===== 快速轉換指令對於 Linux 使用者 =====
https://www.freebsd.org/doc/en/articles/linux-users/article.html
===== 解決 delete key 變 ~ =====
在 .cshrc 中加入以下
bindkey "\e[3~" delete-char
相關設定可以參考 VT100
===== reverse search =====
在 .cshrc 中加入以下
bindkey "^R" i-search-back
==== checkout src ====
安裝 svn
pkg install subversion
svn checkout https://svn.FreeBSD.org/base/releng/11.0 /usr/src
svn up /usr/src
cd /usr/src; make clean
===== Upgrade to next release =====
# install latest updates from current release
freebsd-update fetch
freebsd-update install
# switch to next release version
freebsd-update upgrade -r 10.3-RELEASE
freebsd-update install
# restart
reboot
# install again to finish installing updates
freebsd-update install
# upgrade packages
pkg upgrade
freebsd-update install
# roll back if needed
freebsd-update rollback
===== FAMP =====
==== install apache ====
sudo pkg install apache24
sudo sysrc apache24_enable=yes
sudo service apache24 start
==== install mysql ====
sudo pkg install mysql56-server
sudo sysrc mysql_enable=yes
sudo service mysql-server start
sudo mysql_secure_installation
==== install php ====
sudo pkg install mod_php56 php56-mysql php56-mysqli
sudo cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
rehash
=== setting for apache to use index.php ===
sudo vi /usr/local/etc/apache24/Includes/php.conf
content of php.conf
DirectoryIndex index.php index.html
SetHandler application/x-httpd-php
SetHandler application/x-httpd-php-source
==== test out if php works ====
sudo vi /usr/local/www/apache24/data/info.php
content of info.php
if works, remove info.php
sudo rm /usr/local/www/apache24/data/info.php
===== phpmyadmin =====
sudo pkg install phpmyadmin
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
Options None
AllowOverride Limit
#Require local
#Require host.example.com
Require all granted
Go to ''example.com/phpmyadmin/setup'' to create an new config file, then apply it
sudo cp /usr/local/www/phpMyAdmin/config/config.inc.php /usr/local/www/phpMyAdmin/config.inc.php
===== vsftp =====
sudo pkg install vsftpd-ext
sudo pkg install pam_pwdfile
===== Jail =====
安裝 ezjail
pkg install ezjail
編輯 /etc/rc.conf,啟用 ezjail,並指定 interface
cloned_interfaces="lo1"
ezjail_enable="YES"
啟用 cloned interface lo1
service netif cloneup
啟用 ezjail
service ezjail start
初始化 base jail
ezjail-admin install -p
將 dns 設定複製到 jail template中,
cp /etc/resolve.conf /usr/jails/newjail/etc/
建立 jail
ezjail-admin create dnsjail 'lo1|127.0.1.1,vtnet0|10.0.2.100'
參考
https://www.freebsd.org/doc/handbook/jails-ezjail.html
==== allows jail to ping ====
在 /usr/local/etc/ezjail/jailname 加上,以下內容
export jail_jailname_parameters="allow.raw_sockets=1"
==== nat: outbound ip for jail ====
在 rc.conf 中,設定
ipv4_addrs_lo1="192.168.0.1-9/24"
pf_enable="YES"
安裝防火牆
pkg install pftop
設定防火牆設定檔,位於 /etc/pf.conf
# Public IP address
IP_PUB="1.1.1.1"
NET_JAIL="192.168.0.0/24"
# Packet normalization
scrub in all
# Allow outbound connections from within the jails
nat pass on vtnet0 from $NET_JAIL to any -> $IP_PUB
# webserver jail at 192.168.0.2
rdr pass on vtnet0 proto tcp from any to $IP_PUB port 443 -> 192.168.0.2
rdr pass on vtnet0 proto tcp from any to $IP_PUB port 80 -> 192.168.0.2
啟動防火牆
sysrc pf_enable="YES"
service pf start
檢查 nat 設定是否有載入
pfctl -sn
若設定不對可以再回去修改 pf.conf
然後重新套用設定
pfctl -f /etc/pf.conf
建立 jail
ezjail-admin create web 192.168.0.2
啟動 jail
ezjail-admin start web
進入 jail 安裝相關服務
ezjail-admin console web
參考
* https://forums.freebsd.org/threads/30063/
* https://www.davd.eu/posts/freebsd-jails-with-a-single-public-ip-address/
* http://kbeezie.com/freebsd-jail-single-ip/
* https://www.freebsd.org/doc/handbook/firewalls-concepts.html
* https://gist.github.com/tracphil/4353170
* http://wiki.weithenn.org/cgi-bin/wiki.pl?PF-%E5%88%A9%E7%94%A8_PF_%E8%BC%95%E9%AC%86%E9%81%94%E6%88%90_NAT
===== build kernel =====
https://www.freebsd.org/doc/handbook/makeworld.html