Build and install FreeBSD 9.0 Production Release with the versions Software and Servers hosting,
to serve and administer Name of Domain, Web site and Database with following « Groupware » :
Contrary to the previous versions which included sysinstall as installation interface, FreeBSD in version 9.0 uses a new installation program named bsdinstall.
One New Schemes of partitioning GUID Partition Table integrates this new version. GPT partitioning is usually the most appropriate choice for PC-compatible computers. Older PC operating systems that are not compatible with GPT may require MBR partitioning instead.
Motherboard Maximus IV GENE-Z - Chipset Intel Z68 - Socket LGA 1155
Intel Z68 2 x ports SATA 6 Gb/s, 4 x ports SATA 3 Gb/s
Ethernet em0 Intel 82579 - 10 Mbps Ethernet, 100 Mbps Fast Ethernet, 1000 Mbps Gigabit Ethernet
Intel Core i7-2600 (3.4 GHz) - Quad Core Socket 1155 DMI 5 GT/s Cache L3 8 Mo 0,32 nm - Intel Sandy Bridge Architecture
Kingston HyperX Dual Channel 4 Go (kit 2 x 2 Go) DDR3 1600 MHz CL7 1,65 V - KHX1600C7D3K2/4GX
PNY Quadro FX 580 PCIE - 512 Mo Dual DisplayPort/DVI - PCI Express (NVIDIA Quadro FX 580)
Ethernet em1 et em2 - Intel PRO/1000 PT Dual Port Server - EXPI9402PT
Two Disks Caviar® Black™ 500 Go, 6 Gb/s, 32 Mo de cache, 7200 tr/mn - Modèle : WD5002AALX
Plextor PX-L890SA - DVD(+/-)RW/RAM 24/8/24/6/12x DL(+/-) 12/12x CD-RW 48/24/48x LightScribe SATA - Noir
Modular power supply cable system - Seasonic X-560 80PLUS Gold Power supply 560W ATX 12V/EPS 12V
Case Lian Li PC-8NWX - Aluminium Mid-tower case
SATA Controller on Maximus IV GENE-Z Motherboard with Two Disks Western Digital
Caviar® Black™ 500 Go, 6 Gb/s, 32 Mo de cache, 7200 tr/mn - Modèle : WD5002AALX
* The size of the partition /var is voluntarily increased, it contains the MySQL databases in /var/db/mysql.
Network Configuration
Section
Example
Comment
Host
product.site-name.com
The hostname followed by the Domain Name
Domain
site-name.com
The Domain Name of main of the Server
IPv4 Gateway
192.168.1.254
TCP/IP Address of the Router or more precisely the « Gateway » (Footbridge)
Name Server
80.10.246.2
Primary Address DNS Server of the access provider (ISP) here that of Orange.fr
IPv4 Address
192.168.1.1
TCP/IP Address of the Ethernet interface Network selected
Netmask
255.255.255.0
The mask of sub-network or Netmask
3. Perform installing
Phases various of the installation from bsdinstall.
Installation example for a virtual Server in VirtualBox.
Keyboard choice other one than that by default.
Azerty PC‘s Keyboard accentuated, for example.
Azerty Mac‘s Keyboard accentuated, for example.
Machine Name or Hostname followed by the Domain Name. Example : product.c-extra.net
Optional installation of the System components.
Message obtained with an image installation from Netinstall which does not possess on the support of installation the necessary components. The configuration of the network parameters will be obligatory to download components by Internet.
Selecting a network interface.
Interrogation on the parameters of the IPV4 network interface selected, answer Yes.
Interrogation on the utilisation of DHCP with Interface selected network, answer No.
Interface configuration static address network, see previous description.
Interrogation on the IPV6 parameters of the selected network interface, answer No.
DNS Resolver configuration for the outgoing resolution of the Domain Name. Example :
c-extra.net
80.10.246.2
80.10.246.129
IP address of DNS Servers primary and secondary of Orange.fr
Selection one Mirror or FTP Server.
Selection the partitioning mode, Guided, Manael or Shell. Choose : Guided
Selection of the Disk in its entirety.
Message announcing the erasure of the existing Partitions.
Display the Table of the automatic Partitioning.
Delete the Partitions ada0p2 and ada0p3 by using Delete. We obtain the result above.
Create one Partition of Type freebsd-ufs of size 4GB mount point /
Create one Partition of Type freebsd-swap of size 4GB mount point none
Continue the Disk Partitioning to obtain the result above, then select Finish.
Select Committed to apply the Partition Table, the Disk formatting, and after the installation of FreeBSD.
The Kernel is Updated in version FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012
When the Update is ended, restart the Server with shutdown -r now
shutdown -r now For only restart a FreeBSD system
shutdown -p now To stop and cut power supply for a FreeBSD system
We must be in Super-user « root » mode or a member of operator group to run the command : shutdown
5. Update FreeBSD 9.0
In the first one make the Update of the components of the installing, what is essential, because practically with time all the versions of Packages and their dependences will be obsolete since the release of FreeBSD 9.0 on January 12th, 2012.
FreeBSD which incidentally is very well maintained and possesses rather brilliant orders to update or for install components as well as their dependences.
Let us use the power of the System to have no errors of compilation, the presented method is of the simplest.
Connect to the Server in Super-user mode « root ».
The console is with a French keyboard, for example.
– In console mode, seize the following commands ending by the seizure with Entry key.
portsnap fetch update
portsnap extract
It changes the list of components software of the System constituted from 23 284 Packages, after these two operations, we can really begin the procedure of installation of Ports and the Server install.
Connect to the Server in Super-user mode « root ».
– In console mode, seize the following commands ending by the seizure with Entry key.
pkg_add -r portupgrade
Restart the Server with shutdown -r now
– Seize the following commands ending by the seizure with Entry key.
Install Webmin after to have installed Perl and to have prepared the configuration files with another machine.
Remark : Use the fetch command to download Webmin with the following syntax:
– Seize the following commands ending by the seizure with Entry key.
cd /usr/local fetch http://prdownloads.sourceforge.net/webadmin/webmin-1.580.tar.gz gunzip webmin-1.580.tar.gz tar -xvf webmin-1.580.tar cd webmin-1.580 ./setup.sh
Remark : With using Webmin you will be able to configure the Server.
With Webmin click on the icon Others then Upload et Download then Upload to server ou Download from server according to the selected option.
Upload et Download
Allows to download one or several files with the computer which administers a local or remote System with Webmin in a Web browser.
Upload files to server
Files to upload
File or directory to upload to
Create directory if needed?
Owned by user
Owned by group
Default
Extract ZIP or TAR files?
Yes, then delete
Yes
No
Send email when uploads are done?
No
Yes, to address
Allows to download a file and save it on the computer which administers a local or remote system with Webmin in a Web browser.
Download file from server to PC
File to download
Show in browser if possible?
Yes
No
After the FreeBSD installing, the syntax must be correct concerning the Machine Name and the Hostname in the File /etc/hosts
About the File hosts of FreeBSD I read quite a lot of stupidities on the Net, especially concerning Apache, Bind et MySQL, the correct syntax is that presented below, this gives complete satisfaction with the aforesaid Servers.
The File /etc/hosts is to be copied with Webmin in the Server and of course to adapt for its own Web sites.
# FreeBSD /etc/rc.conf
#
# -- sysinstall generated deltas -- # Thu Jan 12 08:00:00 2012
# Created: Thu Jan 12 08:00:00 2012
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.1.254"
hostname="product.c-extra.net"
ifconfig_em1="inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255"
ifconfig_em2="inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255"
ifconfig_em0="inet 192.168.16.1 netmask 255.255.255.0 broadcast 192.168.16.255"
ifconfig_em0_alias0="inet 192.168.16.10 netmask 255.255.255.255 broadcast 192.168.16.10"
named_enable="YES"
ntpdate_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
#proftpd_enable="YES"
#samba_enable="YES"
webmin_enable="YES"
mysql_server_enable="YES"
dbus_enable="YES"
hald_enable="YES"
avahi_daemon_enable="YES"
keymap="fr.macbook.acc.kbd"
#nfs_server_enable="YES"
#rpcbind_enable="YES"
apache22_enable="YES"
sshd_enable="YES"
inetd_enable="YES"
#postgresql_enable="YES"
For to compile gcc it is necessary to copy this file /boot/loader.conf with Webmin.
# FreeBSD /boot/loader.conf
# Kernel tunables
kern.maxdsiz="734003200" # Set the max data size
# Sound modules
sound_load="YES" # Digital sound subsystem
snd_emu10kx_load="YES" # Creative SoundBlaster Live and Audigy*
* For find the Driver of the Sound card with a FreeBSD Machine, visit the Website Sound Devices find the Name of the chipset of the Driver of the Sound card, look if the Name of the chipset exists in this file /boot/defaults/loader.conf In the section Sound modules, then copy him in the file /boot/loader.conf as indicated above.
Restart the Server with shutdown -r now
Domain Name Resolve
With Webmin click on the icon Networking then Network Configuration then Hostname and DNS Client must be configured as below.
DNS Client Options
Hostname
Update hostname in host addresses if changed?
Resolution order
DNS Servers
Search domains
None
Listed
Remark :
80.10.246.2
80.10.246.129
IP address of DNS Servers primary and secondary of Orange.fr
Network settings for the three ethernet interfaces of the Server
When a Server possesses several Ethernet Interfaces, parametrize the appropriate network classes with Webmin, as in the example displayed and exposed here.
Warning, the Name of the Ethernet Interfaces can be different.
With Webmin in section Networking then Network Configuration then Network Interfaces Add a new interface (Add virtual interface).
Click on em1 of the section Active Now then on (Add virtual interface).
Redo the operation, Click on em1 of the section Activated at Boot.
* Broadcast address 192.168.16.255 for IP Address 192.168.16.1 /24 or Netmask 255.255.255.0
* Ethernet (Virtual) Broadcast address 192.168.16.10 for IP Address 192.168.16.10 /32 or Netmask 255.255.255.255
* Broadcast address 192.168.1.255 for IP Address 192.168.1.1 /24 or Netmask 255.255.255.0
* Broadcast address 192.168.2.255 for IP Address 192.168.2.1 /24 or Netmask 255.255.255.0
We have to obtain a similar result, according to selection the network class.
Active Now
Select all. | Invert selection. | Add a new interface.
Name
Type
IP Address
Netmask
Status
em0
Gigabit ethernet
192.168.16.1
255.255.255.0
Up
em0:0
Ethernet (Virtual)
192.168.16.10
255.255.255.255
Up
em1
Ethernet
192.168.1.1
255.255.255.0
Up
em2
Ethernet
192.168.2.1
255.255.255.0
Up
lo0
Loopback
127.0.0.1
255.0.0.0
Up
Select all. | Invert selection. | Add a new interface.
Activated at Boot
Select all. | Invert selection. | Add a new interface. | Add a new address range.
Name
Type
IP Address
Netmask
Activate at boot?
em0
Gigabit ethernet
192.168.16.1
255.255.255.0
Yes
em0:0
Ethernet (Virtual)
192.168.16.10
255.255.255.255
Yes
em1
Ethernet
192.168.1.1
255.255.255.0
Yes
em2
Ethernet
192.168.2.1
255.255.255.0
Yes
Select all. | Invert selection. | Add a new interface. | Add a new address range.
With Webmin in section Networking then Network Configuration Click on
for restart the network services.
Restart the Server with shutdown -r now
SSH Configure
With Webmin click on the icon Servers then SSH Server then Authentication must be configured as below.
Authentication
Login and authentication options
Allow authentication by password?
Yes
No
Permit logins with empty passwords?
Yes
No
Allow login by root?
Allow RSA (SSH 1) authentication?
Yes
No
Allow DSA (SSH 2) authentication?
Yes
No
Check permissions on key files?
Yes
No
Display /etc/motd motd at login?
Yes
No
Ignore users' known_hosts files?
Yes
No
Pre-login message file
None
User authorized keys file
Default (~/.ssh/authorized_keys)
Fichier dans home
Ignore .rhosts files?
Yes
No
Click on the Save button.
With Webmin click on the icon Servers then SSH Server then Networking must be configured as below.
Networking
Networking options
Listen on addresses
All addresses
Entered below ...
Address
Port
Default
Default
Listen on port
Default (22)
Accept protocols
SSH v1
SSH v2
Disconnect if client has crashed?
Yes
No
Time to wait for login
Forever
seconds
Allow TCP forwarding?
Yes
No
Allow connection to forwarded ports?
Yes
No
Click on the Save button.
Remark : Stop and Start the SSH Server
For is connect to remote server on a local class of network:
ssh -l root 192.168.16.1
The authenticity of host ’192.168.16.1 (192.168.16.1)’ can’t be established.
DSA key fingerprint is 4f:3e:22:4d:x0:72:1a:x2:73:x6:c0:87:c4:53:52:96. In this example the SSH key is false, naturally. Are you sure you want to continue connecting (yes/no)? yes
Connection closed by 192.168.16.1
product# ssh -l root 192.168.16.1
Password: Enter the password for the remote Server.
Remark : We obtain the display below in a Terminal window after an established connection:
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it’s updated frequently.
o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they’re also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a’, along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD’s directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man’.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
product#
Remark : If accidentally, this takes place badly, one little always to erase the file /root/.ssh/known_hosts and repeat the operation..
From now on, the installation can run in remote login with SSH.
7. Packages Installing
It's better to compile all packages them of the Server for two reasons:
We possess all the sources of Packages in the Server, what can be very useful during the installation of another Server and that we cannot reach or download the sources of Packages on the Web.
Compiling with its processor the Packages, this greatly improves the reliability of the Server then this is equivalent to having a system written for its machine.
And then especially, always to realize an installation of FreeBSD in the time with the Packages sources up to date.
Arrived at this stage, it is very simple to install and configure a Server without breaking the head.
Like an Unix is developed in C and C ++ we shall start with the following components:
– Seize the following commands ending by the seizure with Entry key.
Connect to the Server with SSH in Super-user mode « root ».
– Seize the following commands ending by the seizure with Entry key.
Xorg -configure
What generates a file named xorg.conf.new in the directory /root then execute the following command:
mv xorg.conf.new /etc/X11/xorg.conf
After installing the Xorg-7.5 will be able to configure the French Keyboard for the example or in another language.
With Xorg-7.4 the configuration of the keyboard has changed, we do not proceed any more as before with the previous versions. This is not dependent on the version of FreeBSD but on the version of Xorg.
With Unix it is better to choose the Character set encoding UTF-8.
After it is enough to copy this file with Webmin which concerns the keyboard with the following syntax:
We can install MySQL-5.1 or MySQL-5.5 according to the preference of each. These two installations are similar, but differ in certain points. Paragraphs below enunciate the variants of their respective installation.
MySQL-5.1 Version
Warning, it is necessary to install this Package libnss-mysql without this one the PHP does not display in Firefox.
– Seize the following commands ending by the seizure with Entry key.
After the packages compiling, with Webmin click on the Icon Servers then MySQL Database Server then click on the Module Config tab and parametrize following both lines:
Path to MySQL databases directory
/var/db/mysql
MySQL configuration file
/usr/local/etc/my.cnf
Copy the my.cnf File in the directory /usr/local/etc
With Firefox to right click on the link my.cnf Save Link As... by reappointing him .cnf
# Generated by Eric Douzet - Mon Jun 30 12:00:00 2008
#
# FreeBSD /usr/local/etc/my.cnf
#
[mysqld]
datadir = /var/db/mysql
socket = /tmp/mysql.sock
user=mysql
[mysqld_safe]
log-error = /var/log/mysqld.log
Remark : Generate the MySQL Databases
– Seize the following commands in a Teminal ending by the seizure with Entry key.
cd /usr/local/bin
mysql_install_db --user=mysql
With Webmin launch MySQL and click on the Icon Change Administration Password to change the Administrator Password of Mysql.
For to launch automatically MySQL at Server boot or the starting up of FreeBSD with Webmin click on the Icon System then on the Icon Bootup and Shutdown and click on mysql-server and modify the variable from Script of Edit Action tab, on the Action Script form, as below:
: ${mysql_enable="YES"}
MySQL-5.1 will be automatically launched by the rc.conf File.
MySQL-5.5 Version
Warning, it is necessary to install this Package libnss-mysql without this one the PHP does not display in Firefox.
– Seize the following commands ending by the seizure with Entry key.
After the packages compiling, with Webmin click on the Icon Servers then MySQL Database Server then click on the Module Config tab and parametrize following both lines:
Path to MySQL databases directory
/var/db/mysql
MySQL configuration file
/usr/local/etc/my.cnf
Copy the my.cnf File in the directory /usr/local/etc
With FreeBSD 9.0 Selecting the apache-2.2.22_5 version which is a must of speed and stability, this version possess much more security and is preferable. If the programmers of The Apache Software Foundation have completely rewritten this version of HTTP Server Apache is not for nothing.
Apache is the most popular of Web Servers on the Internet and that since April 1996 this is a benchmark for Web Server, personally I do not know better.
Install Apache – Seize the following command ending by the seizure with Entry key.
portupgrade -N apache-2.2.22_5
Version 2.2.x of Apache web server with prefork MPM.
When the form of compiling Options for apache-2.2.22_5 appears, select with the spacebar besides those selected the following option:
[X] SUEXEC Enable mod_suexec
Press the Tab key on the keyboard to reach the validation field [ OK ] afterward press Enter Key to continue the installing.
Create the following directories:
# mkdir cgi-bin
# mkdir error
# mkdir html
# mkdir icons
# mkdir usage
# ls
cgi-bin error html icons usage
#
This gives that directory tree:
/usr/local
/www
/cgi-bin
/error
/html
/icons
/usage
Remark : Copy the contents of directories /cgi-bin /error /icons from /usr/local/www/apache22/ in those from /usr/local/www/ it goes without saying, of course.
Erase the directory /apache22 after copying everything in it in the directory /usr/local/www
# cd /usr/local/www/
# ls
apache22
# rm -r apache22/
#
Remark : For generate the Package apache-2.2.22_5 - Version 2.2.x of Apache web server with prefork MPM. - Do not delete this file or directory.
After the packages compiling, with Webmin click on the Icon Servers then Apache Webserver then click on the Module Config tab and parametrize the following four lines:
Path to httpd.conf or apache2.conf
/usr/local/etc/apache22/httpd.conf
Path to srm.conf
/usr/local/etc/apache22/srm.conf
Path to access.conf
/usr/local/etc/apache22/access.conf
Path to mime.types
/usr/local/etc/apache22/mime.types
Install PHP – Seize the following command ending by the seizure with Entry key.
Among others, it is for that reason that it is imperative to copy him after installing of PHP5.
Remark : Enable the Virtual Host Name in removing the character # In the beginning of line as below of the File httpd.conf according to the used network class when the Virtual Host Name is configured.
It remains to edit the File php.ini-production of directory /usr/local/etc with xfe and save under the name php.ini in the Directory /usr/local/etcc and restart the server.
Remark : Each compiling of PHP5 generates the following line in the File httpd.conf It is necessary to delete this doubloon.
Remark : bind98-9.8.1.1 Is already installed, you should not replace him.
After the installing of FreeBSD 9.0, with Webmin click on the icon Servers then BIND DNS Server then click on the tab Module Config and parametrize the following line:
Full path to the rndc.conf file /var/named/etc/namedb/rndc.conf
We can then generate the RNDC key with the icon Setup RNDC.
Bind works in environment chroot
chroot is a command of operating system UNIX allowing to change the root directory of a process of the host machine.
This command allows to isolate the execution of a program to avoid the hostilities of malevolence, as the operation of a buffer overflow, then access the root directory of the host machine.
This also allows to run multiple instances of the same set of services or daemons on the same host machine.
Directory of the configuration Files /var/named/etc/namedb
Remark : From this stage, it is not compulsory to install a graphic Interface, the System is operational to host the Web sites. The network and Webmin are amply sufficient for to administer this FreeBSD Server.
Installation without graphic Interface : Packages list
I disadvise strongly the use of a Graphic Interface for one production Server, for an ease of maintenance and Update.
The Xfe soft as File Manager and as Text editor with the local Server. When to the Servers administration software, Webmin can do everything at local or remote with the SSL protocol. Consider a production Server as one firewall Router, as by example the Zywall 5 from the Zyxel range, which possesses only a Web interface to configure it, dependent not system.
Remark : One specific Network Interface for the Local Area Network is necessary, especially if we have to use one SMB network, which has to use a different network class for the security.
