https://www.freebsd.org/doc/en/articles/linux-users/article.html

在 .cshrc 中加入以下

bindkey "＼e[3~" delete-char

相關設定可以參考 VT100

在 .cshrc 中加入以下

bindkey "^R" i-search-back

安裝 svn

pkg install subversion

svn checkout https://svn.FreeBSD.org/base/releng/11.0 /usr/src
svn up /usr/src
cd /usr/src; make clean

# install latest updates from current release
freebsd-update fetch
freebsd-update install
# switch to next release version
freebsd-update upgrade -r 10.3-RELEASE
freebsd-update install
# restart
reboot
# install again to finish installing updates
freebsd-update install
# upgrade packages
pkg upgrade
freebsd-update install
# roll back if needed
freebsd-update rollback

sudo pkg install apache24
sudo sysrc apache24_enable=yes
sudo service apache24 start

sudo pkg install mysql56-server
sudo sysrc mysql_enable=yes
sudo service mysql-server start
 
sudo mysql_secure_installation

sudo pkg install mod_php56 php56-mysql php56-mysqli
sudo cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
rehash

sudo vi /usr/local/etc/apache24/Includes/php.conf

content of php.conf

<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>

sudo vi /usr/local/www/apache24/data/info.php

content of info.php

<?php phpinfo(); ?>

if works, remove info.php

sudo rm /usr/local/www/apache24/data/info.php

sudo pkg install phpmyadmin

Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
 
<Directory "/usr/local/www/phpMyAdmin/">
Options None
AllowOverride Limit
 
#Require local
#Require host.example.com
Require all granted
 
</Directory>

Go to example.com/phpmyadmin/setup to create an new config file, then apply it

sudo cp /usr/local/www/phpMyAdmin/config/config.inc.php /usr/local/www/phpMyAdmin/config.inc.php

sudo pkg install vsftpd-ext
sudo pkg install pam_pwdfile

安裝 ezjail

pkg install ezjail

編輯 /etc/rc.conf，啟用 ezjail，並指定 interface

cloned_interfaces="lo1"
ezjail_enable="YES"

啟用 cloned interface lo1

service netif cloneup

啟用 ezjail

service ezjail start

初始化 base jail

ezjail-admin install -p

將 dns 設定複製到 jail template中，

cp /etc/resolve.conf /usr/jails/newjail/etc/

建立 jail

ezjail-admin create dnsjail 'lo1|127.0.1.1,vtnet0|10.0.2.100'

參考 https://www.freebsd.org/doc/handbook/jails-ezjail.html

在 /usr/local/etc/ezjail/jailname 加上，以下內容

export jail_jailname_parameters="allow.raw_sockets=1"

在 rc.conf 中，設定

ipv4_addrs_lo1="192.168.0.1-9/24"
pf_enable="YES"

安裝防火牆

pkg install pftop

設定防火牆設定檔，位於 /etc/pf.conf

# Public IP address
IP_PUB="1.1.1.1"
NET_JAIL="192.168.0.0/24"

# Packet normalization
scrub in all

# Allow outbound connections from within the jails
nat pass on vtnet0 from $NET_JAIL to any -> $IP_PUB

# webserver jail at 192.168.0.2
rdr pass on vtnet0 proto tcp from any to $IP_PUB port 443 -> 192.168.0.2
rdr pass on vtnet0 proto tcp from any to $IP_PUB port 80 -> 192.168.0.2

啟動防火牆

sysrc pf_enable="YES"
service pf start

檢查 nat 設定是否有載入

pfctl -sn

若設定不對可以再回去修改 pf.conf 然後重新套用設定

pfctl -f /etc/pf.conf

建立 jail

ezjail-admin create web 192.168.0.2

啟動 jail

ezjail-admin start web

進入 jail 安裝相關服務

ezjail-admin console web

參考

• https://forums.freebsd.org/threads/30063/
• https://www.davd.eu/posts/freebsd-jails-with-a-single-public-ip-address/
• http://kbeezie.com/freebsd-jail-single-ip/
• https://www.freebsd.org/doc/handbook/firewalls-concepts.html
• https://gist.github.com/tracphil/4353170
• http://wiki.weithenn.org/cgi-bin/wiki.pl?PF-%E5%88%A9%E7%94%A8_PF_%E8%BC%95%E9%AC%86%E9%81%94%E6%88%90_NAT

https://www.freebsd.org/doc/handbook/makeworld.html