bsd FreeBSD
Install New System from CD¶
List All Packages¶
Install base applications¶
pkg install -y nano
pkg install -y rsync
pkg install -y sudo
pkg install -y bash
pkg install -y open-vm-tools-nox11
chsh -s /usr/local/bin/bash
Create sudo permissions for vnyx.¶
Append vnyx ALL=(ALL) NOPASSWD: ALL
to the file.
Setup SSH Port¶
Append Port 8649
to the file
Setup Users¶
Users and Basic Account Management Official Documentation
Setup root user¶
Change export setenv EDITOR nano, then save.
Change Full Name to server name, then save.
Setup vnyx user¶
Send keys to server using v-util.sh ssh-copy-id {server}
, then ssh into server.
Exit and v-upgrade.sh server {server}
from dev1.
Update The System¶
Upgrading FreeBSD Official Documentation
Apply Security Patches¶
Rollback Update¶
Upgrade to Next Version¶
Install Phase¶
Restart System
Install Update
The system will install the updates and may instruct to repeat the Install Phase
Upgrading Packages After Version Upgrade¶
Force upgrade of all installed packages with fresh versions.
Rebuild all installed applications/
Update to Finish
Update the packages logged in as root.
Read what might be uninstalled and reinstall after completion (e.g. sudo) Make sure you restart VMWare Tools on all servers after major updates.
If the server uses ports (like PureFTPd) do this too:
See Portsnap below on how it was originally setup. The default is -l for letsencrypt cert.
Autoremove¶
This removes unused packages (sometimes).
CAUTION: Take note of what it being remove and test the server. Sometimes this breaks things.
Example: autoremove uninstalled liblz4 and it broke mysql server.
Install Utilities¶
Install Network Time Protocol (NTP)¶
This should be done after installing BIND
sudo pkg install -y openntpd
sudo rm /var/db/ntp/ntpd.pid
sudo sysrc ntpd_enable="YES"
sudo service ntpd start
If there is an error
sudo rm /var/db/ntp/ntpd.pid
will fix it. Service must load after named.
Set Date Time¶
sudo sysrc ntpdate_enable="YES"
sudo sysrc ntpdate_hosts="in.pool.ntp.org"
sudo ntpdate -v -b in.pool.ntp.org
date
Note: Second nameserver is for booting issue with NTP coming before loading named (check order of boot services)
Set nameserver and search domains¶
Edit the resolver
Set the resolver like this:
Set hostname¶
set hostname to in ATL to this:
set hostname to in FLL to this:
Set localhost¶
to
add the current host in ATL to this:
add the current host in FLL to this:
Setup sSMTP¶
Mail from the VNiX Servers is sent through mail2.vnyx.net
sudo pkg install -y ssmtp
sudo cp /usr/local/etc/ssmtp/revaliases.sample /usr/local/etc/ssmtp/revaliases
sudo cp /usr/local/etc/ssmtp/ssmtp.conf.sample /usr/local/etc/ssmtp/ssmtp.conf
These are the instructions:
sSMTP has been installed successfully.
To replace sendmail with ssmtp type "make replace" or change
your /etc/mail/mailer.conf to:
sendmail /usr/local/sbin/ssmtp
send-mail /usr/local/sbin/ssmtp
mailq /usr/local/sbin/ssmtp
newaliases /usr/local/sbin/ssmtp
hoststat /usr/bin/true
purgestat /usr/bin/true
However, before you can use the program, you should copy the files
"revaliases.sample" and "ssmtp.conf.sample" in /usr/local/etc/ssmtp
to "revaliases" and "ssmtp.conf" respectively and edit them to suit
your needs.
root@bsd165:/etc/mail # cp mailer.conf mailer.conf.old
root@bsd165:/etc/mail # pico mailer.conf
Enter this into revaliases:
root:[email protected]
vnyx:[email protected]
Append this to the end of ssmtp.conf:
mailhub=mail2.vnyx.net:465
hostname=bsd###-yyy.srv.vnix.net
UseTLS=YES
UseSTARTTLS=NO
[email protected]
AuthPass=v60WrfjX22
AuthMethod=LOGIN
FromLineOverride=YES
ReWriteDomain=vnix.net
Update mailer.conf
Replace contents of mailer.conf with:
sendmail /usr/local/sbin/ssmtp
send-mail /usr/local/sbin/ssmtp
mailq /usr/local/sbin/ssmtp
newaliases /usr/local/sbin/ssmtp
hoststat /usr/bin/true
purgestat /usr/bin/true
Disable sendmail
sudo service sendmail stop
sudo sysrc sendmail_enable="NO"
sudo sysrc sendmail_submit_enable="NO"
sudo sysrc sendmail_outbound_enable="NO"
sudo sysrc sendmail_msp_queue_enable="NO"
sudo cat /etc/rc.conf
echo "HELLO from ${HOSTNAME}" | mail -s "SMTP Works!" [email protected]
Check errors in /var/log/maillog
Uninstall ssmtp and revert to sendmail¶
You might want to remove dependencies at this time.
CAUTION: Take note of what it being remove and test the server. Sometimes this breaks things.
Reinstall sendmail
Update /etc/mail/mailer.conf
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
hoststat /usr/local/sbin/sendmail
purgestat /usr/local/sbin/sendmail
sendmail_enable=”NO” sendmail_submit_enable=”NO” sendmail_outbound_enable=”NO” sendmail_msp_queue_enable=”NO”
Reboot
Install GNU getopt¶
Install Memcached¶
Required by Nextcloud.
Nextcloud Notes¶
Make sure apc.enable_cli=1 is added to php.ini for memcached to work.
Mariadb 10.3¶
Service won’t start, good because v-mysqld.sh will be used. Mariadb/MySQL is run under the vnyx user and started by crontab under the vnyx user.
@reboot /var/vnix/config/bin/v-boot.sh
Starting/Stopping
Under the vnyx user (not root)
Install MySQL Tuner¶
Run using v-mysqld.sh –port=3306 tuner
Install PHP 8.0¶
Apache Setup¶
For VNiX Server
For Hosting Server
PureFTPd Installation (DEPRECATED)¶
PureFTPd does not properly support mysql connections out of the box and ports are not being used anymore. These instructions are here as reference in case things change in the future.
Set Configuration¶
Important: Set the configurations in server.inc.sh
like this example:
The {auth-server}
is used to authenticate users; it should be the DNS name. The {ftp-server-name}
is the name given to the FTP server used in authentication on the {auth-server}
.
For changes to the server.inc.sh to take effect you must reload the shell or login again.
Installation Certificate¶
sudo -i
cd /etc/ssl/
mkdir private
cd private/
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
/etc/ssl/private/pure-ftpd.pem \
-out /etc/ssl/private/pure-ftpd.pem
Install PureFTPd¶
Finally, proceed to installing the FTP server on FreeBSD
Install clamav¶
sudo pkg install -y clamav
sudo sysrc clamav_clamd_enable="YES"
sudo sysrc clamav_freshclam_enable="YES"
sudo service clamav-freshclam onestart
sudo /usr/local/bin/freshclam
sudo service clamav-clamd onestart
Webmin Installation¶
sudo pkg install -y webmin
sudo sysrc webmin_enable="YES"
sudo /usr/local/lib/webmin/setup.sh
sudo service webmin start
SSL Certificate for Webmin¶
Cloudflare Proxy (recommended)¶
Certificate files used for wildcard certificate from vnix.co:
Edit these:
Restart Webmin
No Cloudflare Proxy¶
Manually enter the [domain.ext]
sudo certbot certonly --webroot -w /usr/local/vnix/httpd/vnix/error/404/ -d [domain.ext] -d [www.domain.ext]
Notes on certificate verification¶
VNiX Apache Configurations¶
Start with this:
<VirtualHost *:80>
ServerName [domain].srv.vnix.net
DocumentRoot /usr/local/vnix/httpd/vnix/error/404
</VirtualHost>
Restart apache and attempt to verify. If successful add this:
<VirtualHost *:443>
ServerName [domain].srv.vnix.net
DocumentRoot /usr/local/vnix/httpd/vnix/error/404
SSLCertificateFile /usr/local/etc/letsencrypt/live/[domain].srv.vnix.net/cert.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/[domain].srv.vnix.net/privkey.pem
SSLCertificateChainFile /usr/local/etc/letsencrypt/live/[domain].srv.vnix.net/chain.pem
Include /var/vnix/ssl/conf/letsencrypt.conf
</VirtualHost>
Webmin Configuration - SSL Encryption¶
Enable SSL: Yes
Private key: /usr/local/etc/letsencrypt/live/[domain.ext]/privkey.pem
Certificate file: /usr/local/etc/letsencrypt/live/[domain.ext]/fullchain.pem
Redirect non-SSL: Yes
SSL protocal version: auto
SSL protocal reject: check all
Allow compression: Yes
Force use: Yes
Allow SSL: nothing
Additional: nothing
Storage¶
List Attached Disks¶
Official Documentation: https://www.freebsd.org/cgi/man.cgi?query=geom
Adding Hard Drive Volume¶
- Add default setting VMWare hard drive then login as su.
- sade (if you don’t see the / root mount point quit and try again)
- c to create partition
- c to create again
- set mount point to /vol1, /vol2, etc.
- finish and wait!
For MacOS volume compatibility for /vol1 follow these steps:
Expand Hard Drive Volume¶
- Read this first top to bottom: Official FreeBSD Handbook - Disk Growing
- Add more drive space to hard drive while VM is running in VMWare, then reboot
Set the NEWSIZE to an amount larger than previous. Example: If the partition is 100G and you want it to be 200G enter -s 200G
Here is an example of growing a 1.5TB drive on volume /mail to 1.6TB (after changing the size in VMWare from 1.5 to 1.6TB)
The partition number is 1.
Resize the drive partition
gpart recover da1
gpart show da1
umount /anyvol
gpart resize -i 1 -a 4k da1 (if partition is 1 and size defaults to remaining space)
growfs /dev/da1p1
mount /anyvol
root@mail:~ # df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/da0p2 100548184 26591124 65913208 29% /
devfs 1 1 0 100% /dev
/dev/da1p1 1625046488 1041992604 453050168 70% /mail
root@mail:~ # gpart show da1
=> 40 3435973760 da1 GPT (1.6T)
40 3355443200 1 freebsd-ufs (1.6T)
3355443240 80530560 - free - (38G)
Add Swap Space¶
Adding Swap Space FreeBSD Official Documentation
Phyisical Disk Methos¶
Add disk like normal but change the type to freebsd-swap and mount to none. You can also add a swap file without adding a partition.
Swap File Method¶
Add swap file 1 Add swap file 2
You will create a 8GB swap file by typing the following dd command as the root user:
Alternate method
Add swap to /etc/fstab
Add this line:
Activate the swap file
Watch the memory including swap using htop. To view swap info use this command:
Installing PEAR/PECL¶
List all pecl packages
Troubleshooting¶
Apache Warning¶
No such file or directory: AH00075: Failed to enable the 'httpready' Accept Filter
No such file or directory: AH00075: Failed to enable the 'dataready' Accept Filter
Cannot Boot - Missing or corrupt mount point¶
You get a prompt for the shell. Press enter.
Remove the bad drive, if there is one, then reboot.
Tip: Write down the volume with the problem, then remove it from the list so you can boot.
SSL Certificate Invalid¶
Try shutting down Apache, restart. This was needed when sites configuration was invalid and site went to the default virtual host and used the wrong certificate. Make sure default site forwards to an error page.
Log File Rotations¶
This is being managed by v-upgrade.sh config {server}
/var/vnix/logs/*.log vnyx:wheel 644 7 1000 * GJ
>Check permissions of /var/vnix/logs, should be 0755. See [newsyslog.conf documentation about codes](https://www.freebsd.org/cgi/man.cgi?query=newsyslog.conf&sektion=5&manpath=freebsd-release-ports)
Manually run
~~~bash
sudo newsyslog -v
Recovery CD¶
Preparation¶
- Download Current Version (Bootonly) from here
- Upload the VMWare ISO storage folder and select from CD of each VM.
- Add FreeBSD ISO to CD power on connect
- Use Fusion to Power on to Firmware
- Change boot order making CD first
- Connect CD and Reboot in Single User Mode
- Drop to shell
Check Partitions¶
Show Partions
Normal Check Drive
Force Recheck on Clean Drive
Finish¶
- Power on to Firmware again
- Change CD after Removeable and Hard Disk
- Disconnect CD and uncheck Power On CD at Boot
- Press F10 to Save and Boot
Keep in mind that checking a live drive may report problems that may not exist.
Install GNOME Desktop¶
sudo pico /etc/rc.conf
Add the following lines to the bottom of this file:
Save and close that file. Mount /proc
We also need to add /proc filesystem to be mounted at startup. Issue the command:
Add the following line to the bottom of that file: