to find a section that configures the cgi.fix_pathinfo behavior. It will be commented out and set to "1" by default. We need to uncomment this and set it to "0". This will prevent PHP from trying to execute parts of the path if the file that was passed in to process is not found. This could be used by malicious users to execute arbitrary code if we do not prevent this behavior.
Uncomment the cig.fix_pathinfo line and set it to "0":
cgi.fix_pathinfo=0
Save and close the file when you are finished.
Now that we have PHP-FPM completely configured, we can start the service by typing:
sudo service php-fpm start
We can now move on to configuring our MySQL instance.
To get started configuring MySQL, we need to start the MySQL service:
sudo service mysql-server start
The first time you run this command, it will create the required directory structure in the filesystem and install the database files it needs. It will then start the MySQL server process.
After the service is started, we need to secure the installation. This can be accomplished through a script called mysql_secure_installation. Run this with sudo privileges to lock down some insecure defaults:
sudo mysql_secure_installation
. . .
Enter current password for root (enter for none):
The script will start by asking you for the current password for the MySQL root account. Since we have not set a password for this user yet, we can press "ENTER" to bypass this prompt.
Set root password? [Y/n]
Next, it will ask you if you would like to set the MySQL root account's password. Press "ENTER" to accept this suggestion. Choose and confirm an administrative password.
The script will then proceed with additional suggestions that will help reverse some insecure conditions in the default MySQL installation. Simply press "ENTER" through all of these prompts to complete all of the suggested actions.
We can restart the MySQL service to ensure that our instance immediately implements the security changes:
sudo service mysql-server restart
Our MySQL instance is now up and running how we want it, so we can move on.
Our next task is to set up Nginx. To get started, we need to start the web server:
sudo service nginx start
Now, we can begin configuring Nginx by going to the nginx directory in the /usr/local/etc directory:
cd /usr/local/etc/nginx
Here, we need to open the main Nginx configuration file with sudo privileges:
sudo vi nginx.conf
Inside, we can begin to make changes so that our Nginx instance can work with our other components.
To start, uncomment and modify the user directive at the top of the file. We need the web server to operate as the www user, since that is what our PHP-FPM instance is looking for:
user www;
We should also set the worker_processes to the number of CPUs or cores that your system has. (To find out how many CPUs your server has, type sysctl hw.ncpu from the command line):
worker_processes 2;
Next, we will set the error verbosity and location using the error_log directive. We will log to a location at /var/log/nginx/error.log at the info log level:
error_log /var/log/nginx/error.log info;
In the http block, we will also set up an access log. This will be located at /var/log/nginx/access.log:
access_log /var/log/nginx/access.log;
In the server block, we need to modify the server_name directive to use the domain name or IP address of our server. We can make our server respond to the www hostname as well by adding that after the main domain:
server {
listen 80;
server_name example.com www.example.com;
. . .
Configure the root and index directives in the main server block. Our document root will be /usr/local/www/nginx and our index directive should attempt to serve index.php files before falling back on index.html or index.htm files.
Since we defined these directives within the server context, we do not need them within the location / block. In this block, we will instead configure a try_files directive to try to serve user requests as a file and then a directory before falling back with a 404 error:
server {
. . .
root /usr/local/www/nginx;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
. . .
Finally, we need to configure a location block that will handle PHP files. This block will match any request ending in .php. It will only process the files themselves, throwing back a 404 error if the file cannot be found.
We will use the socket we configured in the php-fpm.conf file earlier. We will configure some other FastCGI proxying options as well, partly by reading in parameters from the fastcgi_params file. We need to explicitly set the SCRIPT_FILENAME parameter so that PHP knows what files to execute:
server {
. . .
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
All together, with comments removed, the file should look something like this:
user www;
worker_processes 2;
error_log /var/log/nginx/error.log info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name example.com www.example.com;
root /usr/local/www/nginx;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
}
Save and close the file when you are finished.
We now need to create the log directory and files that we referenced in our file. First, create the /var/log/nginx directory:
sudo mkdir -p /var/log/nginx
Next, we can create the empty log files:
sudo touch /var/log/nginx/access.log
sudo touch /var/log/nginx/error.log
Now, we are ready to configure our document root. We have configured our root to be /usr/local/www/nginx, but currently, this is a symbolic link to the /usr/local/www/nginx-dist directory which could be updated by a package operation in the future.
We should destroy the link and create the unlinked directory again:
sudo rm /usr/local/www/nginx
sudo mkdir /usr/local/www/nginx
Since we still need to test our web server, we can copy the index.html file into our new web root:
sudo cp /usr/local/www/nginx-dist/index.html /usr/local/www/nginx
While we are here, we should also create a temporary info.php file that we can use to test Nginx's ability to pass requests to PHP-FPM. Create the file within the document root with sudo privileges:
sudo vi /usr/local/www/nginx/info.php
In the file, type the following contents. This will generate an HTML page with information about our PHP configuration:
<?php phpinfo(); ?>
Save and close the file when you are finished.
We are now ready to restart Nginx to take advantage of our new configuration. First, test your configuration file for syntax errors by typing:
sudo nginx -t
If your configuration file has no detectable syntax errors, you should see something that looks like this:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
If the above command returns with errors, re-open the Nginx configuration file to the location where the error was found and try to fix the problem.
When your configuration checks out correctly, we can restart Nginx:
sudo service nginx restart
Our web stack is now complete. All that we have left to do is test it out.
In your web browser, begin by going to your base domain name or the server's IP address:
http://example.com
You should see the contents of the index.html file we copied over. It will look something like this:
This indicates that Nginx is up and running and capable of serving simple HTML pages.
Next, we should check out the info.php file we created. In your browser, visit your domain name or server IP address, followed by /info.php:
http://example.com/info.php
You should see a generated PHP information page that looks something like this:
If you can see this page, you have successfully configured a FEMP stack on your FreeBSD server.
After testing your configuration, it is a good idea to remove the info.php file from your document root since it can give away some sensitive information about your installation:
sudo rm /usr/local/www/nginx/info.php
You can always recreate this file easily at a later time.
You should now have a fully functional web server powered by Nginx which can process dynamic PHP content and use MySQL to store data. This configuration can be used as a base for a variety of other configurations and web applications.
使用 inetd
我們先來介紹如何使用 inetd 的方式啟動 FTP 伺服器。首先,請編輯 /etc/inetd.conf,將 ftp 設定開頭的 # 移除:
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
#/etc/rc.d/inetd start //啟動 inetd 服務
修改 rc.conf 設定檔,以便下次機器重新開機時能自動啟動 inetd 服務
#vi /etc/rc.conf //修改 rc.conf 設定檔
inetd_enable="YES" //加入此行
測試 FTP 功能
#telnet localhost 21 //測試 ftp 服務是否啟動
Trying 127.0.0.1... //啟動成功
Connected to localhost.
Escape character is '^]'.
220 dmz.weithenn.org FTP server (Version 6.00LS) ready.
quit //輸入 quit 離開
221 Goodbye.
Connection closed by foreign host.
修改 /etc/ftpusers
把限制root存取拿掉讓root可以連
安裝 MySQL5.7 及設置 MySQL5.7
# cd /usr/ports/database/mysql55-server
# make WITH_CHARSET=utf8 install clean
# chown -R mysql:mysql /var/db/mysql # 更換目錄權, 很重要,因為執行的身份若不對, mysqld 無法啟動
# /usr/local/bin/mysql_install_db # 執行初次安裝
# vi /etc/rc.conf # 設定 MySQL 開機自動啟動
mysql_enable="YES"
# cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf
# vi /etc/my.cnf # 依喜好自行修改 my.cnf
[mysqld]
default-character-set = utf8
[client]
default-character-set = utf8
# /usr/local/etc/rc.d/mysql-server start # 啟動 mysql
安裝好 MySQL 後, MySQL root 密碼預設是空密碼, 執行 mysql_secure_installation, 修改 MySQL 的 root 密碼:
然後它會詢問輸入現時的 root 密碼, 直接留空白按 “Enter”, 然後就可以輸入新的 MySQL root 密碼。其他問題可以直接按 “Enter” 用預設值即可, 之後便完成 MySQL 的安裝了。
# mysql -p # 測試進入 mysql
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.5.5-m3-log FreeBSD port: mysql-server-5.5.5_1
mysql>
==== 安裝PHP ====
*安裝php
# cd /usr/ports/lang/php5
# make config install clean
將下面的模組勾一勾,沒有的選項就不管他了~
[X] CLI Build CLI version
[X] CGI Build CGI version
[X] FPM 必勾!!! Nginx處理php時是要交給他處理
[X] APACHE Build Apache module
[ ] DEBUG Enable debug
[X]] SUHOSIN Enable Suhosin protection system
[X] MULTIBYTE Enable zend multibyte support
[ ] IPV6 Enable ipv6 support
[ ] REDIRECT Enable force-cgi-redirect support (CGI only)
[ ] DISCARD Enable discard-path support (CGI only)
[X] FASTCGI Enable fastcgi support (CGI only)
[X] PATHINFO Enable path-info-check support (CGI only)
*安裝php5-entensions
# cd /usr/ports/lang/php5-extensions/
# make config install clean
勾選需要的extension,下面必裝,其餘隨意。
[X] FTP FTP support
[X] GD
[X] GETTEXT
[X] MBSTRING
[X] MYSQL
[ ] POSIX //去掉.
[ ] SQLITE //去掉.
[X] ZLIB
*修改PHP設定檔
# cd /usr/local/etc
# cp php.ini-development php.ini
==== 安裝nginx ====
#cd /usr/ports/www/nginx/
#make install clean
安裝nginx就是這麼簡單~
設定nginx的部份:
編輯/usr/local/etc/nginx/nginx.conf
將#user nobody;
改成:user www;
找到下面的部份:
location / {
root /usr/local/www/nginx; //網頁目錄可以換,看你網頁放哪 (ex./home/www)
index index.html index.htm; //記得加入 index.php 等等
}
server{
listen 80;
server_name 改成目前ip
下面是給FPM處理PHP的部份,記得先將前面的#註解刪掉, \\
然後將fastcgi_param的/scripts$fastcgi_script.name \\
更改為:/你的網頁目錄$fastcgi_script.name \\
例如:/home/www$fastcgi_script.name \\
#location ~ \.php$ {
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script.name;
# include fastcgi_params;
#}
安裝完後
記得編輯 /etc/rc.conf
加入
mysql_enable="YES"
nginx_enable="YES"
php_fpm_enable="YES"
這樣就可以啦~~~
裝好 database/phpmyadmin
注意!在編譯設定時,要把APC取消掉,因為它不支援php5.5
預設安裝路徑是/usr/local/www/phpMyAdmin你可以去 www/nginx 下
# ln -s ../phpMyAdmin phpmyadmin
或是透過設定 nginx.conf 來指定 phpMyAdmin 的位置
可以先連線到 localhost/phpmyadmin 測試看看可不可以登入
帳號是root 密碼就是前面設定的那一個
接著到 phpmyadmin 複製設定檔
# cp config.sample.inc.php config.inc.php
如果登入phMyAdmin 出現密碼過期重新設定mysql密碼
接著要修改 mysql root 密碼
# mysqladmin -u root -p password Enter password:(預設密碼是NULL 直接輸入Enter換行) New password: Confirm new password:
登入root
vi etc/rc.conf
ifconfig_em0="inet 實體IP netmask 255.255.255.0"
defaultrouter="gateway 的 IP" ex: 192.168.100.1
gateway_enable="YES"
原本沒有設定到gateway 所以一直不通,加上去就沒問題了
Open Source (5) 多人線上編輯OPENSOURCE (0) Server 2008 (1)