Managing FreeBSD jails with ezjail Oct 8
Creating and managing FreeBSD jails can be automated and simplified using Dirk Engling’s ezjail framework.
ezjail is available as the sysutils/ezjail
port or the binary package:
pkg install ezjail
Enable ezjail in /etc/rc.conf
:
ezjail_enable="YES"
Enable ZFS support in /usr/local/etc/ezjail.conf
:
Rotate Nginx logs in FreeBSD Oct 5
The FreeBSD 10 base system includes the newsyslog utility which maintains log files to manageable sizes. E.g. after installing Nginx it’s good to setup log rotation for its log files. It can be done by adding the following line to /etc/newsyslog.conf
:
/var/log/nginx-*.log 644 7 * @T00 GJ /var/run/nginx.pid 30
The first part of this line /var/log/nginx-*.log
is the logfile name. We’re using glob pattern here.
Setup PHP 5.6 with Nginx Oct 4
PHP-FPM (FastCGI Process Manager) can be used together with Nginx to host PHP websites on the FreeBSD 10 system. We need to install PHP and configure Nginx to make these things work together.
Install PHP 5.6 (don’t forget to enable FPM
option to build php-fpm
executable):
make -C /usr/ports/lang/php56 install clean
Install some PHP extensions (e.g. enable MYSQL
, MYSQLI
or PDO_MYSQL
if the website is working with MySQL database):
make -C /usr/ports/lang/php56-extensions install clean
Vi Improved in FreeBSD Oct 2
The base FreeBSD system include Vi editor which might not be as good as its improved version called Vim. There is lite version editors/vim-lite
which doesn’t have any extra dependencies. It can be installed using the binary package:
pkg install vim...
Read more… Installing and configuring Nginx Sep 29
Either the binary packages or the ports can be used to install Nginx in FreeBSD. Using the ports is the prefered way of installing Nginx to do it as Nginx consists of a lot of different modules and often we need to build it with a custom set of them.
There are two nginx versions available in the ports:
www/nginx
stable versionwww/nginx-devel
mainline version
The mainline version includes more features so lets install it:
make -C /usr/ports/www/nginx-devel install clean
FreeBSD and time zones Sep 29
FreeBSD support various time zones. To see all available time zones you can inspect /usr/share/zoneinfo
directory contents. To change time zone you need to copy the time zone file to /etc/localtime
.
For example, to set the local time zone to UTC you...
Read more…Protect SSH with SSHGuard Sep 28
There are some tools to prevent brute-force attacks on SSH servers. Both DenyHosts and Fail2ban are Python scripts coming with a bunch of dependencies.
But there is a better option available. SSHGuard is a small application written in C which is more closer to the traditional UNIX daemon. SSHGuard integrates with existing software from FreeBSD 10 base system (PF and syslog).
Setting up PF firewall in FreeBSD 10 Sep 27
FreeBSD 10 provides several firewall options built into the base system. PF (Packet Filter) is the most advanced among them.
PF configuration is defined by the ruleset configuration file. The default ruleset is named /etc/pf.conf
.
## Macros
# External...
Read more…