Freebsd ezjail ports install
Official page: https://www.freebsd.org/doc/handbook/jails-ezjail.html
참고페이지: https://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/
https://www.davd.eu/posts-freebsd-jails-with-a-single-public-ip-address/
FreeBSD jail의 자세한 내용은 Freebsd 문서를 참고해 주시기 바랍니다.
FreeBSD11 에서 간단하게 사용해볼수 있는 Jail 설정에 관한 문서 입니다. zfs pool 사용의 경우 설치시 BSD 설치시 zfs 로 설치한 VM 을 사용하였습니다.
별도의 zfs의 구성으로 테스트를 진행하셔도 됩니다. ezjail 설치시 pkg install -y ezjail 로 설치 하여도 됩니다. 🙂
Jail network 설정
Jail 에서 사용할 lo1 Device 를 생성 합니다.
lo1 interface 설정 /etc/rc.conf 를 수정 합니다.
jail 에서 사용할 가상 ip 를 10.0.0.1 ~ 10.0.0.9 까지 설정 합니다.
rc.conf 를 수정 합니다.
root@bsd11:~ # vi /etc/rc.conf
#ifconfig_vtnet0="inet 192.168.0.40 netmask 255.255.255.0"
ifconfig_vtnet0_name="em0"
ifconfig_em0="inet 192.168.0.40 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
cloned_interfaces="lo1"
ipv4_addrs_lo1="10.0.0.1-9/29"
lo1 device 를 생성합니다.
root@bsd11:~ # service netif cloneup
Created clone interfaces: lo1.
root@bsd11:~ # ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether 52:54:00:40:19:eb
hwaddr 52:54:00:40:19:eb
inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
groups: lo
root@bsd11:~ #
lo1 interface 생성
root@bsd11:~ # service netif cloneup
Created clone interfaces: lo1.
root@bsd11:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether 52:54:00:2c:0c:a0
hwaddr 52:54:00:2c:0c:a0
inet 192.168.0.40 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 10.0.0.1 netmask 0xfffffff8
inet 10.0.0.2 netmask 0xffffffff
inet 10.0.0.3 netmask 0xffffffff
inet 10.0.0.4 netmask 0xffffffff
inet 10.0.0.5 netmask 0xffffffff
inet 10.0.0.6 netmask 0xffffffff
inet 10.0.0.7 netmask 0xffffffff
inet 10.0.0.8 netmask 0xffffffff
inet 10.0.0.9 netmask 0xffffffff
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
groups: lo
root@bsd11:~ #
pf 방화벽 설정
IP_PUB 의 경우 em0 의 ip 입니다.
web-service 테스트를 위하여 443 , 80 port 를 10.0.0.1 로 보냅니다.
root@bsd11:~ # vi /etc/pf.conf # Public IP address IP_PUB="192.168.0.40" # Packet normalization scrub in all # Allow outbound connections from within the jails nat on em0 from lo1:network to any -> (em0) # webserver jail at 10.0.0.1 rdr on em0 proto tcp from any to $IP_PUB port 443 -> 10.0.0.1 # just an example in case you want to redirect to another port within your jail rdr on em0 proto tcp from any to $IP_PUB port 80 -> 10.0.0.1 root@bsd11:~ #
pf 방화벽 실행
root@bsd11:~ # sysrc pf_enable=YES pf_enable: NO -> YES root@bsd11:~ # service pf start Enabling pf.
ezjail 설치
root@bsd11:~ # whereis ezjail ezjail: /usr/ports/sysutils/ezjail root@bsd11:~ # cd /usr/ports/sysutils/ezjail/ && make install clean root@bsd11:/usr/ports/sysutils/ezjail # rehash root@bsd11:/usr/ports/sysutils/ezjail #
resolv.conf 파일을 카피 합니다.
root@bsd11:~ # cp /etc/resolv.conf /usr/jails/newjail/etc/
ezjail 을 실행합니다.
root@bsd11:/usr/ports/sysutils/ezjail # sysrc ezjail_enable=YES ezjail_enable: -> YES root@bsd11:/usr/ports/sysutils/ezjail # service ezjail start
base jail template 생성
root@bsd11:~ # ezjail-admin install base.txz 100% of 99 MB 2970 kBps 00m34s lib32.txz 100% of 17 MB 2761 kBps 00m07s Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 11.1-RELEASE from update5.freebsd.org... done. Fetching metadata index... done. Inspecting system...
ezjail-admin install 실행후 아래와 같은 디렉토리가 생성된것을 볼수 있습니다.
root@bsd11:~ # ls -al /usr/jails total 20 drwxr-xr-x 5 root wheel 512 Mar 5 21:51 . drwxr-xr-x 17 root wheel 512 Mar 5 21:50 .. drwxr-xr-x 9 root wheel 512 Mar 5 21:51 basejail drwxr-xr-x 3 root wheel 512 Mar 5 21:51 flavours drwxr-xr-x 13 root wheel 512 Mar 5 21:51 newjail root@bsd11:~ # ls -al /usr/jails/flavours/ total 12 drwxr-xr-x 3 root wheel 512 Mar 5 21:51 . drwxr-xr-x 5 root wheel 512 Mar 5 21:51 .. drwxr-xr-x 4 root wheel 512 Mar 4 15:27 example root@bsd11:~ # ls -al /usr/jails/basejail/ total 36 drwxr-xr-x 9 root wheel 512 Mar 5 21:51 . drwxr-xr-x 5 root wheel 512 Mar 5 21:51 .. drwxr-xr-x 2 root wheel 1024 Mar 5 21:51 bin drwxr-xr-x 9 root wheel 1024 Mar 5 21:51 boot drwxr-xr-x 4 root wheel 1536 Mar 5 21:51 lib drwxr-xr-x 3 root wheel 512 Mar 5 21:51 libexec drwxr-xr-x 2 root wheel 2560 Mar 5 21:51 rescue drwxr-xr-x 2 root wheel 2560 Mar 5 21:51 sbin drwxr-xr-x 11 root wheel 512 Mar 5 21:51 usr root@bsd11:~ # man /usr/jails No manual entry for /usr/jails root@bsd11:~ # ls -al /usr/local/etc/rc.d/ezjail -rwxr-xr-x 1 root wheel 8128 Mar 4 15:27 /usr/local/etc/rc.d/ezjail root@bsd11:~ # ls -al /usr/local/etc/ezjail.conf -rw-r--r-- 1 root wheel 2637 Mar 4 15:27 /usr/local/etc/ezjail.conf root@bsd11:~ # ls -al /usr/local/etc/ezjail total 8 drwxr-xr-x 2 root wheel 512 Mar 4 15:27 . drwxr-xr-x 12 root wheel 1024 Mar 4 15:27 .. root@bsd11:~ #
Jail 에서 사용할 ports 트리를 커밋 합니다.
root@bsd11:~ # ezjail-admin install -p
Test 를 위하여 httpd jail 을 생성 합니다.
root@bsd11:~ # ezjail-admin create httpd 10.0.0.1 root@bsd11:~ # ezjail-admin start httpd root@bsd11:~ # ezjail-admin list STA JID IP Hostname Root Directory --- ---- --------------- ------------------------------ ------------------------ DR 1 10.0.0.1 httpd /usr/jails/httpd root@bsd11:~ #
jls 명령어로도 확인 가능 합니다.
root@bsd11:~ # jls
JID IP Address Hostname Path
1 10.0.0.1 httpd /usr/jails/httpd
root@bsd11:~ #
httpd jail 생성후 파티션 확인
가상 파티션인 /usr/jails/httpd 가 생성 됩니다.
root@bsd11:~ # df -h Filesystem Size Used Avail Capacity Mounted on /dev/ada0s1a 18G 11G 6.1G 64% / devfs 1.0K 1.0K 0B 100% /dev /usr/jails/basejail 18G 11G 6.1G 64% /usr/jails/httpd/basejail devfs 1.0K 1.0K 0B 100% /usr/jails/httpd/dev fdescfs 1.0K 1.0K 0B 100% /usr/jails/httpd/dev/fd procfs 4.0K 4.0K 0B 100% /usr/jails/httpd/proc root@bsd11:~ #
Jail console 로 httpd 로 접속 합니다.
root@bsd11:~ # ezjail-admin console httpd FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017 Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. root@httpd:~ #
httpd jail 에서 apache24 를 설치 합니다.
ports 설치가 아닌 pkg 명령어를 통한 설치도 가능 합니다. 🙂
root@httpd:~ # make -C /usr/ports/www/apache24 config-recursive install ~중략 root@httpd:~ # sysrc apache24_enable=YES apache24_enable: -> YES root@httpd:~ # cat /etc/rc.conf apache24_enable="YES" root@httpd:~ # vi /usr/local/etc/apache24/httpd.conf ServerName www.example.com:80 root@httpd:~ # service apache24 start root@httpd:~ # sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS www httpd 63005 3 tcp4 10.0.0.1:80 *:* www httpd 63004 3 tcp4 10.0.0.1:80 *:* www httpd 63003 3 tcp4 10.0.0.1:80 *:* www httpd 63002 3 tcp4 10.0.0.1:80 *:* www httpd 63001 3 tcp4 10.0.0.1:80 *:* root httpd 63000 3 tcp4 10.0.0.1:80 *:* root sendmail 3798 3 tcp4 10.0.0.1:25 *:* root syslogd 3718 6 udp4 10.0.0.1:514 *:* root@httpd:~ #
접속 확인
vm의 em0 에 설정되어있는 Public IP 192.168.0.40 으로 접속 하면 httpd jail 로 접속 하게 됩니다.
zroot/jails zfs pool 생성
최초 jail 구성시 먼저 zfs pool 을 생성 하고 작업을 합니다.
zfs 및 파일 시스템의 경우 별도로 포스팅 하겠습니다.
ezjail 설치 및 rc.conf 등록
root@bsd11:~ # pkg install -y ezjail root@bsd11:~ # sysrc ezjail_enable=YES ezjail_enable: -> YES
ezjail 에서 zfs pool 을 사용하기 위하여 아래와 같이 ezjail.conf 를 수정합니다.
root@bsd11:~ # vi /usr/local/etc/ezjail.conf # to collect them in this directory ezjail_jaildir=/usr/jails ~중략 # ZFS options # Setting this to YES will start to manage the basejail and newjail in ZFS ezjail_use_zfs="YES" # Setting this to YES will manage ALL new jails in their own zfs ezjail_use_zfs_for_jails="YES" # The name of the ZFS ezjail should create jails on, it will be mounted at the ezjail_jaildir ezjail_jailzfs="zroot/jails"
zfs list 확인
root@bsd11:~ # zfs list NAME USED AVAIL REFER MOUNTPOINT zroot 1.66G 34.9G 88K /zroot zroot/ROOT 405M 34.9G 88K none zroot/ROOT/default 405M 34.9G 405M / zroot/tmp 88K 34.9G 88K /tmp zroot/usr 1.27G 34.9G 88K /usr zroot/usr/home 88K 34.9G 88K /usr/home zroot/usr/ports 665M 34.9G 665M /usr/ports zroot/usr/src 633M 34.9G 633M /usr/src zroot/var 584K 34.9G 88K /var zroot/var/audit 88K 34.9G 88K /var/audit zroot/var/crash 88K 34.9G 88K /var/crash zroot/var/log 136K 34.9G 136K /var/log zroot/var/mail 88K 34.9G 88K /var/mail zroot/var/tmp 96K 34.9G 96K /var/tmp root@bsd11:~ #
zfs jails pool 생성
root@bsd11:~ # zfs create -p zroot/jails root@bsd11:~ # zfs set mountpoint=/usr/jails zroot/jails root@bsd11:~ # zfs list NAME USED AVAIL REFER MOUNTPOINT zroot 1.66G 34.9G 88K /zroot zroot/ROOT 405M 34.9G 88K none zroot/ROOT/default 405M 34.9G 405M / zroot/jails 88K 34.9G 88K /usr/jails zroot/tmp 88K 34.9G 88K /tmp zroot/usr 1.27G 34.9G 88K /usr zroot/usr/home 88K 34.9G 88K /usr/home zroot/usr/ports 665M 34.9G 665M /usr/ports zroot/usr/src 633M 34.9G 633M /usr/src zroot/var 576K 34.9G 88K /var zroot/var/audit 88K 34.9G 88K /var/audit zroot/var/crash 88K 34.9G 88K /var/crash zroot/var/log 136K 34.9G 136K /var/log zroot/var/mail 88K 34.9G 88K /var/mail zroot/var/tmp 88K 34.9G 88K /var/tmp root@bsd11:~ # 변경전 zroot/jails 88K 34.9G 88K /zroot/jails 변경후 zroot/jails 88K 34.9G 88K /usr/jails
ezjail-admin install 을 실행하여 jails 에 필요한 디렉토리를 생성 합니다.
root@bsd11:~ # ezjail-admin install base.txz 7% of 99 MB 2270 kBps 00m47s lib32.txz 100% of 17 MB 1805 kBps 00m10s
디렉토리 확인
root@bsd11:~ # df -h |grep -i jails zroot/jails 35G 104K 35G 0% /usr/jails zroot/jails/basejail 35G 296M 35G 1% /usr/jails/basejail zroot/jails/newjail 35G 4.7M 35G 0% /usr/jails/newjail
ZFS 사용시 아래와 같이 ro -> rw 로 변경해야 ports 설치가 가능합니다.
root@bsd11:~ # vi /etc/fstab.httpd /usr/jails/basejail /usr/jails/httpd/basejail nullfs rw 0 0
다른부분은 위와 동일 합니다. 🙂
apache24+php71 jail & mariadb101 jail 구성
httpd jail : apache24+php71 / ip-adress 10.0.0.1
database jail : mariadb101 / ip-address 10.0.0.2
Freebsd APM 설치 참고:
pf.conf 설정을 변경하여 3306 port 를 10.0.0.2 설정 합니다.
root@bsd11:~ # vi /etc/pf.conf # Public IP address IP_PUB="192.168.0.40" # Packet normalization scrub in all # Allow outbound connections from within the jails nat on em0 from lo1:network to any -> (em0) # webserver jail at 10.0.0.1 rdr on em0 proto tcp from any to $IP_PUB port 443 -> 10.0.0.1 # just an example in case you want to redirect to another port within your jail rdr on em0 proto tcp from any to $IP_PUB port 80 -> 10.0.0.1 #mariadb jail at 10.0.0.2 rdr on em0 proto tcp from any to $IP_PUB port 3306 -> 10.0.0.2
apache24 와 php7 을 사용할 httpd jail 을 생성 및 실행
root@bsd11:~ # ezjail-admin create httpd 10.0.0.1 root@bsd11:~ # cp /etc/resolv.conf /usr/jails/httpd/etc/ root@bsd11:~ # ezjail-admin start httpd
mariadb101 에서 사용할 database jail 을 생성 및 실행
root@bsd11:~ # ezjail-admin create database 10.0.0.2 root@bsd11:~ # cp /etc/resolv.conf /usr/jails/database/etc/ root@bsd11:~ # ezjail-admin start database
파일시스템을 rw 로 수정 합니다.
root@bsd11:~ # vi /etc/fstab.httpd /usr/jails/basejail /usr/jails/httpd/basejail nullfs rw 0 0 root@bsd11:~ # vi /etc/fstab.database /usr/jails/basejail /usr/jails/database/basejail nullfs rw 0 0
jail list 확인및 httpd jail 접속
jail 접속시 ezjail-admin console 명령어를 사용합니다.
root@bsd11:~ # ezjail-admin list STA JID IP Hostname Root Directory --- ---- --------------- ------------------------------ ------------------------ ZS N/A 10.0.0.1 httpd /usr/jails/httpd ZS N/A 10.0.0.2 database /usr/jails/database root@bsd11:~ # ezjail-admin console httpd FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017 Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. root@httpd:~ #
apache24 설치
root@httpd:~ # make -C /usr/ports/www/apache24 config-recursive install
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.
Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR
If build with modular MPM and no MPM is activated in
httpd.conf, then mpm_prefork will be activated as default
MPM in etc/apache24/modules.d to keep compatibility with
existing php/perl/python modules!
Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/apache24/mod_cgid.so
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/apache24
/usr/local/etc/rc.d/htcacheclean
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://httpd.apache.org/
root@httpd:~ #
php71 설치
jail 내부라 zfs enable 도 필요 없어 make config 가 의미가 있을지는 모르나 php71 에서는 make config 를 눌러 OK 를 선택 합니다.
의미는 없어 보입니다. 🙂
root@httpd:~ # cd /usr/ports/lang/php71/ root@httpd:/usr/ports/lang/php71 # make config root@httpd:/usr/ports/lang/php71-extensions # cd root@httpd:~ # make -C /usr/ports/lang/php71-extensions config-recursive install
설치 옵션에서 CURL FTP GD MYSQLi OPENSSL SOCKETS PDF SNMP ZIP 선택후 설치를 진행 합니다.
mod_php71 설치
root@httpd:~ # pkg install -y mod_php71
ports 설치시 error 가 발생함으로 pkg 명령어를 이용하여 설치 합니다.
설치후 메세지
Message from mod_php71-7.1.14:
***************************************************************
Make sure index.php is part of your DirectoryIndex.
You should add the following to your Apache configuration file:
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
*********************************************************************
If you are building PHP-based ports in poudriere(8) with ZTS enabled,
add WITH_MPM=event to /etc/make.conf to prevent build failures.
*********************************************************************
mraidb101 설치
database jail 로 접속 합니다.
root@bsd11:~ # ezjail-admin console database
mariadb101 을 설치 합니다.
root@bsd11:~ # make -C /usr/ports/databases/mariadb101-server/ config-recursive install
httpd jail 설정
rc.conf 에 apache24 enable 추가
root@bsd11:~ # ezjail-admin console httpd root@httpd:~ # sysrc apache24_enable=YES apache24_enable: -> YES root@httpd:~ #
apache24 setting
root@httpd:~ # cd /usr/local/etc/apache24/
root@httpd:/usr/local/etc/apache24 # cp httpd.conf httpd.conf.org
root@httpd:/usr/local/etc/apache24 # vi httpd.conf
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
ServerName 10.0.0.1:80
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .inc .html
AddType application/x-httpd-source .phps
php.ini 파일 카피
root@httpd:~ # cd /usr/local/etc/ root@httpd:/usr/local/etc # cp php.ini-production php.ini
php.conf 파일생성
root@httpd:~ # vi /usr/local/etc/apache24/extra/php.conf
<IfModule dir_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>
apache24 실행
root@httpd:/usr/local/etc/apache24 # service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 21662. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. root@httpd:/usr/local/etc/apache24 #
database jail 설정
database jail 에 접속 하여 mariadb101 을 설정 합니다.
mariadb 실행후 db Password 를 설정 합니다.
root@bsd11:~ # ezjail-admin console root@database:~ # sysrc mysql_enable=YES mysql_enable: -> YES mariadb102 Daemon 실행및 password 설정 root@database:~ # service mysql-server start To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER ! To do so, start the server, then issue the following commands: '/usr/local/bin/mysqladmin' -u root password 'new-password' '/usr/local/bin/mysqladmin' -u root -h database password 'new-password' Alternatively you can run: '/usr/local/bin/mysql_secure_installation' which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the MariaDB Knowledgebase at http://mariadb.com/kb or the MySQL manual for more instructions. You can start the MariaDB daemon with: cd '/usr/local' ; /usr/local/bin/mysqld_safe --datadir='/var/db/mysql' You can test the MariaDB daemon with mysql-test-run.pl cd '/usr/local/mysql-test' ; perl mysql-test-run.pl Please report any problems at http://mariadb.org/jira The latest information about MariaDB is available at http://mariadb.org/. You can find additional information about the MySQL part at: http://dev.mysql.com Consider joining MariaDB's strong and vibrant community: Starting mysql. root@database:~ # /usr/local/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! root@database:~ #
my.cnf 파일 복사 및 character-set 변경
bind-address 를 0.0.0.0 으로 설정시 외부에서 접속 할수 있습니다.
pf 에서 별도로 설정을 하여 내부에서만 사용하게 설정해야 합니다. // 해당 설정의 경우 별도로 정리 하지 않았습니다.
root@database:~ # cp /usr/local/share/mysql/my-large.cnf /usr/local/etc/my.cnf root@database:~ # vi /usr/local/etc/my.cnf [client] #password = your_password port = 3306 socket = /tmp/mysql.sock default-character-set = utf8 # The MariaDB server [mysqld] bind-address=0.0.0.0 character-set-server=utf8 skip-character-set-client-handshake
mariadb 재시작 및 status 확인
root@database:~ # mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.1.31-MariaDB FreeBSD Ports Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> status; -------------- mysql Ver 15.1 Distrib 10.1.31-MariaDB, for FreeBSD11.1 (amd64) using readline 5.1 Connection id: 3 Current database: Current user: root@localhost SSL: Not in use Current pager: more Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.1.31-MariaDB FreeBSD Ports Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: utf8 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8 UNIX socket: /tmp/mysql.sock Uptime: 11 sec Threads: 1 Questions: 4 Slow queries: 0 Opens: 17 Flush tables: 1 Open tables: 11 Queries per second avg: 0.363 -------------- MariaDB [(none)]>
db 설정이 완료 되었습니다.
Test 를 위하여 WordPress 를 설치해 봅니다. 🙂
WordPress 는 https://ko.wordpress.org/download/ Site 에서 다운 받으실수 있습니다.
host 에서 wordpress 파일을 httpd jail 의 root 디렉토리로 카피 합니다.
root@bsd11:~ # cp wordpress-4.9.4-ko_KR.zip /usr/jails/httpd/root/
test.php 파일 생성
root@httpd:~ # cd /usr/local/www/apache24/data root@httpd:/usr/local/www/apache24/data # vi test.php
phpinfo 확인
WordPress 설치할 준비가 끝났습니다. 🙂
database jail / db 생성
user 명 wp / database wp / password password 입니다.
원격에서 접속 할수 있게 localhost 가 아닌 % 권한을 줍니다.
root@database:~ # mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.1.31-MariaDB FreeBSD Ports Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database wp; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> use mysql; Database changed MariaDB [mysql]> GRANT ALL ON wp.* TO 'wp'@'%' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [mysql]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [mysql]> quit; Bye root@database:~ #
외부에서 원격 로그인으로 db 로 접속을 테스트 합니다.
root@bsd11:~ # pkg install mariadb101-client root@bsd11:~ # mysql -h10.0.0.2 -uwp -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.1.31-MariaDB FreeBSD Ports Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
httpd jails 에서 wordpress 파일을 압축해제 합니다.
root@httpd:~ # cp wordpress-4.9.4-ko_KR.zip /usr/local/www/apache24/data/ root@httpd:/usr/local/www/apache24/data # tar xvf wordpress-4.9.4-ko_KR.zip root@httpd:/usr/local/www/apache24/data # chown -R www:www wordpress
web browser
Let's go! 를 클릭합니다.
데이터베이스 호스트에 database jail ip 를 입력 합니다.
설치 실행하기를 클릭하여 설치를 진행합니다.
WordPress 기본정보 기입후 워드프레스 설치하기를 클릭합니다.
워드프레스 설치가 완료 되었습니다.
로그인 확인
Comments