Freebsd httpd-vhost.conf 설정

참고페이지: https://httpd.apache.org/docs/2.4/ko/sections.html

FreeBSD apache24 vhost 설정으로 wiki.test.com / blog.test.com 을 설정하는 내용입니다.

 

blog.test.com VirtualHost 추가

blog.test.com 으로 사용할 Direcoty 생성 및 Directory 권한설정

root@bsd11:~ # mkdir /www
root@bsd11:~ # chown www:www /www/

 

apache24 설정 변경

root@bsd11:~ # vi /usr/local/etc/apache24/httpd.conf
~중략
# Virtual hosts
Include etc/apache24/extra/httpd-vhosts.conf

LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so


root@bsd11:~ # cd /usr/local/etc/apache24/extra/
root@bsd11:/usr/local/etc/apache24/extra # vi httpd-vhosts.conf

<VirtualHost *:80>
    ServerAdmin admin@test.com
    DocumentRoot "/usr/local/www/dokuwiki"
    ServerName wiki.test.com
    ErrorLog "/var/log/wiki.test.com-error_log"
    CustomLog "/var/log/wiki.test.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin admin@test.com
    DocumentRoot "/www"
    ServerName blog.test.com
    ErrorLog "/var/log/blog.test.com-error_log"
    CustomLog "/var/log/blog.test.com-access_log" common
     <Directory "/www">
        AllowOverride None
        Order Allow,deny
        Allow from all
     </Directory>
</VirtualHost>

 

httpd.conf 나 httpd-vhost.conf 에 사용할 디렉토리 설정을 추가해야 됩니다.

<Directory "/www">
   AllowOverride None
   Order Allow,deny
   Allow from all
</Directory>

 

설정을 마친후 apache24 를 재시작 합니다.

root@bsd11:~ # service apache24 restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 1125.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@bsd11:~ #

 

web browser 확인

 

 

Freebsd ezjail ports install

Official pagehttps://www.freebsd.org/doc/handbook/jails-ezjail.html

참고페이지: https://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/

https://www.davd.eu/posts-freebsd-jails-with-a-single-public-ip-address/

FreeBSD jail의 자세한 내용은 Freebsd 문서를 참고해 주시기 바랍니다.

 

FreeBSD11 에서 간단하게 사용해볼수 있는 Jail 설정에 관한 문서 입니다. zfs pool 사용의 경우 설치시 BSD 설치시 zfs 로 설치한 VM 을 사용하였습니다.

별도의 zfs의 구성으로 테스트를 진행하셔도 됩니다. ezjail 설치시 pkg install -y ezjail 로 설치 하여도 됩니다. 🙂

 

Jail network 설정

Jail 에서 사용할 lo1 Device 를 생성 합니다.

lo1 interface 설정 /etc/rc.conf 를 수정 합니다. 

jail 에서 사용할 가상 ip 를 10.0.0.1 ~ 10.0.0.9 까지 설정 합니다.

rc.conf 를 수정 합니다. 
root@bsd11:~ # vi /etc/rc.conf

#ifconfig_vtnet0="inet 192.168.0.40 netmask 255.255.255.0"
ifconfig_vtnet0_name="em0"
ifconfig_em0="inet 192.168.0.40 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
cloned_interfaces="lo1"
ipv4_addrs_lo1="10.0.0.1-9/29"


lo1 device 를 생성합니다.  
root@bsd11:~ # service netif cloneup
Created clone interfaces: lo1.
root@bsd11:~ # ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:40:19:eb
        hwaddr 52:54:00:40:19:eb
        inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        groups: lo
root@bsd11:~ #

 

lo1 interface 생성

root@bsd11:~ # service netif cloneup
Created clone interfaces: lo1.

root@bsd11:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:2c:0c:a0
        hwaddr 52:54:00:2c:0c:a0
        inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 10.0.0.1 netmask 0xfffffff8
        inet 10.0.0.2 netmask 0xffffffff
        inet 10.0.0.3 netmask 0xffffffff
        inet 10.0.0.4 netmask 0xffffffff
        inet 10.0.0.5 netmask 0xffffffff
        inet 10.0.0.6 netmask 0xffffffff
        inet 10.0.0.7 netmask 0xffffffff
        inet 10.0.0.8 netmask 0xffffffff
        inet 10.0.0.9 netmask 0xffffffff
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        groups: lo
root@bsd11:~ #

 

pf 방화벽 설정

IP_PUB 의 경우 em0 의 ip 입니다.

web-service 테스트를 위하여 443 , 80 port 를 10.0.0.1 로 보냅니다.

root@bsd11:~ # vi /etc/pf.conf
# Public IP address
IP_PUB="192.168.0.40"

# Packet normalization
scrub in all

# Allow outbound connections from within the jails
nat on em0 from lo1:network to any -> (em0)

# webserver jail at 10.0.0.1
rdr on em0 proto tcp from any to $IP_PUB port 443 -> 10.0.0.1
# just an example in case you want to redirect to another port within your jail
rdr on em0 proto tcp from any to $IP_PUB port 80 -> 10.0.0.1

root@bsd11:~ #

 

pf 방화벽 실행

root@bsd11:~ # sysrc pf_enable=YES
pf_enable: NO -> YES
root@bsd11:~ # service pf start
Enabling pf.

 

ezjail 설치

root@bsd11:~ # whereis ezjail
ezjail: /usr/ports/sysutils/ezjail
root@bsd11:~ # cd /usr/ports/sysutils/ezjail/ && make install clean
root@bsd11:/usr/ports/sysutils/ezjail # rehash
root@bsd11:/usr/ports/sysutils/ezjail #

 

resolv.conf 파일을 카피 합니다.

root@bsd11:~ # cp /etc/resolv.conf /usr/jails/newjail/etc/

 

ezjail 을 실행합니다. 

root@bsd11:/usr/ports/sysutils/ezjail # sysrc ezjail_enable=YES
ezjail_enable:  -> YES
root@bsd11:/usr/ports/sysutils/ezjail # service ezjail start

 

base jail template 생성

root@bsd11:~ # ezjail-admin install
base.txz                                      100% of   99 MB 2970 kBps 00m34s
lib32.txz                                     100% of   17 MB 2761 kBps 00m07s
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 11.1-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system...

 

ezjail-admin install 실행후 아래와 같은 디렉토리가 생성된것을 볼수 있습니다. 

root@bsd11:~ # ls -al /usr/jails
total 20
drwxr-xr-x   5 root  wheel  512 Mar  5 21:51 .
drwxr-xr-x  17 root  wheel  512 Mar  5 21:50 ..
drwxr-xr-x   9 root  wheel  512 Mar  5 21:51 basejail
drwxr-xr-x   3 root  wheel  512 Mar  5 21:51 flavours
drwxr-xr-x  13 root  wheel  512 Mar  5 21:51 newjail
root@bsd11:~ # ls -al /usr/jails/flavours/
total 12
drwxr-xr-x  3 root  wheel  512 Mar  5 21:51 .
drwxr-xr-x  5 root  wheel  512 Mar  5 21:51 ..
drwxr-xr-x  4 root  wheel  512 Mar  4 15:27 example
root@bsd11:~ # ls -al /usr/jails/basejail/
total 36
drwxr-xr-x   9 root  wheel   512 Mar  5 21:51 .
drwxr-xr-x   5 root  wheel   512 Mar  5 21:51 ..
drwxr-xr-x   2 root  wheel  1024 Mar  5 21:51 bin
drwxr-xr-x   9 root  wheel  1024 Mar  5 21:51 boot
drwxr-xr-x   4 root  wheel  1536 Mar  5 21:51 lib
drwxr-xr-x   3 root  wheel   512 Mar  5 21:51 libexec
drwxr-xr-x   2 root  wheel  2560 Mar  5 21:51 rescue
drwxr-xr-x   2 root  wheel  2560 Mar  5 21:51 sbin
drwxr-xr-x  11 root  wheel   512 Mar  5 21:51 usr
root@bsd11:~ # man /usr/jails
No manual entry for /usr/jails
root@bsd11:~ # ls -al /usr/local/etc/rc.d/ezjail
-rwxr-xr-x  1 root  wheel  8128 Mar  4 15:27 /usr/local/etc/rc.d/ezjail
root@bsd11:~ # ls -al /usr/local/etc/ezjail.conf
-rw-r--r--  1 root  wheel  2637 Mar  4 15:27 /usr/local/etc/ezjail.conf
root@bsd11:~ # ls -al /usr/local/etc/ezjail
total 8
drwxr-xr-x   2 root  wheel   512 Mar  4 15:27 .
drwxr-xr-x  12 root  wheel  1024 Mar  4 15:27 ..
root@bsd11:~ #

 

Jail 에서 사용할 ports 트리를 커밋 합니다.

root@bsd11:~ # ezjail-admin install -p

 

Test 를 위하여 httpd jail 을 생성 합니다. 

root@bsd11:~ # ezjail-admin create httpd 10.0.0.1
root@bsd11:~ # ezjail-admin start httpd
root@bsd11:~ # ezjail-admin list
STA JID  IP              Hostname                       Root Directory
--- ---- --------------- ------------------------------ ------------------------
DR  1    10.0.0.1        httpd                          /usr/jails/httpd
root@bsd11:~ #

 

jls 명령어로도 확인 가능 합니다. 

root@bsd11:~ # jls
   JID  IP Address      Hostname                      Path
     1  10.0.0.1        httpd                         /usr/jails/httpd
root@bsd11:~ #

 

 

httpd jail 생성후 파티션 확인

가상 파티션인 /usr/jails/httpd 가 생성 됩니다.

root@bsd11:~ # df -h
Filesystem             Size    Used   Avail Capacity  Mounted on
/dev/ada0s1a            18G     11G    6.1G    64%    /
devfs                  1.0K    1.0K      0B   100%    /dev
/usr/jails/basejail     18G     11G    6.1G    64%    /usr/jails/httpd/basejail
devfs                  1.0K    1.0K      0B   100%    /usr/jails/httpd/dev
fdescfs                1.0K    1.0K      0B   100%    /usr/jails/httpd/dev/fd
procfs                 4.0K    4.0K      0B   100%    /usr/jails/httpd/proc
root@bsd11:~ #

 

 

Jail console 로 httpd 로 접속 합니다.

root@bsd11:~ # ezjail-admin console httpd
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
root@httpd:~ #

 

 

httpd jail 에서 apache24 를 설치 합니다. 

ports 설치가 아닌 pkg 명령어를 통한 설치도 가능 합니다. 🙂

root@httpd:~ # make -C /usr/ports/www/apache24 config-recursive install
~중략
root@httpd:~ # sysrc apache24_enable=YES
apache24_enable:  -> YES
root@httpd:~ # cat /etc/rc.conf
apache24_enable="YES"


root@httpd:~ # vi /usr/local/etc/apache24/httpd.conf
ServerName www.example.com:80


root@httpd:~ # service apache24 start

root@httpd:~ # sockstat  -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
www      httpd      63005 3  tcp4   10.0.0.1:80           *:*
www      httpd      63004 3  tcp4   10.0.0.1:80           *:*
www      httpd      63003 3  tcp4   10.0.0.1:80           *:*
www      httpd      63002 3  tcp4   10.0.0.1:80           *:*
www      httpd      63001 3  tcp4   10.0.0.1:80           *:*
root     httpd      63000 3  tcp4   10.0.0.1:80           *:*
root     sendmail   3798  3  tcp4   10.0.0.1:25           *:*
root     syslogd    3718  6  udp4   10.0.0.1:514          *:*
root@httpd:~ #

 

 

접속 확인 

vm의 em0 에 설정되어있는 Public IP 192.168.0.40 으로 접속 하면 httpd jail 로 접속 하게 됩니다.

zroot/jails zfs pool 생성

최초 jail 구성시 먼저 zfs pool 을 생성 하고 작업을 합니다.

zfs 및 파일 시스템의 경우 별도로 포스팅 하겠습니다.

 

ezjail 설치 및 rc.conf 등록

root@bsd11:~ # pkg install -y ezjail
root@bsd11:~ # sysrc ezjail_enable=YES
ezjail_enable:  -> YES

 

ezjail 에서 zfs pool 을 사용하기 위하여 아래와 같이 ezjail.conf 를 수정합니다.

root@bsd11:~ # vi /usr/local/etc/ezjail.conf
# to collect them in this directory
 ezjail_jaildir=/usr/jails

~중략
# ZFS options

# Setting this to YES will start to manage the basejail and newjail in ZFS
 ezjail_use_zfs="YES"

# Setting this to YES will manage ALL new jails in their own zfs
 ezjail_use_zfs_for_jails="YES"

# The name of the ZFS ezjail should create jails on, it will be mounted at the ezjail_jaildir
 ezjail_jailzfs="zroot/jails"

 

zfs list 확인

root@bsd11:~ # zfs list
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zroot               1.66G  34.9G    88K  /zroot
zroot/ROOT           405M  34.9G    88K  none
zroot/ROOT/default   405M  34.9G   405M  /
zroot/tmp             88K  34.9G    88K  /tmp
zroot/usr           1.27G  34.9G    88K  /usr
zroot/usr/home        88K  34.9G    88K  /usr/home
zroot/usr/ports      665M  34.9G   665M  /usr/ports
zroot/usr/src        633M  34.9G   633M  /usr/src
zroot/var            584K  34.9G    88K  /var
zroot/var/audit       88K  34.9G    88K  /var/audit
zroot/var/crash       88K  34.9G    88K  /var/crash
zroot/var/log        136K  34.9G   136K  /var/log
zroot/var/mail        88K  34.9G    88K  /var/mail
zroot/var/tmp         96K  34.9G    96K  /var/tmp
root@bsd11:~ #

 

zfs jails pool 생성

root@bsd11:~ # zfs create -p zroot/jails
root@bsd11:~ # zfs set mountpoint=/usr/jails zroot/jails
root@bsd11:~ # zfs list
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zroot               1.66G  34.9G    88K  /zroot
zroot/ROOT           405M  34.9G    88K  none
zroot/ROOT/default   405M  34.9G   405M  /
zroot/jails           88K  34.9G    88K  /usr/jails
zroot/tmp             88K  34.9G    88K  /tmp
zroot/usr           1.27G  34.9G    88K  /usr
zroot/usr/home        88K  34.9G    88K  /usr/home
zroot/usr/ports      665M  34.9G   665M  /usr/ports
zroot/usr/src        633M  34.9G   633M  /usr/src
zroot/var            576K  34.9G    88K  /var
zroot/var/audit       88K  34.9G    88K  /var/audit
zroot/var/crash       88K  34.9G    88K  /var/crash
zroot/var/log        136K  34.9G   136K  /var/log
zroot/var/mail        88K  34.9G    88K  /var/mail
zroot/var/tmp         88K  34.9G    88K  /var/tmp
root@bsd11:~ #


변경전
zroot/jails           88K  34.9G    88K  /zroot/jails

변경후
zroot/jails           88K  34.9G    88K  /usr/jails

 

ezjail-admin install 을 실행하여 jails 에 필요한 디렉토리를 생성 합니다.

root@bsd11:~ # ezjail-admin install
base.txz                                        7% of   99 MB 2270 kBps 00m47s
lib32.txz                                     100% of   17 MB 1805 kBps 00m10s

 

디렉토리 확인 

root@bsd11:~ # df -h |grep -i jails
zroot/jails              35G    104K     35G     0%    /usr/jails
zroot/jails/basejail     35G    296M     35G     1%    /usr/jails/basejail
zroot/jails/newjail      35G    4.7M     35G     0%    /usr/jails/newjail

ZFS 사용시 아래와 같이 ro -> rw 로 변경해야 ports 설치가 가능합니다.

root@bsd11:~ # vi /etc/fstab.httpd
/usr/jails/basejail /usr/jails/httpd/basejail nullfs rw 0 0

다른부분은 위와 동일 합니다. 🙂

 

apache24+php71 jail & mariadb101 jail 구성

httpd jail : apache24+php71 / ip-adress 10.0.0.1

database jail : mariadb101 / ip-address 10.0.0.2

 

Freebsd APM 설치 참고:

[apm] apache24-php71-mariadb102 설치

 

pf.conf 설정을 변경하여 3306 port 를 10.0.0.2 설정 합니다.

root@bsd11:~ # vi /etc/pf.conf
# Public IP address
IP_PUB="192.168.0.40"

# Packet normalization
scrub in all

# Allow outbound connections from within the jails
nat on em0 from lo1:network to any -> (em0)

# webserver jail at 10.0.0.1
rdr on em0 proto tcp from any to $IP_PUB port 443 -> 10.0.0.1
# just an example in case you want to redirect to another port within your jail
rdr on em0 proto tcp from any to $IP_PUB port 80 -> 10.0.0.1

#mariadb jail at 10.0.0.2
rdr on em0 proto tcp from any to $IP_PUB port 3306 -> 10.0.0.2

 

apache24 와 php7 을 사용할 httpd jail 을 생성 및 실행

root@bsd11:~ # ezjail-admin create httpd 10.0.0.1
root@bsd11:~ # cp /etc/resolv.conf /usr/jails/httpd/etc/
root@bsd11:~ # ezjail-admin start httpd

 

mariadb101 에서 사용할 database jail 을 생성 및 실행

root@bsd11:~ # ezjail-admin create database 10.0.0.2
root@bsd11:~ # cp /etc/resolv.conf /usr/jails/database/etc/
root@bsd11:~ # ezjail-admin start database

 

파일시스템을  rw 로 수정 합니다.

root@bsd11:~ # vi /etc/fstab.httpd
/usr/jails/basejail /usr/jails/httpd/basejail nullfs rw 0 0

root@bsd11:~ # vi /etc/fstab.database
/usr/jails/basejail /usr/jails/database/basejail nullfs rw 0 0

 

 

jail list 확인및 httpd jail 접속

jail 접속시 ezjail-admin console 명령어를 사용합니다.

root@bsd11:~ # ezjail-admin list
STA JID  IP              Hostname                       Root Directory
--- ---- --------------- ------------------------------ ------------------------
ZS  N/A  10.0.0.1        httpd                          /usr/jails/httpd
ZS  N/A  10.0.0.2        database                       /usr/jails/database
root@bsd11:~ # ezjail-admin console httpd
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
root@httpd:~ #

 

apache24  설치

root@httpd:~ # make -C /usr/ports/www/apache24 config-recursive install
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/apache24/mod_cgid.so

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/apache24
/usr/local/etc/rc.d/htcacheclean

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://httpd.apache.org/
root@httpd:~ #

 

php71 설치

jail 내부라 zfs enable 도 필요 없어 make config 가 의미가 있을지는 모르나 php71 에서는 make config 를 눌러 OK 를 선택 합니다.

의미는 없어 보입니다. 🙂

root@httpd:~ # cd /usr/ports/lang/php71/
root@httpd:/usr/ports/lang/php71 # make config


root@httpd:/usr/ports/lang/php71-extensions # cd
root@httpd:~ # make -C /usr/ports/lang/php71-extensions config-recursive install

설치 옵션에서 CURL FTP GD MYSQLi OPENSSL SOCKETS PDF SNMP ZIP 선택후 설치를 진행 합니다. 

 

mod_php71 설치

root@httpd:~ # pkg install -y mod_php71

ports 설치시 error 가 발생함으로 pkg 명령어를 이용하여 설치 합니다.

설치후 메세지

Message from mod_php71-7.1.14:

***************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

*********************************************************************

If you are building PHP-based ports in poudriere(8) with ZTS enabled,
add WITH_MPM=event to /etc/make.conf to prevent build failures.

*********************************************************************

 

 

mraidb101 설치

database jail 로 접속 합니다.

root@bsd11:~ # ezjail-admin console database

 

mariadb101 을 설치 합니다.

root@bsd11:~ # make -C /usr/ports/databases/mariadb101-server/ config-recursive install

 

httpd jail 설정

rc.conf 에 apache24 enable 추가

root@bsd11:~ # ezjail-admin console httpd
root@httpd:~ # sysrc apache24_enable=YES
apache24_enable:  -> YES
root@httpd:~ #

 

apache24 setting

root@httpd:~ # cd /usr/local/etc/apache24/
root@httpd:/usr/local/etc/apache24 # cp httpd.conf httpd.conf.org
root@httpd:/usr/local/etc/apache24 # vi httpd.conf
<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>


ServerName 10.0.0.1:80

    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .php .inc .html
    AddType application/x-httpd-source .phps

 

 

php.ini 파일 카피

root@httpd:~ # cd /usr/local/etc/
root@httpd:/usr/local/etc # cp php.ini-production php.ini

 

php.conf 파일생성

root@httpd:~ # vi /usr/local/etc/apache24/extra/php.conf
<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>

 

apache24 실행

root@httpd:/usr/local/etc/apache24 # service apache24 restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 21662.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@httpd:/usr/local/etc/apache24 #

 

 

database jail 설정

database jail 에 접속 하여 mariadb101 을 설정 합니다.

mariadb 실행후 db Password 를 설정 합니다.

root@bsd11:~ # ezjail-admin console 
root@database:~ # sysrc mysql_enable=YES
mysql_enable:  -> YES

mariadb102 Daemon 실행및 password 설정

root@database:~ # service mysql-server start
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following commands:

'/usr/local/bin/mysqladmin' -u root password 'new-password'
'/usr/local/bin/mysqladmin' -u root -h database password 'new-password'

Alternatively you can run:
'/usr/local/bin/mysql_secure_installation'

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mysqld_safe --datadir='/var/db/mysql'

You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/local/mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
Get Involved
Starting mysql. root@database:~ # /usr/local/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! root@database:~ #

 

my.cnf 파일 복사 및 character-set 변경

bind-address 를 0.0.0.0 으로 설정시 외부에서 접속 할수 있습니다.

pf 에서 별도로 설정을 하여 내부에서만 사용하게 설정해야 합니다. // 해당 설정의 경우 별도로 정리 하지 않았습니다.

root@database:~ # cp /usr/local/share/mysql/my-large.cnf /usr/local/etc/my.cnf
root@database:~ # vi /usr/local/etc/my.cnf

[client]
#password       = your_password
port            = 3306
socket          = /tmp/mysql.sock
default-character-set = utf8


# The MariaDB server
[mysqld]
bind-address=0.0.0.0
character-set-server=utf8
skip-character-set-client-handshake

 

mariadb 재시작 및 status 확인

root@database:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.1.31-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status;
--------------
mysql  Ver 15.1 Distrib 10.1.31-MariaDB, for FreeBSD11.1 (amd64) using readline 5.1

Connection id:          3
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          more
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.1.31-MariaDB FreeBSD Ports
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /tmp/mysql.sock
Uptime:                 11 sec

Threads: 1  Questions: 4  Slow queries: 0  Opens: 17  Flush tables: 1  Open tables: 11  Queries per second avg: 0.363
--------------

MariaDB [(none)]>

db 설정이 완료 되었습니다.

 

Test 를 위하여 WordPress 를 설치해 봅니다. 🙂

WordPress 는 https://ko.wordpress.org/download/ Site 에서 다운 받으실수 있습니다.

host 에서 wordpress 파일을 httpd jail 의 root 디렉토리로 카피 합니다.

root@bsd11:~ # cp wordpress-4.9.4-ko_KR.zip /usr/jails/httpd/root/

 

test.php 파일 생성

root@httpd:~ # cd /usr/local/www/apache24/data
root@httpd:/usr/local/www/apache24/data # vi test.php

 

phpinfo 확인

WordPress 설치할 준비가 끝났습니다. 🙂

 

database jail  / db 생성

user 명 wp  / database wp / password password 입니다.

원격에서 접속 할수 있게 localhost 가 아닌 % 권한을 줍니다.

root@database:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.31-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database wp;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> GRANT ALL ON wp.* TO 'wp'@'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> quit;
Bye
root@database:~ #

 

외부에서 원격 로그인으로 db 로 접속을 테스트 합니다.

root@bsd11:~ # pkg install mariadb101-client
root@bsd11:~ # mysql -h10.0.0.2 -uwp -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.31-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

 

httpd jails 에서 wordpress 파일을 압축해제 합니다.

root@httpd:~ # cp wordpress-4.9.4-ko_KR.zip /usr/local/www/apache24/data/
root@httpd:/usr/local/www/apache24/data # tar xvf wordpress-4.9.4-ko_KR.zip
root@httpd:/usr/local/www/apache24/data # chown -R www:www wordpress

 

web browser 

 

Let’s go! 를 클릭합니다.

데이터베이스 호스트에 database jail ip 를 입력 합니다. 

 

설치 실행하기를 클릭하여 설치를 진행합니다. 

 

WordPress 기본정보 기입후 워드프레스 설치하기를 클릭합니다. 

 

워드프레스 설치가 완료 되었습니다. 

 

로그인 확인 

 

 

 

 

 

Freebsd PF 방화벽 (Packet filter)

feebsd 문서:https://www.freebsd.org/doc/handbook/firewalls-pf.html

참고페이지: https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-pf-on-freebsd-to-protect-a-web-server/

 

방화벽 테스트를 위하여 pure-ftpd 와 sshd_config 의 port 변경이 필요 합니다.

pure-ftpd 설치는 아래 링크를 참고하시면 됩니다.

[ftp-server] FreeBSD pure-ftpd 설치

 

/etc/rc.conf 수정

root@bsd11:~ # vi /etc/rc.conf

#PF setting
pf_enable="YES"
pflog_enable="YES"
pf_rules="/etc/pf.conf"
pflog_logfile="/var/log/pflog"


 

/etc/pf.conf 파일 생성

root@bsd11:~ # vi /etc/pf.conf
ext_if="em0"

set limit { states 80000, frags 5000 }

set block-policy drop

set skip on vnet1

set skip on lo0

scrub in all

antispoof for $ext_if

block in all

block out all

table <bruteforce> persist

table <sshbruteforce> persist

table <ftp> persist

block in quick log proto tcp from <bruteforce> to port 80

block in quick log proto tcp from <sshbruteforce> to port 2424

block in quick log proto tcp from <ftp> to port 21

pass in log proto tcp from any to port 21 keep state

pass in log proto tcp from any to port 30000:50000 keep state

pass in log proto tcp from any to port 2424 keep state

pass in on $ext_if proto tcp from any to $ext_if port 2424 \
            flags S/SA keep state \
            (max-src-conn-rate 10/30, overload <sshbruteforce> flush global)

pass in on $ext_if proto tcp from any to $ext_if port 80 \
        flags S/SA synproxy state

pass in on $ext_if proto tcp from any to $ext_if port 80 \
        flags S/SA keep state \
        (max-src-conn 100, max-src-conn-rate 300/10, \
        overload <bruteforce> flush global)

 

sshd_config 설정변경

root@bsd11:~ # vi /etc/ssh/sshd_config
#Port 22
Port 2424

 

 

pure-ftpd.conf 설정변경

PassivePortRange 주석을 제거 하여 설정값을 활성하 시키고 사용할 포트 Range 를 지정합니다.

root@bsd11:~ # vi /usr/local/etc/pure-ftpd.conf

PassivePortRange             30000 50000

 

시스템 리부팅

root@bsd11:~ # init 6

 

pf commands

pf config check 

root@bsd11:~ # service pf check
Checking pf rules.

 

pf status 확인

root@bsd11:~ # service pf status
Status: Enabled for 0 days 00:01:01           Debug: Urgent

State Table                          Total             Rate
  current entries                        0
  searches                             227            3.7/s
  inserts                                0            0.0/s
  removals                               0            0.0/s
Counters
  match                                227            3.7/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s
  map-failed                             0            0.0/s
root@bsd11:~ #

 

 

 

pf.conf 설정내용 설명

— 차후 작성

 

 

Freebsd rename nic device

KVM 에서 운영하는 freebsd nic name 이 vtnet0 입니다.

일반적인 환경에서는 문제가 없지만 PF 등을 설정할때 다른 가상 Device 와 착각? 을 할것으로 보입니다. 🙂

vtnet0 -> em0 로 바꾸는 방법을 간단히 소개 할려고 합니다.

 

변경전 

root@bsd11:~ # ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:c1:cb:84
        hwaddr 52:54:00:c1:cb:84
        inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
root@bsd11:~ #

 

/etc/rc.conf 수정 및 시스템 리부팅

root@bsd11:~ # cat /etc/rc.conf
hostname="bsd11"
keymap="us.iso.kbd"
ifconfig_vtnet0_name="em0"
ifconfig_em0="inet 192.168.0.40 netmask 255.255.255.0"
root@bsd11:~ # init 6

ifconfig_vtnet0_name=”em0″  // vtnet0 의 Device name 을 em0 로 변경 합니다.
ifconfig_em0=”inet 192.168.0.40 netmask 255.255.255.0″  // 기존 vtnet0 를 em0 로 변경 합니다.

 

변경후 

root@bsd11:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:c1:cb:84
        hwaddr 52:54:00:c1:cb:84
        inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
root@bsd11:~ #

 

Freebsd dokuwiki port install

dokuwiki 소개: 

DokuWiki(도쿠위키)는 데이터베이스가 필요 없는 사용하기 간단하고 범용성이 높은 오픈 소스 위키 소프트웨어입니다. 간명하고 읽기 편한 구문으로 사용자에게 사랑을 받고 있습니다. 유지 보수, 백업과 통합이 쉬워 관리자가 선호 합니다. 접근 제어 기능와 인증에 의한 연결 기능을 내장하고 있어, 특히 기업 환경에서의 이용에도 적합합니다. 활기찬 공동체가 기여한 많은 플러그인은 기존의 위키 이외의 광범위한 사용을 가능하게 합니다.

dokuwiki official site: https://www.dokuwiki.org/ko:dokuwiki

설치전 확인 사항: dokuwiki 설치전 apache 또는 nginx  Web Server 가 설치 되어 있어야 하며, php 설치 되어 있어야 합니다.

db 의 경우 별도로 필요 하지 않습니다.

 

dokuwiki 설치

root@bsd11:~ # whereis dokuwiki
dokuwiki: /usr/ports/www/dokuwiki
root@bsd11:~ # cd /usr/ports/www/dokuwiki/ && make config-recursive install

 

설치후 메세지

======================================================================
                          INSTALLATION NOTES

The wiki program have been installed to /usr/local/www/dokuwiki.

Please configure your web server to allow running PHP scripts there.

Please create dedicated data directory outside the installation directory
and make it owned by the process running these PHP scripts.  It is important
to make sure that your PHP intepreter does not allow running PHP scripts
there.

For first install, you may have to manually copy the contents from
/usr/local/www/dokuwiki/data into the newly created data directory and change
the owner of /usr/local/www/dokuwiki/conf to the web server.

Please go to http://www.your.host/dokuwiki/install.php to finish the
installation.  For FULL configuration instructions, see
http://wiki.splitbrain.org/wiki:config

After installation please change the permissions of
/usr/local/www/dokuwiki/conf back to root:wheel.

======================================================================

===>  Cleaning for php71-7.1.14
===>  Cleaning for php71-gd-7.1.14
===>  Cleaning for libXpm-3.5.12
===>  Cleaning for xextproto-7.3.0
===>  Cleaning for xorg-macros-1.19.1
===>  Cleaning for xproto-7.0.31
===>  Cleaning for libX11-1.6.5,1
===>  Cleaning for bigreqsproto-1.1.2
===>  Cleaning for xcmiscproto-1.2.2
===>  Cleaning for xtrans-1.3.5
===>  Cleaning for kbproto-1.0.7
===>  Cleaning for inputproto-2.3.2
===>  Cleaning for xf86bigfontproto-1.2.0
===>  Cleaning for libXau-1.0.8_3
===>  Cleaning for libXdmcp-1.1.2
===>  Cleaning for libxcb-1.12_2
===>  Cleaning for check-0.12.0
===>  Cleaning for xcb-proto-1.12
===>  Cleaning for python27-2.7.14_1
===>  Cleaning for libffi-3.2.1_2
===>  Cleaning for libpthread-stubs-0.4
===>  Cleaning for libxslt-1.1.29_1
===>  Cleaning for libgcrypt-1.8.2
===>  Cleaning for libgpg-error-1.27
===>  Cleaning for libiconv-1.14_11
===>  Cleaning for libXext-1.3.3_1,1
===>  Cleaning for libXt-1.1.5,1
===>  Cleaning for libSM-1.2.2_3,1
===>  Cleaning for libICE-1.0.9_1,1
===>  Cleaning for freetype2-2.8_1
===>  Cleaning for png-1.6.34
===>  Cleaning for jpeg-turbo-1.5.3
===>  Cleaning for nasm-2.13.03,1
===>  Cleaning for php71-mbstring-7.1.14
===>  Cleaning for oniguruma-6.7.1
===>  Cleaning for php71-openssl-7.1.14
===>  Cleaning for php71-session-7.1.14
===>  Cleaning for php71-xml-7.1.14
===>  Cleaning for php71-zlib-7.1.14
===>  Cleaning for dokuwiki-20170219e
root@bsd11:/usr/ports/www/dokuwiki #

 

설치후  rebooting 을 하지 않는다면 rehash 를 실행 합니다.

root@bsd11:/usr/ports/www/dokuwiki # rehash
root@bsd11:/usr/ports/www/dokuwiki #

 

apache24 설정

httpd.conf 설정 // Directory 기존 설정을 주석처리후 아래와 같이 설정 합니다.

주석을 제거 하여 활성화 합니다.

root@bsd11:/usr/local/etc/apache24 # vi httpd.conf
#<Directory />
#    AllowOverride none
#    Require all denied
#</Directory>
<Directory />
    AllowOverride none
    Order deny,allow
    Deny from all
</Directory>

Alias /wiki /usr/local/www/dokuwiki
<Directory "/usr/local/www/dokuwiki">
AllowOverride None
Order Allow,deny
Allow from all
</Directory>


LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so

LoadModule rewrite_module libexec/apache24/mod_rewrite.so

# Virtual hosts
Include etc/apache24/extra/httpd-vhosts.conf


 

httpd-vhosts.conf 를 설정 합니다.

wiki.test.com 은 임시로 test 를 위하여 dns-server 에서 사전에 작업을 하였습니다.

root@bsd11:~ # cd /usr/local/etc/apache24/extra
root@bsd11:/usr/local/etc/apache24/extra # vi httpd-vhosts.conf
<VirtualHost *:80>
    ServerAdmin admin@test.com
    DocumentRoot "/usr/local/www/dokuwiki"
    ServerName wiki.test.com
    ErrorLog "/var/log/wiki.test.com-error_log"
    CustomLog "/var/log/wiki.test.com-access_log" common
</VirtualHost>

 

dokuwiki 디렉토리 권한설정

root@bsd11:/usr/local/etc/apache24/extra # cd /usr/local/www/
root@bsd11:/usr/local/www # chown -R www:www dokuwiki/

 

apache24 를 재시작 합니다.

root@bsd11:/usr/local/etc/apache24/extra # service apache24 restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 719.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@bsd11:/usr/local/etc/apache24/extra #

 

 

http://vhost.domain/install.php 또는 http://domain/dokuwiki/install.php

Choose your language : 에서 Ko 를 선택 하면 페이지정보를 한글로 볼수 있습니다.

test 를 위하여 대략적인 정보를 기입한후 저장을 클릭합니다.

 

새 도쿠 위키를 클릭합니다.

 

로그인을 클릭합니다.

 

로그인을 합니다.

 

dokuwiki 가 정상적으로 설치 되었습니다. 🙂

 

보안설정의 경우 아래 링크를 참고 합니다.

http://www.dokuwiki.org/security 

FreeBSD11 Openvpn install

 

주의사항: Openvpn Server 의 경우 인증서를 만들어 Client 와통신을 합니다. 

openvpn Server 와 openvpn Client 는 time sync 가 반드시 필요 합니다.  time sync 없이 openvpn 연결시 인증서 오류가 발생합니다.

 

openvpn ports 설치를 진행하기전

ports update 를 합니다.

time sync

root@bsd11:~ # date
Thu Jan  4 07:52:58 KST 2018
root@bsd11:~ # ntpdate time.bora.net
 3 Jan 22:53:21 ntpdate[913]: step time server 203.248.240.140 offset -32391.713806 sec
root@bsd11:~ # date
Wed Jan  3 22:53:22 KST 2018
root@bsd11:~ #

 

 

portsupdate 

root@bsd11:~ # portsnap fetch
root@bsd11:~ # portsnap update
root@bsd11:~ # portsnap fetch update

 

설치

root@bsd11:~ # whereis openvpn
openvpn: /usr/ports/security/openvpn
root@bsd11:~ # cd /usr/ports/security/openvpn && make install clean

 

 

설치완료후 메세지

====> Compressing man pages (compress-man)
===> Staging rc.d startup script(s)
===>  Installing for openvpn-2.4.4
===>  Checking if openvpn already installed
===>   Registering installation for openvpn-2.4.4
Installing openvpn-2.4.4...
### ------------------------------------------------------------------------
###  Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
###  startup. See /usr/local/etc/rc.d/openvpn for details.
### ------------------------------------------------------------------------
###  Connect to VPN server as a client with this command to include
###  the client.up/down scripts in the initialization:
###  openvpn-client <spec>.ovpn
### ------------------------------------------------------------------------
###  For compatibility notes when interoperating with older OpenVPN
###  versions, please, see <http://openvpn.net/relnotes.html>
### ------------------------------------------------------------------------

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/openvpn

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/openvpn

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://openvpn.net/index.php/open-source.html
===>  Cleaning for easy-rsa-3.0.1_1
===>  Cleaning for openvpn-2.4.4
root@bsd11:/usr/ports/security/openvpn #

 

 

openvpn 디렉토리 생성 및 config 파일복사

root@bsd11:~ # mkdir /usr/local/etc/openvpn
root@bsd11:~ # cd /usr/local/etc/openvpn/
root@bsd11:/usr/local/etc/openvpn # cp /usr/local/share/examples/openvpn/sample-config-files/server.conf openvpn.conf

 

openvpn.conf 파일 수정

root@bsd11:/usr/local/etc/openvpn # vi openvpn.conf
user nobody
group nobody
;tls-auth ta.key 0 # This file is secret

 

easy-rsa 디렉토리 복사

root@bsd11:~ # cp -r /usr/local/share/easy-rsa /usr/local/etc/openvpn/easy-rsa

 

vars 파일 수정

root@bsd11:~ # vi /usr/local/etc/openvpn/easy-rsa/vars

set_var EASYRSA_REQ_COUNTRY     "US"
set_var EASYRSA_REQ_PROVINCE    "California"
set_var EASYRSA_REQ_CITY        "San Francisco"
set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
set_var EASYRSA_REQ_EMAIL       "me@example.net"
set_var EASYRSA_REQ_OU          "My Organizational Unit"


set_var EASYRSA_KEY_SIZE        2048

set_var EASYRSA_CA_EXPIRE       3650

set_var EASYRSA_CERT_EXPIRE     3650

 

 

ca 생성

root@bsd11:~ # cd /usr/local/etc/openvpn/easy-rsa
root@bsd11:/usr/local/etc/openvpn/easy-rsa # sh
# ./easyrsa.real help

Note: using Easy-RSA configuration from: ./vars

Easy-RSA 3 usage and overview

USAGE: easyrsa [options] COMMAND [command-options]

A list of commands is shown below. To get detailed usage and help for a
command, run:
  ./easyrsa help COMMAND

For a listing of options that can be supplied before the command, use:
  ./easyrsa help options

Here is the list of commands available with a short syntax reminder. Use the
'help' command above to get full usage details.

  init-pki
  build-ca [ cmd-opts ]
  gen-dh
  gen-req <filename_base> [ cmd-opts ]
  sign-req <type> <filename_base>
  build-client-full <filename_base> [ cmd-opts ]
  build-server-full <filename_base> [ cmd-opts ]
  revoke <filename_base>
  gen-crl
  update-db
  show-req <filename_base> [ cmd-opts ]
  show-cert <filename_base> [ cmd-opts ]
  import-req <request_file_path> <short_basename>
  export-p7 <filename_base> [ cmd-opts ]
  export-p12 <filename_base> [ cmd-opts ]
  set-rsa-pass <filename_base> [ cmd-opts ]
  set-ec-pass <filename_base> [ cmd-opts ]

DIRECTORY STATUS (commands would take effect on these locations)
  EASYRSA: /usr/local/share/easy-rsa
      PKI:  /usr/local/share/easy-rsa/pki

# ./easyrsa.real init-pki

Note: using Easy-RSA configuration from: ./vars

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /usr/local/share/easy-rsa/pki

# ./easyrsa.real build-ca

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
..................+++
....+++
writing new private key to '/usr/local/share/easy-rsa/pki/private/ca.key.Q7bkrn24VV'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/usr/local/share/easy-rsa/pki/ca.crt

#

Enter PEM pass phrase: password 입력

 

 

# ./easyrsa.real build-server-full openvpn-server nopass

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
...........+++
...........................................+++
writing new private key to '/usr/local/share/easy-rsa/pki/private/openvpn-server.key.r2NNHwSv7b'
-----
Using configuration from /usr/local/share/easy-rsa/openssl-1.0.cnf
Enter pass phrase for /usr/local/share/easy-rsa/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'openvpn-server'
Certificate is to be certified until Dec 31 15:59:10 2027 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
#

Enter pass phrase for /usr/local/share/easy-rsa/pki/private/ca.key: password 입력

 

Check

# ./easyrsa.real show-cert openvpn-server

Note: using Easy-RSA configuration from: ./vars

Showing cert details for 'openvpn-server'.
This file is stored at:
/usr/local/share/easy-rsa/pki/issued/openvpn-server.crt

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer:
            commonName                = Easy-RSA CA
        Validity
            Not Before: Jan  2 15:59:10 2018 GMT
            Not After : Dec 31 15:59:10 2027 GMT
        Subject:
            commonName                = openvpn-server
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                D4:AC:62:B0:E7:A9:A4:4B:C8:43:49:8D:3B:0F:44:8E:E8:EB:E5:2E
            X509v3 Authority Key Identifier:
                keyid:20:8C:CA:99:40:06:4B:E8:B8:97:C4:BE:13:1C:15:D4:66:29:2E:37
                DirName:/CN=Easy-RSA CA
                serial:D0:15:39:F6:19:C6:C3:30

            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
#

 

 

client key 생성

# ./easyrsa.real build-client-full client

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
...............................................................................................................................+++
......+++
writing new private key to '/usr/local/share/easy-rsa/pki/private/client.key.1744F02uFf'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Using configuration from /usr/local/share/easy-rsa/openssl-1.0.cnf
Enter pass phrase for /usr/local/share/easy-rsa/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'client'
Certificate is to be certified until Dec 31 16:00:49 2027 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
#

password  입력

 

 

# ./easyrsa.real gen-dh

Note: using Easy-RSA configuration from: ./vars
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........................................................................
~중략

 

 

key 파일 복사

root@bsd11:~ # cd /usr/local/etc/openvpn/easy-rsa/pki
root@bsd11:/usr/local/etc/openvpn/easy-rsa/pki # cp dh.pem \
 ca.crt \
 issued/openvpn-server.crt \
 private/openvpn-server.key \
 /usr/local/etc/openvpn/

 

 

openvpn.conf 파일수정

root@bsd11:~ # vi /usr/local/etc/openvpn/openvpn.conf
user nobody
group nobody

# (see "pkcs12" directive in man page).
ca ca.crt
cert openvpn-server.crt
key openvpn-server.key  # This file should be kept secret

# on the server and '1' on the clients.
#tls-auth ta.key 0 # This file is secret

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh2048.pem 2048
dh dh.pem
remote-cert-tls client

 

 

client 설정

root@bsd11:~ # cd /usr/local/etc/openvpn/
root@bsd11:/usr/local/etc/openvpn # cp /usr/local/share/examples/openvpn/sample-config-files/client.conf .
root@bsd11:/usr/local/etc/openvpn # vi client.conf

remote 192.168.0.10 1194


# Try to preserve some state across restarts.

ca ca.crt
cert client.crt
key client.key

#tls-auth ta.key 1

 

openvpn enable

root@bsd11:~ # sysrc openvpn_enable="YES"
openvpn_enable:  -> YES
root@bsd11:~ # sysrc openvpn_if="tun"
openvpn_if:  -> tun
root@bsd11:~ #

 

openvpn start

root@bsd11:~ # service openvpn start
Starting openvpn.
root@bsd11:~ #

 

tun device 확인

root@bsd11:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 00:0c:29:9b:2a:24
        hwaddr 00:0c:29:9b:2a:24
        inet 192.168.0.10 netmask 0xffffff80 broadcast 192.168.0.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::20c:29ff:fe9b:2a24%tun0 prefixlen 64 scopeid 0x3
        inet 10.8.0.1 --> 10.8.0.2  netmask 0xffffffff
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun
        Opened by PID 44459
root@bsd11:~ #

 

test user 생성

root@bsd11:~ # pw user add test -m
root@bsd11:~ # passwd test
Changing local password for test

 

key 값 복사

root@bsd11:/home/test # cp /usr/local/etc/openvpn/ca.crt .
root@bsd11:/home/test # cp /usr/local/etc/openvpn/client.conf .
root@bsd11:/home/test # cp /usr/local/etc/openvpn/easy-rsa/pki/private/client.key .
root@bsd11:/home/test # cp /usr/local/etc/openvpn/easy-rsa/pki/issued/client.crt .
root@bsd11:/home/test # mv client.conf client.ovpn

 

 

windows

C:\Program Files\OpenVPN\config  디렉토리로 파일 복사후 테스트 진행

 

openvpn client 이용 접속 테스트

 

ping test (openvpn tun device 로 ping 테스트를 진행 합니다.)

 

ssh 접속 확인

 

crt 및 key 파일 opvn 파일로 만들기

ca.crt / client.crt / client.key

 

cat 으로 확인한 내용을 client.ovpn 파일에 등록 합니다. 

root@bsd11:/home/test # cat ca.crt
root@bsd11:/home/test # cat client.crt
root@bsd11:/home/test # cat client.key

 

<ca></ca> 문법으로 아래와 같이 등록 하시면 됩니다.

root@bsd11:/home/test # vi client.ovpn
#ca ca.crt
#cert client.crt
#key client.key
<ca>
-----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIJANWmpHXX73e/MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
~중략
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
~중략
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
</key>

 

접속 테스트시 C:\Program Files\OpenVPN\config 경로에 client.ovpn 파일 하나만 있으면 됩니다.

 

 

ping Test 및 ssh 연결 테스트를 진행 합니다.

 

참고 페이지 : https://www.freebsd.org/doc/handbook/network-dns.html

 

unbound 라는게 있지만 local 에서만 사용이 가능함.

DNS Server Configuration in FreeBSD 10.0 and Later
In FreeBSD 10.0, BIND has been replaced with Unbound. Unbound is a validating caching resolver only. If an authoritative server is needed, many are available from the Ports Collection.

Unbound is provided in the FreeBSD base system. By default, it will provide DNS resolution to the local machine only. While the base system package can be configured to provide resolution services beyond the local machine, it is recommended that such requirements be addressed by installing Unbound from the FreeBSD Ports Collection.

To enable Unbound, add the following to /etc/rc.conf:

local_unbound_enable="YES"

 

 

bind99 install

root@bsd10:~ # whereis bind99
bind99: /usr/ports/dns/bind99
root@bsd10:~ # cd /usr/ports/dns/bind99
root@bsd10:/usr/ports/dns/bind99 # make install clean
root@bsd10:/usr/ports/dns/bind99 # vi /etc/rc.conf

named_enable="YES"
root@bsd10:/usr/ports/dns/bind99 # init 6

 

named Deamon 실행 확인

root@bsd10:~ # sockstat -4 |grep -i named
bind     named      464   20 tcp4   127.0.0.1:53          *:*
bind     named      464   21 tcp4   127.0.0.1:953         *:*
bind     named      464   512 udp4  127.0.0.1:53          *:*
root@bsd10:~ #

 

namedb 디렉토리

/usr/local/etc/namedb
root@bsd10:~ # cd /usr/local/etc/namedb/
root@bsd10:/usr/local/etc/namedb # vi named.conf
//      listen-on       { 127.0.0.1; };
        listen-on       { 127.0.0.1; };

최하단에 추가
include "/usr/local/etc/namedb/named.conf.local";

 

named.conf.local 파일 생성 및 zone 파일생성

root@bsd10:/usr/local/etc/namedb # vi named.conf.local
zone "test.com" {
type master;
file "/usr/local/etc/namedb/working/test.com";
};
root@bsd10:/usr/local/etc/namedb # cd working/
root@bsd10:/usr/local/etc/namedb/working # vi test.com
$TTL 3600        ; 1 hour default TTL
@               IN      SOA      ns.test.com. mail.test.com. (
                                2006051501      ; Serial
                                10800           ; Refresh
                                3600            ; Retry
                                604800          ; Expire
                                300             ; Negative Response TTL
                        )
; DNS Servers
                IN      NS      ns.test.com.
                IN      MX 10   mail.test.com.
                IN      A       192.168.192.200

; Machine Names
ns              IN      A       192.168.192.200
mail            IN      A       192.168.192.200


; Aliases
www             IN      CNAME   test.com.

 

resolv.conf 변경 및 Ping Test 

root@bsd10:~ # vi /etc/resolv.conf
nameserver 192.168.192.200
root@bsd10:~ # service named restart
Stopping named.
Waiting for PIDS: 2540.
Starting named.
root@bsd10:~ #
root@bsd10:~ # ping test.com
PING test.com (192.168.192.200): 56 data bytes
64 bytes from 192.168.192.200: icmp_seq=0 ttl=64 time=0.023 ms
64 bytes from 192.168.192.200: icmp_seq=1 ttl=64 time=0.036 ms
^C
--- test.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.023/0.029/0.036/0.006 ms
root@bsd10:~ #

 

타 System 에서 resolv.conf 파일 변경후 Dig 테스트를 진행합니다.

[root@centos74 named]# dig www.test.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55568
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           3600    IN      CNAME   test.com.
test.com.               3600    IN      A       192.168.192.200

;; AUTHORITY SECTION:
test.com.               3600    IN      NS      ns.test.com.

;; ADDITIONAL SECTION:
ns.test.com.            3600    IN      A       192.168.192.200

;; Query time: 0 msec
;; SERVER: 192.168.192.200#53(192.168.192.200)
;; WHEN: Fri Dec 22 01:15:34 KST 2017
;; MSG SIZE  rcvd: 104

[root@centos74 named]#

 

 

FreeBSD 에서도 Docker 를 사용하실수 있습니다.

단, OS 올리고 내리고 정도만 정상적으로 됩니다. 

mariadb 볼륨 연결을 테스트 해보았지만 정상적으로 되지 않았습니다.

어디까지나 시험삼아 테스트 하시기 바랍니다.

zfs 파일시스템을 사용해야 하며 Test는 VM FreeBSD 11 로 진행 하였습니다.

Test VM은 OS 설치부터 zfs 로 진행을 하였습니다.

ufs 파일시스템을 사용하시면 별도로 파티션 추가후 zfs 파일시스템을 만드시고 작업 하시면 됩니다.

참고페이지:https://wiki.freebsd.org/Docker

 

Docker 설치

root@bsd11:~ # pkg install docker-freebsd ca_root_nss

 

설치완료후 메세지

Message from docker-freebsd-20150625_1:
Docker requires a bit of setup before usage.

You will need to create a ZFS dataset on /usr/docker

# zfs create -o mountpoint=/usr/docker <zroot>/docker

And lastly enable the docker daemon
# sysrc -f /etc/rc.conf docker_enable="YES"
# service docker start

(WARNING)

Starting the docker service will also add the following PF rule:

nat on ${iface} from 172.17.0.0/16 to any -> (${iface})

Where $iface is the default NIC on the system, or the value
of $docker_nat_iface. This is for network connectivity to docker
containers in this early port. This should not be needed in future
versions of docker.
Message from ca_root_nss-3.32.1:
********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem

***************************************************************************
root@bsd11:~ #

 

 

docker 에서 사용할 zfs 파일시스템을 추가 합니다.

root@bsd11:~ # zfs create -o mountpoint=/usr/docker zroot/docker
root@bsd11:~ # df -h
Filesystem            Size    Used   Avail Capacity  Mounted on
zroot/ROOT/default     16G    788M     15G     5%    /
devfs                 1.0K    1.0K      0B   100%    /dev
zroot/tmp              15G     88K     15G     0%    /tmp
zroot/usr/home         15G    128K     15G     0%    /usr/home
zroot/usr/ports        16G    678M     15G     4%    /usr/ports
zroot/usr/src          16G    633M     15G     4%    /usr/src
zroot/var/audit        15G     88K     15G     0%    /var/audit
zroot/var/crash        15G     88K     15G     0%    /var/crash
zroot/var/log          15G    140K     15G     0%    /var/log
zroot/var/mail         15G     88K     15G     0%    /var/mail
zroot/var/tmp          15G     88K     15G     0%    /var/tmp
zroot                  15G     88K     15G     0%    /zroot
zroot/docker           15G     88K     15G     0%    /usr/docker

 

/etc/rc.conf 수정 및 docker service start

root@bsd11:~ # sysrc -f /etc/rc.conf docker_enable="YES"
docker_enable:  -> YES
root@bsd11:~ # service docker start
Starting docker...
root@bsd11:~ #

 

docker 명령어를 사용할 유저를 생성 합니다.

root@bsd11:~ # pw user add test -m -g wheel
root@bsd11:~ # passwd test
Changing local password for test
New Password:
Retype New Password:
root@bsd11:~ #

 

유저를 operator group 에 추가 합니다.

root@bsd11:~ # pw usermod test -G operator

 

test 유저로 작업

root@bsd11:~ # su - test
To see the IP addresses currently set on your active interfaces, type
"ifconfig -u".
                -- Dru <genesis@istar.ca>
$

 

쉘을 변경 합니다. sh -> csh Shell 부분에서 변경하시면 됩니다.

password 는 User 패스워드를 입력하시면 됩니다.

$ chsh test
#Changing user information for test.
Shell: /bin/csh
Full Name: User &
Office Location:
Office Phone:
Home Phone:
Other information:

 

Docker Version 확인

test@bsd11:~ % docker version
Client version: 1.7.0-dev
Client API version: 1.19
Go version (client): go1.9
Git commit (client): 582db78
OS/Arch (client): freebsd/amd64
Server version: 1.7.0-dev
Server API version: 1.19
Go version (server): go1.9
Git commit (server): 582db78
OS/Arch (server): freebsd/amd64
test@bsd11:~ %

 

docker image search 

test@bsd11:~ % docker search centos
NAME                               DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
centos                             The official build of CentOS.                   3831      [OK]
ansible/centos7-ansible            Ansible on Centos7                              103                  [OK]
jdeathe/centos-ssh                 CentOS-6 6.9 x86_64 / CentOS-7 7.4.1708 x8...   90                   [OK]
tutum/centos                       Simple CentOS docker image with SSH access      33
imagine10255/centos6-lnmp-php56    centos6-lnmp-php56                              32                   [OK]
gluster/gluster-centos             Official GlusterFS Image [ CentOS-7 +  Glu...   21                   [OK]
kinogmt/centos-ssh                 CentOS with SSH                                 17                   [OK]
centos/mysql-57-centos7            MySQL 5.7 SQL database server                   15
openshift/base-centos7             A Centos7 derived base image for Source-To...   13
centos/python-35-centos7           Platform for building and running Python 3...   12
centos/php-56-centos7              Platform for building and running PHP 5.6 ...   10
openshift/jenkins-2-centos7        A Centos7 based Jenkins v2.x image for use...   6
openshift/mysql-55-centos7         DEPRECATED: A Centos7 based MySQL v5.5 ima...   6
darksheer/centos                   Base Centos Image -- Updated hourly             3                    [OK]
pivotaldata/centos-mingw           Using the mingw toolchain to cross-compile...   1
indigo/centos-maven                Vanilla CentOS 7 with Oracle Java Developm...   1                    [OK]
miko2u/centos6                     CentOS6 日本語環境                                   1                    [OK]
blacklabelops/centos               CentOS Base Image! Built and Updates Daily!     1                    [OK]
openshift/php-55-centos7           DEPRECATED: A Centos7 based PHP v5.5 image...   1
pivotaldata/centos-gpdb-dev        CentOS image for GPDB development. Tag nam...   1
smartentry/centos                  centos with smartentry                          0                    [OK]
openshift/wildfly-101-centos7      A Centos7 based WildFly v10.1 image for us...   0
pivotaldata/centos-gcc-toolchain   CentOS with a toolchain, but unaffiliated ...   0
pivotaldata/centos                 Base centos, freshened up a little with a ...   0
jameseckersall/sonarr-centos       Sonarr on CentOS 7                              0                    [OK]
test@bsd11:~ %

 

Docoker Test

test@bsd11:~ % docker run -it ubuntu bash
root@:/# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
root@:/#

 

error message 

볼륨연결 실패

test@bsd11:~ % docker run -d --name mysql -v mysql:/db -e MYSQL_ROOT_PASSWORD=wordpress -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wordpress -e MYSQL_PASSWORD=wordpress mysql:5.7
Error response from daemon: cannot bind mount volume: mysql volume paths must be absolute.
test@bsd11:~ %

 

mariadb 구동 실패

test@bsd11:~ % docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=true --name mariadb mariadb
b58d150e823f28c8a5db20aa41584340b6bc23bf7b854dd1f54958877c7c4d80
test@bsd11:~ % docker  ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
test@bsd11:~ % docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                      PORTS               NAMES
b58d150e823f        mariadb             "docker-entrypoint.s   3 seconds ago       Exited (1) 2 seconds ago                        mariadb     
b84ca391ae79        mysql               "docker-entrypoint.s   58 seconds ago      Exited (1) 58 seconds ago                       mysql       
test@bsd11:~ %

 

결론:

실험적으로 사용 하는것을 권장 합니다.

 

 

FreeBSD gnome3 , kde4 , xfce4 설치 문서 입니다.

pkg install 로 설치 하였고 Test는 VM환경에서 하였습니다.

ports Collection 을 이용하여 설치 하여도 되지만 시간이 오래 걸리는 관계로 pkg install 로 진행 하였습니다.

ports 업데이트 -> xorg 설치및 gnome3 설치전까지는 gnome3 / kde4 / xfce4 동일한 설정 입니다.

 

 

ports 업데이트 

root@bsd11:~ # portsnap fetch
root@bsd11:~ # portsnap update
root@bsd11:~ # portsnap fetch update

 

Xorg 참고 페이지 : https://www.freebsd.org/doc/handbook/x-understanding.html

 

xorg 설치 

root@bsd11:~ # pkg install xorg

 

설치 완료 메세지

================================================================================
You installed xterm with wide chars support. This introduces some limitations
comparing to the plain single chars version: this version of xterm will use
UTF-8 charset for selection buffers, breaking 8-bit copy/paste support unless
you are using UTF-8 or ISO8859-1 locale. If you want 8-bit charset selections to
work as before, use "eightBitSelectTypes" XTerm resource setting.

For further information refer to the SELECT/PASTE section of xterm(1) manual
page.
================================================================================

 

 

X윈도우 사용시 3D가속 사용을 위한 wheel group 추가 

root@bsd11:~ # pw user add user_name -m -g wheel
oot@bsd11:~ # pw groupmod video -m user_name 

 

boot loader  추가 

root@bsd11:~ # vi /boot/loader.conf
kern.vty=vt
kern.maxfiles="25000"

 

xorg-drivers 설치 (드라이버를 설치 하지 않을경우 정상적으로 Xorg 가 작동하지 않습니다.)

root@bsd11:~ # pkg install xorg-drivers
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        xorg-drivers: 7.7_5
        xf86-video-vesa: 2.3.4_1
        xf86-video-scfb: 0.0.4_5
        xf86-input-mouse: 1.9.2_1
        xf86-input-keyboard: 1.9.0_1

Number of packages to be installed: 5

Proceed with this action? [y/N]: y
[1/5] Installing xf86-video-vesa-2.3.4_1...
[1/5] Extracting xf86-video-vesa-2.3.4_1: 100%
[2/5] Installing xf86-video-scfb-0.0.4_5...
[2/5] Extracting xf86-video-scfb-0.0.4_5: 100%
[3/5] Installing xf86-input-mouse-1.9.2_1...
[3/5] Extracting xf86-input-mouse-1.9.2_1: 100%
[4/5] Installing xf86-input-keyboard-1.9.0_1...
[4/5] Extracting xf86-input-keyboard-1.9.0_1: 100%
[5/5] Installing xorg-drivers-7.7_5...
root@bsd11:~ #

 

 

open-vm-tools 설치 (vmware 해당)

root@bsd11:~ # pkg install open-vm-tools
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        open-vm-tools: 10.1.10_4,2
        gtkmm24: 2.24.4_3
        xerces-c3: 3.2.0_2
        apache-xml-security-c: 1.7.3
        libdnet: 1.12_1
        libmspack: 0.5

Number of packages to be installed: 6

The process will require 36 MiB more space.
5 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/6] Fetching open-vm-tools-10.1.10_4,2.txz: 100%  563 KiB 576.1kB/s    00:01
[2/6] Fetching gtkmm24-2.24.4_3.txz: 100%    1 MiB   1.3MB/s    00:01
[3/6] Fetching xerces-c3-3.2.0_2.txz: 100%    2 MiB   2.1MB/s    00:01
[4/6] Fetching apache-xml-security-c-1.7.3.txz: 100%  703 KiB 719.8kB/s    00:01
[5/6] Fetching libdnet-1.12_1.txz: 100%   64 KiB  65.6kB/s    00:01
[6/6] Fetching libmspack-0.5.txz: 100%   73 KiB  74.6kB/s    00:01
Checking integrity... done (0 conflicting)
[1/6] Installing xerces-c3-3.2.0_2...
[1/6] Extracting xerces-c3-3.2.0_2: 100%
[2/6] Installing gtkmm24-2.24.4_3...
[2/6] Extracting gtkmm24-2.24.4_3: 100%
[3/6] Installing apache-xml-security-c-1.7.3...
[3/6] Extracting apache-xml-security-c-1.7.3: 100%
[4/6] Installing libdnet-1.12_1...
[4/6] Extracting libdnet-1.12_1: 100%
[5/6] Installing libmspack-0.5...
[5/6] Extracting libmspack-0.5: 100%
[6/6] Installing open-vm-tools-10.1.10_4,2...
Extracting open-vm-tools-10.1.10_4,2: 100%
Loading vmmemctl kernel module: done.
vmware_guestd not running? (check /var/run/vmware_guestd.pid).
Starting vmware_guestd.
root@bsd11:~ #

 

/etc/rc.conf 설정 (vmware 해당)

root@bsd11:~ # vi /etc/rc.conf
# Vmware Settings
vmware_guest_vmblock_enable="YES"
vmware_guest_vmhgfs_enable="YES"
vmware_guest_vmmemctl_enable="YES"
vmware_guest_vmxnet_enable="YES"
vmware_guestd_enable="YES"

 

xf86-video-vmware xf86-input-vmmouse 설치 (vmware 만 해당)

root@bsd11:~ # pkg install xf86-video-vmware xf86-input-vmmouse
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        xf86-video-vmware: 13.2.1_1
        xf86-input-vmmouse: 13.1.0_1

Number of packages to be installed: 2

34 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/2] Fetching xf86-video-vmware-13.2.1_1.txz: 100%   24 KiB  24.2kB/s    00:01 
[2/2] Fetching xf86-input-vmmouse-13.1.0_1.txz: 100%   10 KiB  10.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/2] Installing xf86-video-vmware-13.2.1_1...
[1/2] Extracting xf86-video-vmware-13.2.1_1: 100%
[2/2] Installing xf86-input-vmmouse-13.1.0_1...
Extracting xf86-input-vmmouse-13.1.0_1: 100%
root@bsd11:~ #

 

리부팅후 Xorg 설정

root@bsd11:~ # init 6

 

xorg.conf 파일생성

별도의 설정을 만들지 않아도 작동은 하지만 vmware 의경우 마우스 감도가 떨어져 별도로 수정을 해줍니다.

root@bsd11:~ # Xorg -configure

X.Org X Server 1.18.4
Release Date: 2016-07-19
X Protocol Version 11, Revision 0
Build Operating System: FreeBSD 11.0-RELEASE-p15 amd64
Current Operating System: FreeBSD bsd11 11.1-RELEASE FreeBSD 11.1-RELEASE #0 r321309: Fri Jul 21 02:08:28 UTC 2017     root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
Build Date: 16 November 2017  09:17:14AM

Current version of pixman: 0.34.0
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sun Nov 26 03:20:57 2017
List of video drivers:
        vmware
        vesa
        modesetting
        scfb
scfb trace: probe start
(++) Using config file: "/root/xorg.conf.new"
(==) Using system config directory "/usr/local/share/X11/xorg.conf.d"


Xorg detected your mouse at device /dev/sysmouse.
Please check your config if the mouse is still not
operational, as by default Xorg tries to autodetect
the protocol.

Your xorg.conf file is /root/xorg.conf.new

 

xorg.conf.new 파일을 카피

root@bsd11:~ # cp xorg.conf.new /usr/local/etc/X11/xorg.conf.d/xorg.conf

 

xorg.conf 파일 설정

root@bsd11:~ # vi /usr/local/etc/X11/xorg.conf.d/xorg.conf
Section "ServerLayout"
        Identifier     "X.org Configured"
        Screen      0  "Screen0" 0 0
        InputDevice    "Mouse0" "CorePointer"
        InputDevice    "Keyboard0" "CoreKeyboard"
        Option          "AutoAddDevices" "Off"
EndSection

Section "Files"
        ModulePath   "/usr/local/lib/xorg/modules"
        FontPath     "/usr/local/share/fonts/misc/"
        FontPath     "/usr/local/share/fonts/TTF/"
        FontPath     "/usr/local/share/fonts/OTF/"
        FontPath     "/usr/local/share/fonts/Type1/"
        FontPath     "/usr/local/share/fonts/100dpi/"
        FontPath     "/usr/local/share/fonts/75dpi/"
EndSection

Section "Module"
        Load  "glx"
EndSection

Section "InputDevice"
        Identifier  "Keyboard0"
        Driver      "kbd"
EndSection

Section "InputDevice"
        Identifier  "Mouse0"
        Driver      "vmmouse"
        Option      "Protocol" "auto"
        Option      "Device" "/dev/sysmouse"
        Option      "ZAxisMapping" "4 5 6 7"
EndSection

 

Secriton “ServerLayout” 에서 Option 을 추가하여 자동으로 Device 가 추가 되는것을 방지 합니다.

 

Section “InputDevice” 에서

mount 를 vmmouse 로 변경 합니다.

 

 

 

Gnome3 install 

pkg 명령어를 이용하여 install  합니다.

root@bsd11:~ # pkg install gnome3

 

설치 완료 메세지

===========================================================================

Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py36-gdbm       databases/py36-gdbm
py36-sqlite3    databases/py36-sqlite3
py36-tkinter    x11-toolkits/py36-tkinter

===========================================================================
Message from xmlcatmgr-2.2_2:

The following catalogs are installed:

 1) /usr/local/share/sgml/catalog

   The top level catalog for SGML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 2) /usr/local/share/sgml/catalog.ports

   This catalog is for handling SGML stuff installed under
   /usr/local/share/sgml.  It is changed by ports/packages.

 3) /usr/local/share/xml/catalog

   The top level catalog for XML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 4) /usr/local/share/xml/catalog.ports

   This catalog is for handling XML stuff installed under
   /usr/local/share/xml.  It is changed by ports/packages.
Message from trousers-0.3.14_1:

To run tcsd automatically, add the following line to /etc/rc.conf:

tcsd_enable="YES"

You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.

If you want to use tcsd with software TPM emulator, use the following
configuration in /etc/rc.conf:

tcsd_enable="YES"
tcsd_mode="emulator"
tpmd_enable="YES"

To use TPM, add your_account to '_tss' group like following:

# pw groupmod _tss -m your_account
Message from libinotify-20170711_1:

============================================================================

Libinotify functionality on FreeBSD is missing support for

  - detecting a file being moved into or out of a directory within the
    same filesystem
  - certain modifications to a symbolic link (rather than the
    file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:
   IN_MOVED_FROM
   IN_MOVED_TO

Open/close notifications:
   IN_OPEN
   IN_CLOSE_NOWRITE
   IN_CLOSE_WRITE

Symbolic Link notifications:
   IN_DONT_FOLLOW
   IN_ATTRIB
   IN_MOVE_SELF
   IN_DELETE_SELF

Kernel patches to address the missing directory and symbolic link
notifications are available from:

https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches

=============================================================================
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.

If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:

    kern.maxfiles="25000"
=============================================================================
Message from gamin-0.1.10_9:

===============================================================================

Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

For a typical desktop, add the following line to /boot/loader.conf, then
reboot the system:

    kern.maxfiles="25000"

The behavior of gamin can be controlled via the various gaminrc files.
See http://www.gnome.org/~veillard/gamin/config.html on how to create
these files.  In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10

===============================================================================

===>   NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libcdio-0.94:

===>   NOTICE:

The libcdio port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from samba44-4.4.16:

===============================================================================

How to start: http://wiki.samba.org/index.php/Samba4/HOWTO

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check: http://wiki.samba.org/index.php/Samba4

Bug reports should go to the: https://bugzilla.samba.org/

===============================================================================
Message from webcamd-4.12.0.1:

*********************************************************************
1) webcamd requires the cuse4bsd(3) or cuse(3) kernel module, depending on
how webcamd was compiled. Please load this dependency by doing:

       # FreeBSD < 11.x, package from ports
       # kldload cuse4bsd
or
       # FreeBSD >= 11.x, part of default kernel build
       # kldload cuse

or by adding

       cuse4bsd_load="YES"
or
       cuse_load="YES"

to your /boot/loader.conf.

2) add webcamd_enable="YES"

to your /etc/rc.conf

3) Please restart devd to start webcamd

        # service devd restart

4) Optionally add a user to the "webcamd" group

        # pw groupmod webcamd -m <username>

5) If webcamd still did not start, consult the installed webcamd rc.d
script for more help and instructions on how to start webcamd.
*********************************************************************
Message from wv-1.2.9_4:

*******************************************************************

Some output formats (for example: DVI, PDF, and PS) require a LaTeX
implementation, such as print/teTeX, to be installed. Text output
will be of better quality if www/elinks, www/links, or www/lynx is
installed.

*******************************************************************

===>   NOTICE:

The wv port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from raptor-1.4.21_6:

===>   NOTICE:

The raptor port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libcdio-paranoia-10.2+0.94+1:

===>   NOTICE:

The libcdio-paranoia port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from fusefs-libs-2.9.5:

Install the fuse kernel module to use this port.
Message from ibus-1.5.14_3:

-------------------------------------------------------------------
ibus installation finished. To use ibus, please do the following:

If you are using bash, please add following lines to your $HOME/.bashrc:

export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

If you are using tcsh, please add following lines to your $HOME/.cshrc:

setenv XIM ibus
setenv GTK_IM_MODULE ibus
setenv QT_IM_MODULE xim
setenv XMODIFIERS @im=ibus
setenv XIM_PROGRAM ibus-daemon
setenv XIM_ARGS "--daemonize --xim"

If you are using KDE4, you may create a shell script in $HOME/.kde4/env,
and add following lines:

#!/bin/sh
export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

Following input methods/engines are available in ports:

chinese/ibus-chewing            Chewing engine for IBus
chinese/ibus-libpinyin          Intelligent Pinyin engine based on libpinyin
chinese/ibus-pinyin             The PinYin input method
japanese/ibus-anthy             Anthy engine for IBus
japanese/ibus-mozc              Mozc engine for IBus
japanese/ibus-skk               SKK engine for IBus
korean/ibus-hangul              Hangul engine for IBus
textproc/ibus-kmfl              KMFL IMEngine for IBus framework
textproc/ibus-table             Table based IM framework for IBus
textproc/ibus-typing-booster    Faster typing by context sensitive completion

and QT4 input method module, textproc/ibus-qt.

If ibus cannot start or the panel does not appear, please ensure
that you are using up-to-date python.
-------------------------------------------------------------------
Message from pulseaudio-11.0_1:

Pulseaudio tries to determine default values for FreeBSD OSS driver at first
start, based on /dev/sndstat output. The hw.snd.default_unit sysctl may affect
these values, but restart of the Pulseaudio might be needed to rescan it again,
e.g. `pacmd exit`.

Pulseaudio has separate input and output configure lines. You can change them
with using following commands:

To change the default sink (output):
# pacmd set-default-sink 3
To change the default source (input):
# pacmd set-default-source 3

This can also be set in /usr/local/etc/pulse/default.pa

Replace the number '3' with the new default you want to set.


The audio/freedesktop-sound-theme is needed if the default sound files
are uncommented in the /usr/local/etc/pulse/default.pa file.
Message from glew-1.13.0_1:

===>   NOTICE:

The glew port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from freeglut-3.0.0_1:

Joystick support is untested and it is unknown if it works.

Do not hesitate to contact x11@FreeBSD.org if this causes issues.
Message from ghostscript9-agpl-base-9.16_5:

Note: in order to use the script "dvipdf", dvips must be installed.
This program is provided by another package print/tex-dvipsk.

FAPIfontmap and FAPIcidfmap in /usr/local/share/ghostscript/9.16/Resource/Init
have to be configured if you want to use FAPI feature.
Message from schroedinger-1.0.11_4:

===>   NOTICE:

The schroedinger port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from opencv-core-2.4.13.1_1:

===>   NOTICE:

The opencv-core port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from aalib-1.4.r5_11:

===>   NOTICE:

The aalib port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from portaudio-19.20140130_6:

===>   NOTICE:

The portaudio port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from cheese-3.18.1_2:

For cheese to work, webcamd needs to be running and the user which wants
to run cheese needs to be added to the webcamd group.

This can be done by:

# pw groupmod webcamd -m jerry
Message from libgtop-2.32.0:

===============================================================================

In order to use the File System read/write monitor, you must chmod
/dev/devstat so that all users can open it read-only.  For example:

# chmod 0444 /dev/devstat

In order for this to persist across reboots, add the following to
/etc/devfs.conf:

perm    devstat 0444

===============================================================================
Message from djvulibre-3.5.27_1:

===>   NOTICE:

The djvulibre port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from sdl-1.2.15_10,2:

------------------------------------------------------------------------------
 Your SDL library has been built with libvgl support, which means that you
 can run almost any SDL application straight on your console (VESA 2.0
 compatible videocard is required).

 To do this you have to load the vesa kernel module or enable it in your
 kernel, and set environment variable "SDL_VIDEODRIVER=vgl".
------------------------------------------------------------------------------

===>   NOTICE:

The sdl port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libdca-0.0.5_1:

===>   NOTICE:

The libdca port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from py36-setuptools-36.2.2:

*******************************************************************

  Only /usr/local/bin/easy_install-3.6 script has been installed
  since Python 3.6 is not the default Python version.

*******************************************************************
Message from dotconf-1.3_1:

===>   NOTICE:

The dotconf port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from cyrus-sasl-2.1.26_12:

You can use sasldb2 for authentication, to add users use:

        saslpasswd2 -c username

If you want to enable SMTP AUTH with the system Sendmail, read
Sendmail.README

NOTE: This port has been compiled with a default pwcheck_method of
      auxprop.  If you want to authenticate your user by /etc/passwd,
      PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and
      set sasl_pwcheck_method to saslauthd after installing the
      Cyrus-IMAPd 2.X port.  You should also check the
      /usr/local/lib/sasl2/*.conf files for the correct
      pwcheck_method.
      If you want to use GSSAPI mechanism, install
      ports/security/cyrus-sasl2-gssapi.
      If you want to use SRP mechanism, install
      ports/security/cyrus-sasl2-srp.
      If you want to use LDAP auxprop plugin, install
      ports/security/cyrus-sasl2-ldapdb.
Message from cdrtools-3.01_1:

===========================================================================

Note: The location of the cdrtools `defaults' files has been set to

        /usr/local/etc

This is the FreeBSD ports standard config file location, NOT the cdrtools
standard location, which is /etc/default.

The reason for this is that FreeBSD ports and packages should not use
configuration files outside of /usr/local.

===========================================================================
Message from spandsp-0.0.6:

===>   NOTICE:

The spandsp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from boost-libs-1.65.1:

You have built the Boost library with thread support.

Don't forget to add -pthread to your linker options when
linking your code.
Message from unoconv-0.6:

===============================================================================

Universal Office Converter (unoconv) has been installed.

For Document conversions is needed that is LibreOffice or OpenOffice installed

editors/libreoffice

editors/openoffice*

===============================================================================
Message from gnome-shell-3.18.5_4:

Gnome-shell requires acceleration of to work. For this a nvidia card
with the nvidia-driver, or a Intel/ATI KMS enabled card is needed.

For the nvidia users no other changes are needed. For Intel/ATI KMS
driver the user needs to have read/write permissions on
/dev/dri/cardN (usually N=0). If gnome-shell is launched from gdm, the
gdm user also needs this access.

Access can be granted by adding the user(s) to the video group.

% pw groupmod video -m jerry

Additional for FreeBSD versions before FreeBSD 11.0-CURRENT revision
286524, and any FreeBSD 10.x version.

By using a devfs.rules(5) to change the mode of the /dev/dri/card0 on creation.

        add path 'dri/*' mode 0666 group video
Message from xterm-330:

================================================================================
You installed xterm with wide chars support. This introduces some limitations
comparing to the plain single chars version: this version of xterm will use
UTF-8 charset for selection buffers, breaking 8-bit copy/paste support unless
you are using UTF-8 or ISO8859-1 locale. If you want 8-bit charset selections to
work as before, use "eightBitSelectTypes" XTerm resource setting.

For further information refer to the SELECT/PASTE section of xterm(1) manual
page.
================================================================================
Message from gnome-keyring-3.18.3_4:

Gnome-keyring uses pinentry-gnome3 for gpg interactions, please add the
following line to your ~/.gnupg/gpg-agent.conf to enable the pinentry
dialog.

pinentry-program /usr/local/bin/pinentry-gnome3
Message from dvd+rw-tools-7.1_1:

===>   NOTICE:

The dvd+rw-tools port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from gdm-3.16.4_3:

GDM is installed.

Do _NOT_ use /etc/ttys to start gdm at boot time.  This will result in gdm
hanging or restarting constantly. Instead, add gdm_enable="YES" to
/etc/rc.conf. GDM will be started automatic on the next reboot.
Message from bitstream-vera-1.10_7:

IMPORTANT - READ CAREFULLY: Please read the COPYRIGHT included with these fonts
before using.  The copyright can be found at /usr/local/share/fonts/bitstream-vera/COPYRIGHT.TXT.  To
use these fonts, follow the instructions below.

Make sure that the freetype module is loaded.  If it is not, add the following
line to the "Modules" section of your X Windows configuration file:

        Load "freetype"

Add the following line to the "Files" section of X Windows configuration file:

        FontPath "/usr/local/share/fonts/bitstream-vera/"

Note: your X Windows configuration file is typically /etc/X11/xorg.conf
Message from gnome3-3.18.0:

**************************************************************************
Congratulations!  GNOME 3 has been successfully installed on your system.
For help on starting it up, as well as answers to common questions, and
some known issues, please see the FreeBSD GNOME homepage at:

                       http://www.FreeBSD.org/gnome/

**************************************************************************
root@bsd11:~ #

 

FreeBSD 의 경우 pkg 가 설치 되고 나면 설정 포인트가 나옵니다.

설치 완료후에 별도로 완료 메시지만 보실 경우에는 아래와 같은 방법으로 보실수 있습니다.

ex) gnome3

root@bsd11:~ # pkg info -D -x gnome3
gnome3-3.18.0:
Always:
**************************************************************************
Congratulations!  GNOME 3 has been successfully installed on your system.
For help on starting it up, as well as answers to common questions, and
some known issues, please see the FreeBSD GNOME homepage at:

                       http://www.FreeBSD.org/gnome/

**************************************************************************

pinentry-gnome3-1.0.0:
root@bsd11:~ #

 

ex) ibus

root@bsd11:~ # pkg info -D -x ibus
ibus-1.5.14_3:
Always:
-------------------------------------------------------------------
ibus installation finished. To use ibus, please do the following:

If you are using bash, please add following lines to your $HOME/.bashrc:

export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

If you are using tcsh, please add following lines to your $HOME/.cshrc:

setenv XIM ibus
setenv GTK_IM_MODULE ibus
setenv QT_IM_MODULE xim
setenv XMODIFIERS @im=ibus
setenv XIM_PROGRAM ibus-daemon
setenv XIM_ARGS "--daemonize --xim"

If you are using KDE4, you may create a shell script in $HOME/.kde4/env,
and add following lines:

#!/bin/sh
export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

Following input methods/engines are available in ports:

chinese/ibus-chewing            Chewing engine for IBus
chinese/ibus-libpinyin          Intelligent Pinyin engine based on libpinyin
chinese/ibus-pinyin             The PinYin input method
japanese/ibus-anthy             Anthy engine for IBus
japanese/ibus-mozc              Mozc engine for IBus
japanese/ibus-skk               SKK engine for IBus
korean/ibus-hangul              Hangul engine for IBus
textproc/ibus-kmfl              KMFL IMEngine for IBus framework
textproc/ibus-table             Table based IM framework for IBus
textproc/ibus-typing-booster    Faster typing by context sensitive completion

and QT4 input method module, textproc/ibus-qt.

If ibus cannot start or the panel does not appear, please ensure
that you are using up-to-date python.
-------------------------------------------------------------------

root@bsd11:~ #

 

해당 포트 디렉토리에서도 확인 가능 합니다. (Ports 설치시)

pkg-message file

 

설지 완료후 나온 메시지를 보면 2가지 정도의 셋팅이 필요 할것으로 보입니다.

libinotify , ibus 설정 gnome3 의 경우 FreeBSD handbook 을 이용하여 셋팅 합니다.

libinotify 설정

root@bsd11:~ # vi /boot/loader.conf
kern.vty=vt
kern.maxfiles="25000"

 

ibus 설정

c shell 사용시 (tcsh 동일)

root@bsd11:~ # vi .cshrc
setenv XIM ibus
setenv GTK_IM_MODULE ibus
setenv QT_IM_MODULE xim
setenv XMODIFIERS @im=ibus
setenv XIM_PROGRAM ibus-daemon
setenv XIM_ARGS "--daemonize --xim"

 

bash 사용시 

root@bsd11:~ # vi .bashrc
export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

 

 

FreeBSD handbook 참고: https://www.freebsd.org/doc/handbook/x11-wm.html

 

proc filesystem 추가

root@bsd11:~ # vi /etc/fstab
proc        /proc               procfs  rw      0       0

 

실행스크립트 설정 /etc/rc.conf

root@bsd11:~ # vi /etc/rc.conf
# Gnome Settings
dbus_enable="YES"
hald_enable="YES"
gdm_enable="YES"
gnome_enable="YES"
moused_enable="YES"

 

.xsession 파일 생성 (gdm_enable 시 자동으로 gnome3 가 구동 됩니다.)

root@bsd11:~ # echo "exec /usr/local/bin/gnome-session" > ~/.xsession
root@bsd11:~ # chmod +x .xsession

 

 

 

 

시스템 리부팅후 Gnome3 로그인화면을 볼수 있습니다.

 

chsh 로 Username 편집후 확인 

root@bsd11:~ # su - test
Need to quickly return to your home directory? Type "cd".
                -- Dru <genesis@istar.ca>
$ chsh test

#Changing user information for test.
Shell: /bin/sh
Full Name: User &
Office Location:
Office Phone:
Home Phone:
Other information:

Full Name: User & 에서 User_name 으로 변경 합니다.

ex)test

rebooting 후 확인

 

 

 

추가적인 방법 Gnome User list Disable

User & 부분이 신경쓰여 Gnome User list 를 Disable 합니다.

설정 (파일이 없어 별도로 만들어 줍니다.)

root@bsd11:~ # vi /usr/local/etc/dconf/profile/gdm

user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaults

root@bsd11:~ # mkdir /usr/local/etc/dconf/db/gdm.d
root@bsd11:~ # mkdir /usr/local/etc/dconf/db/gdm.d/00-login-screen
[org/gnome/login-screen]
# Do not show the user list
disable-user-list=true


root@bsd11:~ # dconf update
root@bsd11:~ #

 

rebooting 후 확인

 

 

KDE 설치 

공통 부분의 경우 gnome3 설치전까지 입니다.

xorg 설치 및 설정이 필요 합니다.

 

root@bsd11:~ # pkg install x11/kde4
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 414 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        kde: 4.14.3_1
        kde-workspace: 4.11.22_12
        xsetroot: 1.1.1
        gcc6: 6.4.0_2
        gcc-ecj: 4.5
        mysql56-client: 5.6.37_1
        libevent: 2.1.8
        xmessage: 1.0.4
        xcb-util-keysyms: 0.4.0_1
        xcb-util-image: 0.4.0_1
        qimageblitz: 0.0.6_2
        qt4-gui: 4.8.7_3
        qtchooser: 39
        qt4-corelib: 4.8.7_9
~ 중략

 

proc filesystem 추가 

root@bsd11:~ # vi /etc/fstab
proc            /proc           procfs          rw      0       0

 

/etc/rc.conf 실행스크립트 추가 

root@bsd11:~ # vi /etc/rc.conf
# KDE Settings
dbus_enable="YES"
hald_enable="YES"
kdm4_enable="YES"
moused_enable="YES"

 

ibus 의 경우 default 로 설치가 진행되지 않았습니다.

 

리부팅 후 확인

 

 

xfce4 설치

공통 부분의 경우 gnome3 설치전까지 입니다.

xorg 설치 및 설정이 필요 합니다.

 

root@bsd11:~ # pkg install xfce

 

 

설치 완료후 메세지

The following catalogs are installed:

 1) /usr/local/share/sgml/catalog

   The top level catalog for SGML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 2) /usr/local/share/sgml/catalog.ports

   This catalog is for handling SGML stuff installed under
   /usr/local/share/sgml.  It is changed by ports/packages.

 3) /usr/local/share/xml/catalog

   The top level catalog for XML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 4) /usr/local/share/xml/catalog.ports

   This catalog is for handling XML stuff installed under
   /usr/local/share/xml.  It is changed by ports/packages.
Message from python36-3.6.2_1:

===========================================================================

Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py36-gdbm       databases/py36-gdbm
py36-sqlite3    databases/py36-sqlite3
py36-tkinter    x11-toolkits/py36-tkinter

===========================================================================
Message from libcdio-0.94:

===>   NOTICE:

The libcdio port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libinotify-20170711_1:

============================================================================

Libinotify functionality on FreeBSD is missing support for

  - detecting a file being moved into or out of a directory within the
    same filesystem
  - certain modifications to a symbolic link (rather than the
    file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:
   IN_MOVED_FROM
   IN_MOVED_TO

Open/close notifications:
   IN_OPEN
   IN_CLOSE_NOWRITE
   IN_CLOSE_WRITE

Symbolic Link notifications:
   IN_DONT_FOLLOW
   IN_ATTRIB
   IN_MOVE_SELF
   IN_DELETE_SELF

Kernel patches to address the missing directory and symbolic link
notifications are available from:

https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches

=============================================================================
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.

If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:

    kern.maxfiles="25000"
=============================================================================
Message from gamin-0.1.10_9:

===============================================================================

Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

For a typical desktop, add the following line to /boot/loader.conf, then
reboot the system:

    kern.maxfiles="25000"

The behavior of gamin can be controlled via the various gaminrc files.
See http://www.gnome.org/~veillard/gamin/config.html on how to create
these files.  In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10

===============================================================================

===>   NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libcdio-paranoia-10.2+0.94+1:

===>   NOTICE:

The libcdio-paranoia port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from samba44-4.4.16:

===============================================================================

How to start: http://wiki.samba.org/index.php/Samba4/HOWTO

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check: http://wiki.samba.org/index.php/Samba4

Bug reports should go to the: https://bugzilla.samba.org/

===============================================================================
Message from xfce4-tumbler-0.2.0:

To override the default configuration, you must copy the rc-file:

        mkdir ~/.config/tumbler
        cp /usr/local/etc/xdg/tumbler/tumbler.rc ~/.config/tumbler

The COVER plugin requires manual configuration.

For more information see http://docs.xfce.org/xfce/thunar/tumbler
Message from xfce4-terminal-0.8.6:

Some options could need manual change to ~/.config/xfce4/terminal/terminalrc:

To reduce the height of tabs, add the hidden 'MiscSlimTabs' option:

MiscSlimTabs=TRUE

By default this option is not defined.

If you have configured a custom color cursor you will also need to add:

ColorCursorUseDefault=FALSE

to have such configuration still working, otherwise reconfigure the color
in the GUI.

Keep in mind, when you change an option in Preferences window, this file
is overwritten.
Message from xfce4-session-4.12.1_4:

To be able to shutdown or reboot your system, you'll have to add .rules
files in /usr/local/etc/polkit-1/rules.d directory. Which looks
like this (replace PUTYOURGROUPHERE by your group):

polkit.addRule(function (action, subject) {
  if ((action.id == "org.freedesktop.consolekit.system.restart" ||
      action.id == "org.freedesktop.consolekit.system.stop")
      && subject.isInGroup("PUTYOURGROUPHERE")) {
    return polkit.Result.YES;
  }
});

For those who have working suspend/resume:

polkit.addRule(function (action, subject) {
  if (action.id == "org.freedesktop.consolekit.system.suspend"
      && subject.isInGroup("PUTYOURGROUPHERE")) {
    return polkit.Result.YES;
  }
});
root@bsd11:~ #

 

proc filesystem 추가 

root@bsd11:~ # vi /etc/fstab
proc            /proc           procfs          rw      0       0

 

xfce4 실행 스크립트 작성 (사용하는 유저로 작업을 해야 합니다.)

root@bsd11:~ # su - test
$ echo "#!/bin/sh" > ~/.xsession
$ echo "exec /usr/local/bin/startxfce4 --with-ck-launch" >> ~/.xinitrc
$ chmod +x ~/.xinitrc

 

slim install (Simple Login Manager)

xfce 의 경우 로그인 화면을 따로 제공하지 않기 때문에 slim 을 설치 합니다. 

root@bsd11:~ # pkg install slim

 

/etc/rc.conf 실행스크립트 추가 

# Xfce4 Settings
dbus_enable="YES"
hald_enable="YES"
slim_enable="YES"
moused_enable="YES"

 

리부팅후 확인

 

 

기본적인 FreeBSD Desktop 설정이 끝났습니다.

한글설정의 경우 ibus 또는 scim 을 이용해야 할것 같습니다.

 

 

FreeBSD cacati percona nginx 템플릿 이용시 반드시 input method 스크립트의 변경이 필요 합니다. 

해당내용의 변경 없이 템플릿을 사용하면 정상적인 모니터링이 불가능 합니다.

 

기존 APM 환경에서 Nginx 로 web server 만 변경 하였기 때문에 cacti.conf 를 추가 하는 방법으로 테스트를 진행하였습니다.

 

 

cacti.conf 파일 생성 

root@bsd11:/usr/local/etc/nginx/conf.d #
root@bsd11:/usr/local/etc/nginx/conf.d # vi cacti.conf
server {
    listen       80;
    server_name  cacti.crois.net;
    index        index.php index.html index.htm;
    root         /usr/local/share;

    location /cacti {
        try_files   $uri $uri/ /index.php?$query_string;
        autoindex on;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
        fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        include fastcgi_params;
    }
        location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 7d;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }
}
root@bsd11:/usr/local/etc/nginx/conf.d #

 

default.conf 파일 수정

root@bsd11:/usr/local/etc/nginx/conf.d # 
root@bsd11:/usr/local/etc/nginx/conf.d # vi default.conf
server {
    listen       80 default_server;
    server_name  localhost _;
    index        index.php index.html index.htm;
    root         /var/www/test.crois.net;

    location / {
        try_files   $uri $uri/ /index.php?$query_string;
        autoindex on;
    }

    location /server-status {
        stub_status on;
        allow 127.0.0.1;
        #deny all;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
        fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        include fastcgi_params;
    }
}

localtion 항목 추가

 

root@bsd11:~ # 
root@bsd11:~ # service nginx restart
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Stopping nginx.
Waiting for PIDS: 4123.
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
root@bsd11:~ #

root@bsd11:~ # curl http://localhost/server-status
Active connections: 1
server accepts handled requests
 1 1 1
Reading: 0 Writing: 1 Waiting: 0
root@bsd11:~ #

 

Nginx 템플릿 추가

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # php /usr/local/share/cacti/cli/import_template.php --filename=/usr/local/share/percona-monitoring-plugins/cacti/templates/cacti_host_template_percona_nginx_server_ht_0.8.6i-sver1.1.3.xml
Read 42601 bytes of XML data
Import ResultsCacti has imported the following items for the Template:
CDEF
[success] Percona Turn Into Bits CDEF [unchanged]
[success] Percona Negate CDEF [unchanged]
GPRINT Preset
[success] Percona Nginx Server Checksum 9d9b37b126648a09bb56030a539e8b2e [new]
[success] Percona Nginx Server Version t1.1.3:s1.1.3 [new]
[success] Percona Normal [unchanged]
Data Input Method
[success] Percona Get Nginx Stats/Nginx Requests IM [new]
[success] Percona Get Nginx Stats/Nginx Accepts/Handled IM [new]
[success] Percona Get Nginx Stats/Nginx Scoreboard IM [new]
Data Template
[success] Percona Nginx Requests DT [new]
[success] Percona Nginx Accepts/Handled DT [new]
[success] Percona Nginx Scoreboard DT [new]
Graph Template
[success] Percona Nginx Requests GT [new]
[success] Percona Nginx Accepts/Handled GT [new]
[success] Percona Nginx Scoreboard GT [new]
Device Template
[success] Percona Nginx Server HT [new]
root@bsd11:~ #

 

Data Collection -> Data Input Methods 

Percona Get Nginx Stats/Nginx Accepts/Handled IM 

Percona Get Nginx Stats/Nginx Requests IM

Percona Get Nginx Stats/Nginx Scoreboard IM 

을 편집 합니다. 

 

Percona Get Nginx Stats/Nginx Accepts/Handled IM 수정

Input Sting 수정

수정전 

<path_php_binary> -q <path_cacti>/scripts/ss_get_by_ssh.php --host <hostname> --type nginx --items hx,hy 
--server <server> --url <url> --http-user <http-user> --http-password <password>

 

수정후 

<path_php_binary> -q <path_cacti>/scripts/ss_get_by_ssh.php --host <hostname> --type nginx --items hx,hy

 

Save 를 클릭 하여 저장을 합니다.

동일하게 설정 합니다.

 

Management -> Devices 로 이동하여 Nginx-Server Device 를 생성 합니다.

 

Create Graphs for this Device 를 클릭하여 그래프를 생성 합니다.

 

Graphs 로 이동하여 모니터링 결과를 확인 합니다. (약 5 ~ 10분 정도 시간이 걸립니다.)

 

cacti 유저 변경후 ss_get_by_ssh.php 스크립트 확인

root@bsd11:~ # 
root@bsd11:~ # su - cacti
% php /usr/local/share/cacti/scripts/ss_get_by_ssh.php --type nginx --host 127.0.0.1 --items hw,hx
hw:1 hx:56%

 

cacti log (/var/log/cacti/log file) 정상적인 경우

2017-11-22 21:32:00 - SPINE: Poller[1] DEBUG: In Poller, About to Start Polling of Device for Device ID 6
2017-11-22 21:32:00 - SPINE: Poller[1] Device[6] DEBUG: Entering SNMP Ping
2017-11-22 21:32:00 - SPINE: Poller[1] Updating Full System Information Table
2017-11-22 21:32:00 - SPINE: Poller[1] Device[6] TH[1] Device has no information for recache.
2017-11-22 21:32:00 - SPINE: Poller[1] Device[6] TH[1] NOTE: There are '1' Polling Items for this Device
2017-11-22 21:32:00 - SPINE: Poller[1] Device[6] DEBUG: The NIFTY POPEN returned the following File Descriptor 7

2017-11-22 21:32:00 - SPINE: Poller[1] Device[6] TH[1] DS[34] SCRIPT: /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php --host '127.0.0.1' --type nginx --items hx,hy , output: hx:46196 hy:46196


2017-11-22 21:32:00 - SPINE: Poller[1] Device[6] TH[1] Total Time:  0.42 Seconds
2017-11-22 21:32:00 - SPINE: Poller[1] Device[6] TH[1] DEBUG: HOST COMPLETE: About to Exit Device Polling Thread Function
2017-11-22 21:32:00 - SPINE: Poller[1] DEBUG: The Value of Active Threads is 0 for Device ID 6
2017/11/22 21:32:02 - SYSTEM STATS: Time:2.3135 Method:spine Processes:2 Threads:16 Hosts:2 HostsPerProcess:1 DataSources:2 RRDsProcessed:4
2017-11-22 21:33:00 - SPINE: Poller[1] DEBUG: In Poller, About to Start Polling of Device for Device ID 6
2017-11-22 21:33:00 - SPINE: Poller[1] Device[6] DEBUG: Entering SNMP Ping
2017-11-22 21:33:00 - SPINE: Poller[1] Updating Full System Information Table
2017-11-22 21:33:00 - SPINE: Poller[1] Device[6] TH[1] Device has no information for recache.
2017-11-22 21:33:00 - SPINE: Poller[1] Device[6] TH[1] NOTE: There are '1' Polling Items for this Device
2017-11-22 21:33:00 - SPINE: Poller[1] Device[6] DEBUG: The NIFTY POPEN returned the following File Descriptor 7

2017-11-22 21:33:00 - SPINE: Poller[1] Device[6] TH[1] DS[35] SCRIPT: /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php --host '127.0.0.1' --type nginx --items hz , output: hz:191937


2017-11-22 21:33:00 - SPINE: Poller[1] Device[6] TH[1] Total Time: 0.086 Seconds
2017-11-22 21:33:00 - SPINE: Poller[1] Device[6] TH[1] DEBUG: HOST COMPLETE: About to Exit Device Polling Thread Function
2017-11-22 21:33:00 - SPINE: Poller[1] DEBUG: The Value of Active Threads is 0 for Device ID 6
2017/11/22 21:33:02 - SYSTEM STATS: Time:2.2942 Method:spine Processes:2 Threads:16 Hosts:2 HostsPerProcess:1 DataSources:2 RRDsProcessed:4
2017-11-22 21:34:00 - SPINE: Poller[1] DEBUG: In Poller, About to Start Polling of Device for Device ID 6
2017-11-22 21:34:00 - SPINE: Poller[1] Device[6] DEBUG: Entering SNMP Ping
2017-11-22 21:34:00 - SPINE: Poller[1] Updating Full System Information Table
2017-11-22 21:34:00 - SPINE: Poller[1] Device[6] TH[1] Device has no information for recache.
2017-11-22 21:34:00 - SPINE: Poller[1] Device[6] TH[1] NOTE: There are '1' Polling Items for this Device
2017-11-22 21:34:00 - SPINE: Poller[1] Device[6] DEBUG: The NIFTY POPEN returned the following File Descriptor 7

2017-11-22 21:34:00 - SPINE: Poller[1] Device[6] TH[1] DS[36] SCRIPT: /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php --host '127.0.0.1' --type nginx --items hw,ig,ih,ii , output: hw:101 ig:0 ih:98 ii:3


2017-11-22 21:34:00 - SPINE: Poller[1] Device[6] TH[1] Total Time:  0.11 Seconds
2017-11-22 21:34:00 - SPINE: Poller[1] Device[6] TH[1] DEBUG: HOST COMPLETE: About to Exit Device Polling Thread Function
2017-11-22 21:34:00 - SPINE: Poller[1] DEBUG: The Value of Active Threads is 0 for Device ID 6
2017/11/22 21:34:02 - SYSTEM STATS: Time:2.2448 Method:spine Processes:2 Threads:16 Hosts:2 HostsPerProcess:1 DataSources:2 RRDsProcessed:4

output: 메세지에 -1 이 아닌 정상적인 값이 출력 됩니다.

 

Data Input Methods 수정을 안할경우 아래와 같은 메시지가 출력 됩니다. 

output: 메시지에 -1 이 출력 됩니다.

 

정상적으로 모니터링이 되지 않아 Debug 모드 enable 후 /var/log/cacti/log 확인 하였지만 정상적으로 그래프 생성이 안되는 것을 확인 하였습니다.

단, log 확인시 –server , –url , –http-user , –http-password 필드 사용시 문제가 되는것을 확인 하였습니다.

 

cacti log (/var/log/cacti/log file) 비정상인 경우 

2017-11-22 03:36:00 - SPINE: Poller[1] Device[5] TH[1] DS[31] SCRIPT: /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php 
--host '127.0.0.1' --type nginx --items hx,hy --server '' --url '' --http-user '' --http-password , 
output: hx:-1 hy:-1


2017-11-22 03:36:00 - SPINE: Poller[1] Device[5] DEBUG: The NIFTY POPEN returned the following File Descriptor 7
2017-11-22 03:36:00 - SPINE: Poller[1] Device[5] TH[1] DS[32] SCRIPT: /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php 
--host '127.0.0.1' --type nginx --items hz --server '' --url '' --http-user '' --http-password , 
output: hz:-1


2017-11-22 03:36:00 - SPINE: Poller[1] Device[5] DEBUG: The NIFTY POPEN returned the following File Descriptor 7
2017-11-22 03:36:01 - SPINE: Poller[1] Device[5] TH[1] DS[33] SCRIPT: /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php 
--host '127.0.0.1' --type nginx --items hw,ig,ih,ii --server '' --url '' --http-user '' --http-password , 
output: hw:-1 ig:-1 ih:-1 ii:-1

output: -1 로 나오는것을 확인 할수 있습니다.

 

cacti User 테스트 

root@bsd11:~/.ssh # su - cacti
% /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php --host '127.0.0.1' --type nginx 
--items hw,ig,ih,ii --server '' --url '' --http-user '' --http-password ''
hw:-1 ig:-1 ih:-1 ii:-1%

모든 값이 -1 값으로 나옵니다.

 

필드 제거후 테스트

% /usr/local/bin/php -q /usr/local/share/cacti/scripts/ss_get_by_ssh.php --host '127.0.0.1' --type nginx --items hw,ig,ih,ii
hw:51 ig:0 ih:50 ii:1%

정상값을 확인 할수 있습니다.