[Jail] Freebsd ezjail ports install

Freebsd ezjail ports install

Official pagehttps://www.freebsd.org/doc/handbook/jails-ezjail.html

참고페이지: https://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/

https://www.davd.eu/posts-freebsd-jails-with-a-single-public-ip-address/

FreeBSD jail의 자세한 내용은 Freebsd 문서를 참고해 주시기 바랍니다.

 

FreeBSD11 에서 간단하게 사용해볼수 있는 Jail 설정에 관한 문서 입니다. zfs pool 사용의 경우 설치시 BSD 설치시 zfs 로 설치한 VM 을 사용하였습니다.

별도의 zfs의 구성으로 테스트를 진행하셔도 됩니다. ezjail 설치시 pkg install -y ezjail 로 설치 하여도 됩니다. 🙂

 

Jail network 설정

Jail 에서 사용할 lo1 Device 를 생성 합니다.

lo1 interface 설정 /etc/rc.conf 를 수정 합니다. 

jail 에서 사용할 가상 ip 를 10.0.0.1 ~ 10.0.0.9 까지 설정 합니다.

rc.conf 를 수정 합니다. 
root@bsd11:~ # vi /etc/rc.conf

#ifconfig_vtnet0="inet 192.168.0.40 netmask 255.255.255.0"
ifconfig_vtnet0_name="em0"
ifconfig_em0="inet 192.168.0.40 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
cloned_interfaces="lo1"
ipv4_addrs_lo1="10.0.0.1-9/29"


lo1 device 를 생성합니다.  
root@bsd11:~ # service netif cloneup
Created clone interfaces: lo1.
root@bsd11:~ # ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:40:19:eb
        hwaddr 52:54:00:40:19:eb
        inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        groups: lo
root@bsd11:~ #

 

lo1 interface 생성

root@bsd11:~ # service netif cloneup
Created clone interfaces: lo1.

root@bsd11:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:2c:0c:a0
        hwaddr 52:54:00:2c:0c:a0
        inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 10.0.0.1 netmask 0xfffffff8
        inet 10.0.0.2 netmask 0xffffffff
        inet 10.0.0.3 netmask 0xffffffff
        inet 10.0.0.4 netmask 0xffffffff
        inet 10.0.0.5 netmask 0xffffffff
        inet 10.0.0.6 netmask 0xffffffff
        inet 10.0.0.7 netmask 0xffffffff
        inet 10.0.0.8 netmask 0xffffffff
        inet 10.0.0.9 netmask 0xffffffff
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        groups: lo
root@bsd11:~ #

 

pf 방화벽 설정

IP_PUB 의 경우 em0 의 ip 입니다.

web-service 테스트를 위하여 443 , 80 port 를 10.0.0.1 로 보냅니다.

root@bsd11:~ # vi /etc/pf.conf
# Public IP address
IP_PUB="192.168.0.40"

# Packet normalization
scrub in all

# Allow outbound connections from within the jails
nat on em0 from lo1:network to any -> (em0)

# webserver jail at 10.0.0.1
rdr on em0 proto tcp from any to $IP_PUB port 443 -> 10.0.0.1
# just an example in case you want to redirect to another port within your jail
rdr on em0 proto tcp from any to $IP_PUB port 80 -> 10.0.0.1

root@bsd11:~ #

 

pf 방화벽 실행

root@bsd11:~ # sysrc pf_enable=YES
pf_enable: NO -> YES
root@bsd11:~ # service pf start
Enabling pf.

 

ezjail 설치

root@bsd11:~ # whereis ezjail
ezjail: /usr/ports/sysutils/ezjail
root@bsd11:~ # cd /usr/ports/sysutils/ezjail/ && make install clean
root@bsd11:/usr/ports/sysutils/ezjail # rehash
root@bsd11:/usr/ports/sysutils/ezjail #

 

resolv.conf 파일을 카피 합니다.

root@bsd11:~ # cp /etc/resolv.conf /usr/jails/newjail/etc/

 

ezjail 을 실행합니다. 

root@bsd11:/usr/ports/sysutils/ezjail # sysrc ezjail_enable=YES
ezjail_enable:  -> YES
root@bsd11:/usr/ports/sysutils/ezjail # service ezjail start

 

base jail template 생성

root@bsd11:~ # ezjail-admin install
base.txz                                      100% of   99 MB 2970 kBps 00m34s
lib32.txz                                     100% of   17 MB 2761 kBps 00m07s
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 11.1-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system...

 

ezjail-admin install 실행후 아래와 같은 디렉토리가 생성된것을 볼수 있습니다. 

root@bsd11:~ # ls -al /usr/jails
total 20
drwxr-xr-x   5 root  wheel  512 Mar  5 21:51 .
drwxr-xr-x  17 root  wheel  512 Mar  5 21:50 ..
drwxr-xr-x   9 root  wheel  512 Mar  5 21:51 basejail
drwxr-xr-x   3 root  wheel  512 Mar  5 21:51 flavours
drwxr-xr-x  13 root  wheel  512 Mar  5 21:51 newjail
root@bsd11:~ # ls -al /usr/jails/flavours/
total 12
drwxr-xr-x  3 root  wheel  512 Mar  5 21:51 .
drwxr-xr-x  5 root  wheel  512 Mar  5 21:51 ..
drwxr-xr-x  4 root  wheel  512 Mar  4 15:27 example
root@bsd11:~ # ls -al /usr/jails/basejail/
total 36
drwxr-xr-x   9 root  wheel   512 Mar  5 21:51 .
drwxr-xr-x   5 root  wheel   512 Mar  5 21:51 ..
drwxr-xr-x   2 root  wheel  1024 Mar  5 21:51 bin
drwxr-xr-x   9 root  wheel  1024 Mar  5 21:51 boot
drwxr-xr-x   4 root  wheel  1536 Mar  5 21:51 lib
drwxr-xr-x   3 root  wheel   512 Mar  5 21:51 libexec
drwxr-xr-x   2 root  wheel  2560 Mar  5 21:51 rescue
drwxr-xr-x   2 root  wheel  2560 Mar  5 21:51 sbin
drwxr-xr-x  11 root  wheel   512 Mar  5 21:51 usr
root@bsd11:~ # man /usr/jails
No manual entry for /usr/jails
root@bsd11:~ # ls -al /usr/local/etc/rc.d/ezjail
-rwxr-xr-x  1 root  wheel  8128 Mar  4 15:27 /usr/local/etc/rc.d/ezjail
root@bsd11:~ # ls -al /usr/local/etc/ezjail.conf
-rw-r--r--  1 root  wheel  2637 Mar  4 15:27 /usr/local/etc/ezjail.conf
root@bsd11:~ # ls -al /usr/local/etc/ezjail
total 8
drwxr-xr-x   2 root  wheel   512 Mar  4 15:27 .
drwxr-xr-x  12 root  wheel  1024 Mar  4 15:27 ..
root@bsd11:~ #

 

Jail 에서 사용할 ports 트리를 커밋 합니다.

root@bsd11:~ # ezjail-admin install -p

 

Test 를 위하여 httpd jail 을 생성 합니다. 

root@bsd11:~ # ezjail-admin create httpd 10.0.0.1
root@bsd11:~ # ezjail-admin start httpd
root@bsd11:~ # ezjail-admin list
STA JID  IP              Hostname                       Root Directory
--- ---- --------------- ------------------------------ ------------------------
DR  1    10.0.0.1        httpd                          /usr/jails/httpd
root@bsd11:~ #

 

jls 명령어로도 확인 가능 합니다. 

root@bsd11:~ # jls
   JID  IP Address      Hostname                      Path
     1  10.0.0.1        httpd                         /usr/jails/httpd
root@bsd11:~ #

 

 

httpd jail 생성후 파티션 확인

가상 파티션인 /usr/jails/httpd 가 생성 됩니다.

root@bsd11:~ # df -h
Filesystem             Size    Used   Avail Capacity  Mounted on
/dev/ada0s1a            18G     11G    6.1G    64%    /
devfs                  1.0K    1.0K      0B   100%    /dev
/usr/jails/basejail     18G     11G    6.1G    64%    /usr/jails/httpd/basejail
devfs                  1.0K    1.0K      0B   100%    /usr/jails/httpd/dev
fdescfs                1.0K    1.0K      0B   100%    /usr/jails/httpd/dev/fd
procfs                 4.0K    4.0K      0B   100%    /usr/jails/httpd/proc
root@bsd11:~ #

 

 

Jail console 로 httpd 로 접속 합니다.

root@bsd11:~ # ezjail-admin console httpd
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
root@httpd:~ #

 

 

httpd jail 에서 apache24 를 설치 합니다. 

ports 설치가 아닌 pkg 명령어를 통한 설치도 가능 합니다. 🙂

root@httpd:~ # make -C /usr/ports/www/apache24 config-recursive install
~중략
root@httpd:~ # sysrc apache24_enable=YES
apache24_enable:  -> YES
root@httpd:~ # cat /etc/rc.conf
apache24_enable="YES"


root@httpd:~ # vi /usr/local/etc/apache24/httpd.conf
ServerName www.example.com:80


root@httpd:~ # service apache24 start

root@httpd:~ # sockstat  -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
www      httpd      63005 3  tcp4   10.0.0.1:80           *:*
www      httpd      63004 3  tcp4   10.0.0.1:80           *:*
www      httpd      63003 3  tcp4   10.0.0.1:80           *:*
www      httpd      63002 3  tcp4   10.0.0.1:80           *:*
www      httpd      63001 3  tcp4   10.0.0.1:80           *:*
root     httpd      63000 3  tcp4   10.0.0.1:80           *:*
root     sendmail   3798  3  tcp4   10.0.0.1:25           *:*
root     syslogd    3718  6  udp4   10.0.0.1:514          *:*
root@httpd:~ #

 

 

접속 확인 

vm의 em0 에 설정되어있는 Public IP 192.168.0.40 으로 접속 하면 httpd jail 로 접속 하게 됩니다.

zroot/jails zfs pool 생성

최초 jail 구성시 먼저 zfs pool 을 생성 하고 작업을 합니다.

zfs 및 파일 시스템의 경우 별도로 포스팅 하겠습니다.

 

ezjail 설치 및 rc.conf 등록

root@bsd11:~ # pkg install -y ezjail
root@bsd11:~ # sysrc ezjail_enable=YES
ezjail_enable:  -> YES

 

ezjail 에서 zfs pool 을 사용하기 위하여 아래와 같이 ezjail.conf 를 수정합니다.

root@bsd11:~ # vi /usr/local/etc/ezjail.conf
# to collect them in this directory
 ezjail_jaildir=/usr/jails

~중략
# ZFS options

# Setting this to YES will start to manage the basejail and newjail in ZFS
 ezjail_use_zfs="YES"

# Setting this to YES will manage ALL new jails in their own zfs
 ezjail_use_zfs_for_jails="YES"

# The name of the ZFS ezjail should create jails on, it will be mounted at the ezjail_jaildir
 ezjail_jailzfs="zroot/jails"

 

zfs list 확인

root@bsd11:~ # zfs list
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zroot               1.66G  34.9G    88K  /zroot
zroot/ROOT           405M  34.9G    88K  none
zroot/ROOT/default   405M  34.9G   405M  /
zroot/tmp             88K  34.9G    88K  /tmp
zroot/usr           1.27G  34.9G    88K  /usr
zroot/usr/home        88K  34.9G    88K  /usr/home
zroot/usr/ports      665M  34.9G   665M  /usr/ports
zroot/usr/src        633M  34.9G   633M  /usr/src
zroot/var            584K  34.9G    88K  /var
zroot/var/audit       88K  34.9G    88K  /var/audit
zroot/var/crash       88K  34.9G    88K  /var/crash
zroot/var/log        136K  34.9G   136K  /var/log
zroot/var/mail        88K  34.9G    88K  /var/mail
zroot/var/tmp         96K  34.9G    96K  /var/tmp
root@bsd11:~ #

 

zfs jails pool 생성

root@bsd11:~ # zfs create -p zroot/jails
root@bsd11:~ # zfs set mountpoint=/usr/jails zroot/jails
root@bsd11:~ # zfs list
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zroot               1.66G  34.9G    88K  /zroot
zroot/ROOT           405M  34.9G    88K  none
zroot/ROOT/default   405M  34.9G   405M  /
zroot/jails           88K  34.9G    88K  /usr/jails
zroot/tmp             88K  34.9G    88K  /tmp
zroot/usr           1.27G  34.9G    88K  /usr
zroot/usr/home        88K  34.9G    88K  /usr/home
zroot/usr/ports      665M  34.9G   665M  /usr/ports
zroot/usr/src        633M  34.9G   633M  /usr/src
zroot/var            576K  34.9G    88K  /var
zroot/var/audit       88K  34.9G    88K  /var/audit
zroot/var/crash       88K  34.9G    88K  /var/crash
zroot/var/log        136K  34.9G   136K  /var/log
zroot/var/mail        88K  34.9G    88K  /var/mail
zroot/var/tmp         88K  34.9G    88K  /var/tmp
root@bsd11:~ #


변경전
zroot/jails           88K  34.9G    88K  /zroot/jails

변경후
zroot/jails           88K  34.9G    88K  /usr/jails

 

ezjail-admin install 을 실행하여 jails 에 필요한 디렉토리를 생성 합니다.

root@bsd11:~ # ezjail-admin install
base.txz                                        7% of   99 MB 2270 kBps 00m47s
lib32.txz                                     100% of   17 MB 1805 kBps 00m10s

 

디렉토리 확인 

root@bsd11:~ # df -h |grep -i jails
zroot/jails              35G    104K     35G     0%    /usr/jails
zroot/jails/basejail     35G    296M     35G     1%    /usr/jails/basejail
zroot/jails/newjail      35G    4.7M     35G     0%    /usr/jails/newjail

ZFS 사용시 아래와 같이 ro -> rw 로 변경해야 ports 설치가 가능합니다.

root@bsd11:~ # vi /etc/fstab.httpd
/usr/jails/basejail /usr/jails/httpd/basejail nullfs rw 0 0

다른부분은 위와 동일 합니다. 🙂

 

apache24+php71 jail & mariadb101 jail 구성

httpd jail : apache24+php71 / ip-adress 10.0.0.1

database jail : mariadb101 / ip-address 10.0.0.2

 

Freebsd APM 설치 참고:

[apm] apache24-php71-mariadb102 설치

 

pf.conf 설정을 변경하여 3306 port 를 10.0.0.2 설정 합니다.

root@bsd11:~ # vi /etc/pf.conf
# Public IP address
IP_PUB="192.168.0.40"

# Packet normalization
scrub in all

# Allow outbound connections from within the jails
nat on em0 from lo1:network to any -> (em0)

# webserver jail at 10.0.0.1
rdr on em0 proto tcp from any to $IP_PUB port 443 -> 10.0.0.1
# just an example in case you want to redirect to another port within your jail
rdr on em0 proto tcp from any to $IP_PUB port 80 -> 10.0.0.1

#mariadb jail at 10.0.0.2
rdr on em0 proto tcp from any to $IP_PUB port 3306 -> 10.0.0.2

 

apache24 와 php7 을 사용할 httpd jail 을 생성 및 실행

root@bsd11:~ # ezjail-admin create httpd 10.0.0.1
root@bsd11:~ # cp /etc/resolv.conf /usr/jails/httpd/etc/
root@bsd11:~ # ezjail-admin start httpd

 

mariadb101 에서 사용할 database jail 을 생성 및 실행

root@bsd11:~ # ezjail-admin create database 10.0.0.2
root@bsd11:~ # cp /etc/resolv.conf /usr/jails/database/etc/
root@bsd11:~ # ezjail-admin start database

 

파일시스템을  rw 로 수정 합니다.

root@bsd11:~ # vi /etc/fstab.httpd
/usr/jails/basejail /usr/jails/httpd/basejail nullfs rw 0 0

root@bsd11:~ # vi /etc/fstab.database
/usr/jails/basejail /usr/jails/database/basejail nullfs rw 0 0

 

 

jail list 확인및 httpd jail 접속

jail 접속시 ezjail-admin console 명령어를 사용합니다.

root@bsd11:~ # ezjail-admin list
STA JID  IP              Hostname                       Root Directory
--- ---- --------------- ------------------------------ ------------------------
ZS  N/A  10.0.0.1        httpd                          /usr/jails/httpd
ZS  N/A  10.0.0.2        database                       /usr/jails/database
root@bsd11:~ # ezjail-admin console httpd
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
root@httpd:~ #

 

apache24  설치

root@httpd:~ # make -C /usr/ports/www/apache24 config-recursive install
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/apache24/mod_cgid.so

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/apache24
/usr/local/etc/rc.d/htcacheclean

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://httpd.apache.org/
root@httpd:~ #

 

php71 설치

jail 내부라 zfs enable 도 필요 없어 make config 가 의미가 있을지는 모르나 php71 에서는 make config 를 눌러 OK 를 선택 합니다.

의미는 없어 보입니다. 🙂

root@httpd:~ # cd /usr/ports/lang/php71/
root@httpd:/usr/ports/lang/php71 # make config


root@httpd:/usr/ports/lang/php71-extensions # cd
root@httpd:~ # make -C /usr/ports/lang/php71-extensions config-recursive install

설치 옵션에서 CURL FTP GD MYSQLi OPENSSL SOCKETS PDF SNMP ZIP 선택후 설치를 진행 합니다. 

 

mod_php71 설치

root@httpd:~ # pkg install -y mod_php71

ports 설치시 error 가 발생함으로 pkg 명령어를 이용하여 설치 합니다.

설치후 메세지

Message from mod_php71-7.1.14:

***************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

*********************************************************************

If you are building PHP-based ports in poudriere(8) with ZTS enabled,
add WITH_MPM=event to /etc/make.conf to prevent build failures.

*********************************************************************

 

 

mraidb101 설치

database jail 로 접속 합니다.

root@bsd11:~ # ezjail-admin console database

 

mariadb101 을 설치 합니다.

root@bsd11:~ # make -C /usr/ports/databases/mariadb101-server/ config-recursive install

 

httpd jail 설정

rc.conf 에 apache24 enable 추가

root@bsd11:~ # ezjail-admin console httpd
root@httpd:~ # sysrc apache24_enable=YES
apache24_enable:  -> YES
root@httpd:~ #

 

apache24 setting

root@httpd:~ # cd /usr/local/etc/apache24/
root@httpd:/usr/local/etc/apache24 # cp httpd.conf httpd.conf.org
root@httpd:/usr/local/etc/apache24 # vi httpd.conf
<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>


ServerName 10.0.0.1:80

    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .php .inc .html
    AddType application/x-httpd-source .phps

 

 

php.ini 파일 카피

root@httpd:~ # cd /usr/local/etc/
root@httpd:/usr/local/etc # cp php.ini-production php.ini

 

php.conf 파일생성

root@httpd:~ # vi /usr/local/etc/apache24/extra/php.conf
<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>

 

apache24 실행

root@httpd:/usr/local/etc/apache24 # service apache24 restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 21662.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@httpd:/usr/local/etc/apache24 #

 

 

database jail 설정

database jail 에 접속 하여 mariadb101 을 설정 합니다.

mariadb 실행후 db Password 를 설정 합니다.

root@bsd11:~ # ezjail-admin console 
root@database:~ # sysrc mysql_enable=YES
mysql_enable:  -> YES

mariadb102 Daemon 실행및 password 설정

root@database:~ # service mysql-server start
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following commands:

'/usr/local/bin/mysqladmin' -u root password 'new-password'
'/usr/local/bin/mysqladmin' -u root -h database password 'new-password'

Alternatively you can run:
'/usr/local/bin/mysql_secure_installation'

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mysqld_safe --datadir='/var/db/mysql'

You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/local/mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
Get Involved
Starting mysql. root@database:~ # /usr/local/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! root@database:~ #

 

my.cnf 파일 복사 및 character-set 변경

bind-address 를 0.0.0.0 으로 설정시 외부에서 접속 할수 있습니다.

pf 에서 별도로 설정을 하여 내부에서만 사용하게 설정해야 합니다. // 해당 설정의 경우 별도로 정리 하지 않았습니다.

root@database:~ # cp /usr/local/share/mysql/my-large.cnf /usr/local/etc/my.cnf
root@database:~ # vi /usr/local/etc/my.cnf

[client]
#password       = your_password
port            = 3306
socket          = /tmp/mysql.sock
default-character-set = utf8


# The MariaDB server
[mysqld]
bind-address=0.0.0.0
character-set-server=utf8
skip-character-set-client-handshake

 

mariadb 재시작 및 status 확인

root@database:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.1.31-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status;
--------------
mysql  Ver 15.1 Distrib 10.1.31-MariaDB, for FreeBSD11.1 (amd64) using readline 5.1

Connection id:          3
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          more
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.1.31-MariaDB FreeBSD Ports
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /tmp/mysql.sock
Uptime:                 11 sec

Threads: 1  Questions: 4  Slow queries: 0  Opens: 17  Flush tables: 1  Open tables: 11  Queries per second avg: 0.363
--------------

MariaDB [(none)]>

db 설정이 완료 되었습니다.

 

Test 를 위하여 WordPress 를 설치해 봅니다. 🙂

WordPress 는 https://ko.wordpress.org/download/ Site 에서 다운 받으실수 있습니다.

host 에서 wordpress 파일을 httpd jail 의 root 디렉토리로 카피 합니다.

root@bsd11:~ # cp wordpress-4.9.4-ko_KR.zip /usr/jails/httpd/root/

 

test.php 파일 생성

root@httpd:~ # cd /usr/local/www/apache24/data
root@httpd:/usr/local/www/apache24/data # vi test.php

 

phpinfo 확인

WordPress 설치할 준비가 끝났습니다. 🙂

 

database jail  / db 생성

user 명 wp  / database wp / password password 입니다.

원격에서 접속 할수 있게 localhost 가 아닌 % 권한을 줍니다.

root@database:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.31-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database wp;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> GRANT ALL ON wp.* TO 'wp'@'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> quit;
Bye
root@database:~ #

 

외부에서 원격 로그인으로 db 로 접속을 테스트 합니다.

root@bsd11:~ # pkg install mariadb101-client
root@bsd11:~ # mysql -h10.0.0.2 -uwp -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.31-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

 

httpd jails 에서 wordpress 파일을 압축해제 합니다.

root@httpd:~ # cp wordpress-4.9.4-ko_KR.zip /usr/local/www/apache24/data/
root@httpd:/usr/local/www/apache24/data # tar xvf wordpress-4.9.4-ko_KR.zip
root@httpd:/usr/local/www/apache24/data # chown -R www:www wordpress

 

web browser 

 

Let’s go! 를 클릭합니다.

데이터베이스 호스트에 database jail ip 를 입력 합니다. 

 

설치 실행하기를 클릭하여 설치를 진행합니다. 

 

WordPress 기본정보 기입후 워드프레스 설치하기를 클릭합니다. 

 

워드프레스 설치가 완료 되었습니다. 

 

로그인 확인 

 

 

 

 

 

댓글 남기기