……………ʇuɐʞ ɥqɐʇıɯɐ……………
Posts tagged ‘FreeBSD’
If you are trying to update apache22 from ports in FreeBSD 8.0, keep in mind that is now links to apr from devel/apr1 and not devel/apr . The simplest way out is to delete the apache22 port, then install/upgrade the devel/apr1 port and then re-install the apache22 port. For more info, look at /usr/ports/UPDATING file.
Amitabh
Generate a server key. This would remain same for all domains/ips on this server
# openssl genrsa -des3 -out server.key 1024
Now make sure it does not ask for any password while loading the certificate
# cp server.key server.key.org # openssl rsa -in server.key.org -out server.key
Now create a certificate signing request (CSR) for your domain. Once you execute the command listed below, you will be asked few questions. The most important is “Common Name”, which should be the fully qualified domain name that requires SSL cert
# openssl req -new -key server.key -out domain_name.csr
Once you have the CSR, there are two ways you can get the certificate: (a) generate the certificate yourself, but you and more importantly your users will get a warning every time they access the domain/web page or (b) use the CSR to submit this request to one the browser recognized SSL cert providers. They generally charge for such services. To complete the process here, we would generate the certificate ourselves.
# openssl x509 -req -days 365 -in /root/domain_name.csr -signkey /root/server.key -out /root/domain_name.crt
Now, we need to move the certificate file and the server key from where Apache can read it. make sure you set the correct permissions on both the files
# mkdir /usr/local/etc/apache22/ssl # chmod 0700 /usr/local/etc/apache22/ssl # cp ~/server.key /usr/local/etc/apache22/ssl/ # cp ~/domain_name.crt /usr/local/etc/apache22/ssl/ # chmod 0400 /usr/local/etc/apache22/ssl/server.key # chmod 0400 /usr/local/etc/apache22/ssl/domain_name.crt
If you are running with virtual hosts enabled, make sure the domain entry in the virtual host section is ip based.
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerAdmin webmaster@domain_name.com
DocumentRoot /usr/local/www/apache22/data/domain_name.com/htdocs
ServerName domain_name.com
ErrorLog /usr/local/www/apache22/data/domain_name.com/logs/error_log
CustomLog /usr/local/www/apache22/data/domain_name.com/logs/access_log common
</VirtualHost>
The SSL section will require a the path to the certificate and server key.
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerName domain_name.com
ServerAdmin webmaster@domain_name.com
DocumentRoot /usr/local/www/apache22/data/domain_name.com/htdocs
SSLEngine on
SSLCertificateFile /usr/local/etc/apache22/ssl/domain_name.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl/server.key
</VirtualHost>
For FreeBSD, default Apache virtual host file is located at /usr/local/etc/apache22/extra/http-vhosts.conf and SSL configuration file is located at /usr/local/etc/apache22/extra/httpd-ssl.conf. You need to enable both of them in your main httpd.conf file (/usr/local/etc/apache22/httpd.conf).
Also make sure that accf_data_load=”YES” is present in your /boot/loader.conf, otherwise you will receive a warning every time your start Apache.
This guide has been written for FreeBSD 8.0 and Apache 2.2.14 . For other distributions and versions, the file location might have to be adjusted to make it work.
People moving from Linux to FreeBSD get confused when they need to determine ram/memory usage. Although there is no equivalent command, there is a nice perl script located at http://people.freebsd.org/~rse/dist/freebsd-memory. Just download and run the perl script, and it gives a formatted output of your memory status. Something like:
# fetch http://people.freebsd.org/~rse/dist/freebsd-memory # perl freebsd-memory
In case you need to mimic the linux command, simply set the execution bit and move it to bin.
# fetch -o /usr/local/bin/free http://people.freebsd.org/~rse/dist/freebsd-memory # chmod +x /usr/local/bin/free
You should now be able to use “free” command without any problems from anywhere within your system.
Amitabh Kant
Recently updated one of my production boxes to FreeBSD 7.2 Release machine to 8.0 Release. Thanks to freebsd-update and portsnap (both in base system now) from Colin Percival (part or security team for FreeBSD) , I was able to get the upgrade done with two downtime of just a minute each.
While updating the os and software, I relied heavily on a post by Colin at http://www.daemonology.net/blog/2009-07-11-freebsd-update-to-8.0-beta1.html . I modified the instructions a little bit, as I needed to upgrade to 8.0 Release . Also, instead of using portupgrade, I prefer using portmaster for upgrading my ports. It has no extra dependencies, and works pretty nicely. You can read more about portmaster here. I almost alwys use the ports to install any software on FreeBSD, so the methods and tools work fine for me. If you are using any custom ports or software, you will have to watch out for any nuances involved with those ports/software. I will list out the steps that I followed while upgrading my system. If you follow Colins page, you will find this post closely following his advice, apart from the few changes in the tools being used:
Step 1: Update your ports to the latest
# portsnap fetch update # portmaster -aD
If there are any config options available during port upgrade, you will be asked for the same at the start itself.
Step 2: Download the 8.0 Release binary diff/patches
# freebsd-update -r 8.0-RELEASE upgrade
You will start receving messages about your installed system. Once you have confirmed the list presented, press y.
Looking up update.FreeBSD.org mirrors... 3 mirrors found. ... The following components of FreeBSD seem to be installed: ... The following components of FreeBSD do not seem to be installed: ... Does this look reasonable (y/n)? y
If you have made any changes to the default config files of the OS, it will ask you to merge the changes by opening up your default editor with the changes
Fetching metadata signature for 8.0-RELEASE from update4.FreeBSD.org... done. ... Inspecting system... done. Preparing to download files... done. ... Attempting to automatically merge changes in files... done.
If there any changes that are to be done, you would be notified of the same.
The following changes, which occurred between FreeBSD 7.2-RELEASE and FreeBSD 8.0-RELEASE have been merged into /etc/hosts: ...
Now you will be shown three lists of files which it wants to remove, add or modify. Press q for each list if you are not too much concerned with the file listings.
The following files will be removed as part of updating to 8.0-RELEASE: ... The following files will be added as part of updating to 8.0-RELEASE: ... The following files will be updated as part of updating to 8.0-RELEASE: ...
Step 3: Install the 8.0-RELEASE kernel and make sure you reboot for the new kernel to be used:
# freebsd-update install Installing updates... Kernel updates have been installed. Please reboot and run "freebsd-update install" again to finish installing updates. # shutdown -r now
Step 4: Install the rest of the 8.0-RELEASE:
# freebsd-update install Installing updates... done. Completing this upgrade requires removing old shared object files. Please rebuild all installed 3rd party software (e.g., programs installed from the ports tree) and then run "freebsd-update install" again to finish installing updates.
At this point, you will have the new os installed (kernel and userland), but some ports might still be linking to old libraries. You need to force rebuild all ports to make sure that os and ports are at the same level.
Step 5: Rebuild all installed ports
# portmaster -aDf
Once this is completed, run freebsd-update once again to remove stale libraries and reboot your system to complete the process.
Step 9: Remove old shared libraries and reboot
# freebsd-update install Installing updates... done. # shutdown -r now
That’s it. You should have a working 8.0 RELEASE by now. I haven’t tested it out myself yet, but I believe that you can use the same procedure starting from 6.3 RELEASE.
As usual, before starting of the process, make sure you have safe backup of your system. Though the process is pretty safe and tested, you still have no guarantee of not hosing your entire system to the point of no recovery 
.
Amitabh Kant
Recently, I had to install Lighttpd on a FreeBSD server. Now generally I install Apache as a web server, but this time because of the gains that Lighttpd has over Apache, I decided to give it a go. The following instructions have been primarily taken from http://trac.lighttpd.net/trac/wiki/TutorialInstallation, some changes primarily being for the path to more suit FreeBSD defaults.
Install lighttpd from ports (Update the ports tree before this)
cd /usr/ports/www/lighttpd make install clean
Make sure you have enabled FastCGI support in PHP.
Enable Lighttpd in rc.conf and edit it’s configuration:
echo lighttpd_enable=\"YES\" >> /etc/rc.conf cd /usr/local/etc/ cp lighttpd.conf.sample lighttpd.conf
Create some directories and files:
mkdir /usr/local/www/lighttpd mkdir /usr/local/www/lighttpd/log mkdir /usr/local/www/lighttpd/data touch /usr/local/www/lighttpd/log/lighttpd.error.log touch /usr/local/www/lighttpd/log/lighttpd.access.log
Make your new directories and files accessible by the user and group “www” that Lighttpd operates as:
chown -R www:www /usr/local/www/lighttpd
Edit lighttpd.conf
vi /usr/local/etc/lighttpd.conf
Change the values for directories and files as follows:
server.document-root = "/usr/local/www/lighttpd/data" server.errorlog = "/usr/local/www/lighttpd/log/lighttpd.error.log" accesslog.filename = "/usr/local/www/lighttpd/log/lighttpd.access.log"
Save and exit from the editor.
Test to make sure Lighttpd starts up properly:
/usr/local/etc/rc.d/lighttpd start
If you need to, you may shutdown lighttpd this way:
/usr/local/etc/rc.d/lighttpd stop
And then restart it with this:
/usr/local/etc/rc.d/lighttpd restart
If you get an error that says “permission denied”, check to make sure that the files and directories mentioned exist AND that user www has permission to operate on them. Also be sure that lighttpd.conf has been corrected from the non-working default version. If you get no errors, put an HTML file in /usr/local/www/lighttpd/data and try to load it up in your browser. If everything works, now enable PHP.
Edit lighttpd.conf once again
# vi /usr/local/etc/lighttpd.conf
"bin-path" => "/usr/local/bin/php-cgi", "broken-scriptfilename" => "enable"
Now make some more files and directories:
mkdir /var/run/lighttpd touch /var/run/lighttpd/php-fastcgi.socket
Make your new directories and files accessible by the user and group “www” that Lighttpd operates as:
chown -R www:www /var/run/lighttpd