freebsd [JZ Wiki]

本頁是唯讀的，您可以看到原始碼，但不能更動它。您如果覺得它不應被鎖上，請詢問管理員。

===== 快速轉換指令對於 Linux 使用者 =====

https://www.freebsd.org/doc/en/articles/linux-users/article.html

===== 解決 delete key 變 ~ =====

在 .cshrc 中加入以下
<code>
bindkey "＼e[3~" delete-char
</code>
相關設定可以參考 VT100

===== reverse search =====
在 .cshrc 中加入以下
<code>
bindkey "^R" i-search-back
</code>

==== checkout src ====
安裝 svn
<code>
pkg install subversion
</code>

<code>
svn checkout https://svn.FreeBSD.org/base/releng/11.0 /usr/src
svn up /usr/src
cd /usr/src; make clean
</code>

===== Upgrade to next release =====
<code>
# install latest updates from current release
freebsd-update fetch
freebsd-update install
# switch to next release version
freebsd-update upgrade -r 10.3-RELEASE
freebsd-update install
# restart
reboot
# install again to finish installing updates
freebsd-update install
# upgrade packages
pkg upgrade
freebsd-update install
# roll back if needed
freebsd-update rollback
</code>

===== FAMP =====

==== install apache ====
<code bash>
sudo pkg install apache24
sudo sysrc apache24_enable=yes
sudo service apache24 start
</code>

==== install mysql ====
<code bash>
sudo pkg install mysql56-server
sudo sysrc mysql_enable=yes
sudo service mysql-server start

sudo mysql_secure_installation
</code>

==== install php ====
<code bash>
sudo pkg install mod_php56 php56-mysql php56-mysqli
sudo cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
rehash
</code>

=== setting for apache to use index.php ===

<code bash>
sudo vi /usr/local/etc/apache24/Includes/php.conf
</code>

content of php.conf
<code>
<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>
</code>

==== test out if php works ====
<code bash>
sudo vi /usr/local/www/apache24/data/info.php
</code>

content of info.php
<code php>
<?php phpinfo(); ?>
</code>

if works, remove info.php
<code bash>
sudo rm /usr/local/www/apache24/data/info.php
</code>

===== phpmyadmin =====
<code bash>
sudo pkg install phpmyadmin
</code>

<code apache>
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"

<Directory "/usr/local/www/phpMyAdmin/">
Options None
AllowOverride Limit

#Require local
#Require host.example.com
Require all granted

</Directory>
</code>

Go to ''example.com/phpmyadmin/setup'' to create an new config file, then apply it
<code bash>
sudo cp /usr/local/www/phpMyAdmin/config/config.inc.php /usr/local/www/phpMyAdmin/config.inc.php
</code>

===== vsftp =====
<code bash>
sudo pkg install vsftpd-ext
sudo pkg install pam_pwdfile
</code>

===== Jail =====
安裝 ezjail
<code bash>
pkg install ezjail
</code>

編輯 /etc/rc.conf，啟用 ezjail，並指定 interface
<code>
cloned_interfaces="lo1"
ezjail_enable="YES"
</code>

啟用 cloned interface lo1
<code>
service netif cloneup
</code>

啟用 ezjail
<code>
service ezjail start
</code>

初始化 base jail
<code>
ezjail-admin install -p
</code>

將 dns 設定複製到 jail template中，
<code>
cp /etc/resolve.conf /usr/jails/newjail/etc/
</code>

建立 jail
<code>
ezjail-admin create dnsjail 'lo1|127.0.1.1,vtnet0|10.0.2.100'
</code>

參考
https://www.freebsd.org/doc/handbook/jails-ezjail.html

==== allows jail to ping ====
在 /usr/local/etc/ezjail/jailname 加上，以下內容

<code bash>
export jail_jailname_parameters="allow.raw_sockets=1"
</code>

==== nat: outbound ip for jail ====
在 rc.conf 中，設定
<code>
ipv4_addrs_lo1="192.168.0.1-9/24"
pf_enable="YES"
</code>

安裝防火牆
<code>
pkg install pftop
</code>

設定防火牆設定檔，位於 /etc/pf.conf

<code>
# Public IP address
IP_PUB="1.1.1.1"
NET_JAIL="192.168.0.0/24"

# Packet normalization
scrub in all

# Allow outbound connections from within the jails
nat pass on vtnet0 from $NET_JAIL to any -> $IP_PUB

# webserver jail at 192.168.0.2
rdr pass on vtnet0 proto tcp from any to $IP_PUB port 443 -> 192.168.0.2
rdr pass on vtnet0 proto tcp from any to $IP_PUB port 80 -> 192.168.0.2
</code>

啟動防火牆
<code>
sysrc pf_enable="YES"
service pf start
</code>

檢查 nat 設定是否有載入
<code>
pfctl -sn
</code>

若設定不對可以再回去修改 pf.conf
然後重新套用設定
<code>
pfctl -f /etc/pf.conf
</code>

建立 jail
<code>
ezjail-admin create web 192.168.0.2
</code>

啟動 jail
<code>
ezjail-admin start web
</code>

進入 jail 安裝相關服務
<code>
ezjail-admin console web
</code>

參考
  * https://forums.freebsd.org/threads/30063/
  * https://www.davd.eu/posts/freebsd-jails-with-a-single-public-ip-address/
  * http://kbeezie.com/freebsd-jail-single-ip/
  * https://www.freebsd.org/doc/handbook/firewalls-concepts.html
  * https://gist.github.com/tracphil/4353170
  * http://wiki.weithenn.org/cgi-bin/wiki.pl?PF-%E5%88%A9%E7%94%A8_PF_%E8%BC%95%E9%AC%86%E9%81%94%E6%88%90_NAT


===== build kernel =====
https://www.freebsd.org/doc/handbook/makeworld.html