Skip to content

bsd FreeBSD

Install New System from CD

List All Packages

sudo pkg info

Install base applications

pkg install -y nano
pkg install -y rsync
pkg install -y sudo
pkg install -y bash
pkg install -y open-vm-tools-nox11
chsh -s /usr/local/bin/bash

Create sudo permissions for vnyx.

sudo pico /etc/sudoers

Append vnyx ALL=(ALL) NOPASSWD: ALL to the file.

Setup SSH Port

sudo pico /etc/ssh/sshd_config

Append Port 8649 to the file

Setup Users

Users and Basic Account Management Official Documentation

Setup root user

sudo -i
pico ~/.cshrc
exit

Change export setenv EDITOR nano, then save.

sudo -i
chpass
exit

Change Full Name to server name, then save.

Setup vnyx user

Send keys to server using v-util.sh ssh-copy-id {server}, then ssh into server.

chsh -s /usr/local/bin/bash
sudo mkdir /var/vnix
sudo chown vnyx /var/vnix

Exit and v-upgrade.sh server {server} from dev1.

Update The System

Upgrading FreeBSD Official Documentation

Apply Security Patches

sudo freebsd-update fetch
sudo freebsd-update install

Rollback Update

sudo freebsd-update rollback

Upgrade to Next Version

sudo freebsd-update -r 14.1-RELEASE upgrade

Install Phase

Restart System

sudo shutdown -r now

Install Update

sudo freebsd-update install

The system will install the updates and may instruct to repeat the Install Phase

Upgrading Packages After Version Upgrade

Force upgrade of all installed packages with fresh versions.

sudo pkg-static upgrade -f

Rebuild all installed applications/

sudo portmaster -af

Update to Finish

sudo freebsd-update install

Update the packages logged in as root.

sudo -
pkg-static install -f pkg
pkg update
pkg upgrade

Read what might be uninstalled and reinstall after completion (e.g. sudo) Make sure you restart VMWare Tools on all servers after major updates.

If the server uses ports (like PureFTPd) do this too:

v-pureftpd.sh install -l

See Portsnap below on how it was originally setup. The default is -l for letsencrypt cert.

Autoremove

This removes unused packages (sometimes).

sudo pkg autoremove

CAUTION: Take note of what it being remove and test the server. Sometimes this breaks things.
Example: autoremove uninstalled liblz4 and it broke mysql server.

Install Utilities

sudo pkg install -y wget

Install Network Time Protocol (NTP)

This should be done after installing BIND

sudo pkg install -y openntpd
sudo rm /var/db/ntp/ntpd.pid
sudo sysrc ntpd_enable="YES"
sudo service ntpd start

If there is an error sudo rm /var/db/ntp/ntpd.pid will fix it. Service must load after named.

Set Date Time

sudo sysrc ntpdate_enable="YES"
sudo sysrc ntpdate_hosts="in.pool.ntp.org"
sudo ntpdate -v -b in.pool.ntp.org
date

Note: Second nameserver is for booting issue with NTP coming before loading named (check order of boot services)

Set nameserver and search domains

Edit the resolver

sudo pico /etc/resolv.conf

Set the resolver like this:

nameserver 127.0.0.1
nameserver 1.1.1.1
domain srv.vnix.net
search local.vnix.net srv.vnix.net

Set hostname

sudo pico /etc/rc.conf
sudo hostname [server-dns-goes-here]

set hostname to in ATL to this:

hostname "bsd###.local.vnix.net"

set hostname to in FLL to this:

hostname "bsd###.local.vnix.net"

Set localhost

sudo pico /etc/hosts

to

::1                     localhost localhost.srv.vnix.net
127.0.0.1               localhost localhost.srv.vnix.net

add the current host in ATL to this:

10.0.1.1xx              bsd### bsd###-bct bsd###-bct.srv.vnix.net

add the current host in FLL to this:

10.0.1.1xx              bsd###-fll.srv.vnix.net

Setup sSMTP

Mail from the VNiX Servers is sent through mail2.vnyx.net

sudo pkg install -y ssmtp
sudo cp /usr/local/etc/ssmtp/revaliases.sample /usr/local/etc/ssmtp/revaliases
sudo cp /usr/local/etc/ssmtp/ssmtp.conf.sample /usr/local/etc/ssmtp/ssmtp.conf

These are the instructions:

sSMTP has been installed successfully.

To replace sendmail with ssmtp type "make replace" or change
your /etc/mail/mailer.conf to:

sendmail    /usr/local/sbin/ssmtp
send-mail   /usr/local/sbin/ssmtp
mailq       /usr/local/sbin/ssmtp
newaliases  /usr/local/sbin/ssmtp
hoststat    /usr/bin/true
purgestat   /usr/bin/true


However, before you can use the program, you should copy the files
"revaliases.sample" and "ssmtp.conf.sample" in /usr/local/etc/ssmtp
to "revaliases" and "ssmtp.conf" respectively and edit them to suit
your needs.
root@bsd165:/etc/mail # cp mailer.conf mailer.conf.old
root@bsd165:/etc/mail # pico mailer.conf
sudo pico /usr/local/etc/ssmtp/revaliases

Enter this into revaliases:

sudo pico /usr/local/etc/ssmtp/ssmtp.conf

Append this to the end of ssmtp.conf:

mailhub=mail2.vnyx.net:465
hostname=bsd###-yyy.srv.vnix.net
UseTLS=YES
UseSTARTTLS=NO
[email protected]
AuthPass=v60WrfjX22
AuthMethod=LOGIN
FromLineOverride=YES
ReWriteDomain=vnix.net

Update mailer.conf

sudo cp /etc/mail/mailer.conf /etc/mail/mailer-old.conf
sudo pico /etc/mail/mailer.conf

Replace contents of mailer.conf with:

sendmail    /usr/local/sbin/ssmtp
send-mail   /usr/local/sbin/ssmtp
mailq       /usr/local/sbin/ssmtp
newaliases  /usr/local/sbin/ssmtp
hoststat    /usr/bin/true
purgestat   /usr/bin/true

Disable sendmail

sudo service sendmail stop
sudo sysrc sendmail_enable="NO"
sudo sysrc sendmail_submit_enable="NO"
sudo sysrc sendmail_outbound_enable="NO"
sudo sysrc sendmail_msp_queue_enable="NO"
sudo cat /etc/rc.conf
echo "HELLO from ${HOSTNAME}" | mail -s "SMTP Works!" [email protected]

Check errors in /var/log/maillog

Uninstall ssmtp and revert to sendmail

sudo pkg remove -y ssmtp
sudo pw delgroup ssmtp

You might want to remove dependencies at this time.

sudo pkg autoremove

CAUTION: Take note of what it being remove and test the server. Sometimes this breaks things.

Reinstall sendmail

sudo pkg install -y sendmail

Update /etc/mail/mailer.conf

#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail    /usr/local/sbin/sendmail
send-mail   /usr/local/sbin/sendmail
mailq       /usr/local/sbin/sendmail
newaliases  /usr/local/sbin/sendmail
hoststat    /usr/local/sbin/sendmail
purgestat   /usr/local/sbin/sendmail
sudo pico /etc/mail/mailer.conf
Remove these lines from /etc/rc.conf

sendmail_enable=”NO” sendmail_submit_enable=”NO” sendmail_outbound_enable=”NO” sendmail_msp_queue_enable=”NO”

~~~bash
sudo pico /etc/rc.conf

Reboot

sudo reboot

Install GNU getopt

sudo pkg install -y getopt

Install Memcached

Required by Nextcloud.

sudo pkg install -y memcached
sudo sysrc memcached_enable="YES"
sudo service memcached start

Nextcloud Notes

Make sure apc.enable_cli=1 is added to php.ini for memcached to work.

Mariadb 10.3

sudo pkg install mariadb103-server
sudo sysrc mysql_enable="NO"
sudo service mysql-server start

Service won’t start, good because v-mysqld.sh will be used. Mariadb/MySQL is run under the vnyx user and started by crontab under the vnyx user.

@reboot /var/vnix/config/bin/v-boot.sh

Starting/Stopping

Under the vnyx user (not root)
v-mysqld.sh --port=3306 start
v-mysqld.sh --port=3306 restart
v-mysqld.sh --port=3306 stop

Install MySQL Tuner

sudo pkg install -y mysqltuner

Run using v-mysqld.sh –port=3306 tuner

Install PHP 8.0

/usr/local/vnix/setup/freebsd-install-php80.sh

Apache Setup

For VNiX Server

sudo ln -s -f /var/vnix/config/httpd/vnix.conf /usr/local/etc/apache24/httpd.conf

For Hosting Server

sudo ln -s -f /var/vnix/config/httpd/hosting.conf /usr/local/etc/apache24/httpd.conf

PureFTPd Installation (DEPRECATED)

PureFTPd does not properly support mysql connections out of the box and ports are not being used anymore. These instructions are here as reference in case things change in the future.

Set Configuration

Important: Set the configurations in server.inc.sh like this example:

export V_DB_FTP={auth-server}
export V_FTP_NAME={ftp-server-name}

The {auth-server} is used to authenticate users; it should be the DNS name. The {ftp-server-name} is the name given to the FTP server used in authentication on the {auth-server}.

For changes to the server.inc.sh to take effect you must reload the shell or login again.

Installation Certificate

sudo -i
cd /etc/ssl/
mkdir private
cd private/
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
    /etc/ssl/private/pure-ftpd.pem \
    -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem
exit
v-pureftpd.sh restart

Install PureFTPd

Finally, proceed to installing the FTP server on FreeBSD

v-pureftpd.sh install

PureFTPd Settings

Install clamav

sudo pkg install -y clamav
sudo sysrc clamav_clamd_enable="YES"
sudo sysrc  clamav_freshclam_enable="YES"
sudo service clamav-freshclam onestart
sudo /usr/local/bin/freshclam
sudo service clamav-clamd onestart

Webmin Installation

sudo pkg install -y webmin
sudo sysrc webmin_enable="YES"
sudo /usr/local/lib/webmin/setup.sh
sudo service webmin start

SSL Certificate for Webmin

Certificate files used for wildcard certificate from vnix.co:

sudo pico /usr/local/etc/webmin/miniserv.conf

Edit these:

keyfile=/var/vnix/ssl/vnix.co/vnix.co.pem.key
certfile=/var/vnix/ssl/vnix.co/vnix.co.pem

Restart Webmin

sudo service webmin restart

No Cloudflare Proxy

    sudo pkg install py37-certbot
    sudo sysrc weekly_certbot_enable="YES"

Manually enter the [domain.ext]

sudo certbot certonly --webroot -w /usr/local/vnix/httpd/vnix/error/404/ -d [domain.ext] -d [www.domain.ext]
Notes on certificate verification
VNiX Apache Configurations

Start with this:

<VirtualHost *:80>
    ServerName [domain].srv.vnix.net
    DocumentRoot /usr/local/vnix/httpd/vnix/error/404
</VirtualHost>

Restart apache and attempt to verify. If successful add this:

<VirtualHost *:443>
    ServerName [domain].srv.vnix.net
    DocumentRoot /usr/local/vnix/httpd/vnix/error/404
    SSLCertificateFile /usr/local/etc/letsencrypt/live/[domain].srv.vnix.net/cert.pem
    SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/[domain].srv.vnix.net/privkey.pem
    SSLCertificateChainFile /usr/local/etc/letsencrypt/live/[domain].srv.vnix.net/chain.pem
    Include /var/vnix/ssl/conf/letsencrypt.conf
</VirtualHost>
Webmin Configuration - SSL Encryption
Enable SSL: Yes
Private key: /usr/local/etc/letsencrypt/live/[domain.ext]/privkey.pem
Certificate file: /usr/local/etc/letsencrypt/live/[domain.ext]/fullchain.pem
Redirect non-SSL: Yes
SSL protocal version: auto
SSL protocal reject: check all
Allow compression: Yes
Force use: Yes
Allow SSL: nothing
Additional: nothing

Storage

List Attached Disks

geom disk list

Official Documentation: https://www.freebsd.org/cgi/man.cgi?query=geom

Adding Hard Drive Volume

  • Add default setting VMWare hard drive then login as su.
  • sade (if you don’t see the / root mount point quit and try again)
  • c to create partition
  • c to create again
  • set mount point to /vol1, /vol2, etc.
  • finish and wait!
cat /etc/fstab (you should see the drive)
mkdir /vol1, vol2, etc.
mount -a
df -H

For MacOS volume compatibility for /vol1 follow these steps:

sudo mkdir /Volumes
cd /Volumes
ln -s /vol1 Vol1

Expand Hard Drive Volume

Set the NEWSIZE to an amount larger than previous. Example: If the partition is 100G and you want it to be 200G enter -s 200G

Here is an example of growing a 1.5TB drive on volume /mail to 1.6TB (after changing the size in VMWare from 1.5 to 1.6TB)

sudo -i
gpart list (see what the drive name is - using da1 below)
gpart show da1

The partition number is 1.

root@mail:~ # gpart show da1
=>        40  3221225392  da1  GPT  (1.5T)
          40  3221225392    1  freebsd-ufs  (1.5T)

Resize the drive partition

gpart recover da1
gpart show da1
umount /anyvol
gpart resize -i 1 -a 4k da1 (if partition is 1 and size defaults to remaining space)
growfs /dev/da1p1
mount /anyvol
If you get an error try:
sudo service growfs onestart
Look at the changes

root@mail:~ # df
Filesystem  1K-blocks       Used     Avail Capacity  Mounted on
/dev/da0p2  100548184   26591124  65913208    29%    /
devfs               1          1         0   100%    /dev
/dev/da1p1 1625046488 1041992604 453050168    70%    /mail

root@mail:~ # gpart show da1
=>        40  3435973760  da1  GPT  (1.6T)
          40  3355443200    1  freebsd-ufs  (1.6T)
  3355443240    80530560       - free -  (38G)

Add Swap Space

Adding Swap Space FreeBSD Official Documentation

Phyisical Disk Methos

Add disk like normal but change the type to freebsd-swap and mount to none. You can also add a swap file without adding a partition.

PureFTPd Settings

Swap File Method

Add swap file 1 Add swap file 2

You will create a 8GB swap file by typing the following dd command as the root user:

dd if=/dev/zero of=/usr/swap0 bs=1m count=8192
chmod 0600 /usr/swap0

Alternate method

sudo truncate -s 8G /usr/swap0
chmod 0600 /usr/swap0

Add swap to /etc/fstab

pico /etc/fstab

Add this line:

md99            none            swap    sw,file=/usr/swap0,late         0       0

Activate the swap file

swapon -aqL
swapinfo -g
swapctl -l -h

Watch the memory including swap using htop. To view swap info use this command:

swapctl -l -h

Installing PEAR/PECL

wget http://pear.php.net/go-pear.phar
php go-pear.phar

List all pecl packages

pecl list

Troubleshooting

Apache Warning

No such file or directory: AH00075: Failed to enable the 'httpready' Accept Filter
No such file or directory: AH00075: Failed to enable the 'dataready' Accept Filter
Read This
sudo kldload accf_http
sudo kldload accf_data.ko
Update /boot/loader.conf
accf_http_load="YES"
accf_data_load="YES"

Cannot Boot - Missing or corrupt mount point

You get a prompt for the shell. Press enter.

sudo -i
mount /
pico /etc/fstab

Remove the bad drive, if there is one, then reboot.

Tip: Write down the volume with the problem, then remove it from the list so you can boot.

SSL Certificate Invalid

Try shutting down Apache, restart. This was needed when sites configuration was invalid and site went to the default virtual host and used the wrong certificate. Make sure default site forwards to an error page.

Log File Rotations

This is being managed by v-upgrade.sh config {server}

Official FreeBSD Manual

sudo pico /etc/newsyslog.conf.d/vnix.conf
~~~ls -
Add this:

/var/vnix/logs/*.log vnyx:wheel 644 7 1000 * GJ

>Check permissions of /var/vnix/logs, should be 0755. See [newsyslog.conf documentation about codes](https://www.freebsd.org/cgi/man.cgi?query=newsyslog.conf&sektion=5&manpath=freebsd-release-ports)

Manually run
~~~bash
sudo newsyslog -v

Recovery CD

Preparation

  • Download Current Version (Bootonly) from here
  • Upload the VMWare ISO storage folder and select from CD of each VM.
  • Add FreeBSD ISO to CD power on connect
  • Use Fusion to Power on to Firmware
  • Change boot order making CD first
  • Connect CD and Reboot in Single User Mode
  • Drop to shell

Check Partitions

Show Partions

gpart show

Normal Check Drive

fsck -vy -t ufs /dev/da0p2

Force Recheck on Clean Drive

fsck -vyf -t ufs /dev/da0p2

Finish

  • Power on to Firmware again
  • Change CD after Removeable and Hard Disk
  • Disconnect CD and uncheck Power On CD at Boot
  • Press F10 to Save and Boot

Keep in mind that checking a live drive may report problems that may not exist.

Install GNOME Desktop

sudo pkg install -y gnome-desktop gdm xorg gnome3

sudo pico /etc/rc.conf

Add the following lines to the bottom of this file:

gnome_enable="YES"
moused_enable="YES"
dbus_enable="YES"
hald_enable="YES"
gdm_enable="YES"

Save and close that file. Mount /proc

We also need to add /proc filesystem to be mounted at startup. Issue the command:

sudo pico /etc/fstab

Add the following line to the bottom of that file:

proc /proc procfs rw 0 0