Managing FreeBSD jails with ezjail Oct 8

Creating and managing FreeBSD jails can be automated and simplified using Dirk Engling’s ezjail framework.

ezjail is available as the sysutils/ezjail port or the binary package:

pkg install ezjail

Enable ezjail in /etc/rc.conf:

ezjail_enable="YES"

Enable ZFS support in /usr/local/etc/ezjail.conf:

Read more…

Rotate Nginx logs in FreeBSD Oct 5

The FreeBSD 10 base system includes the newsyslog utility which maintains log files to manageable sizes. E.g. after installing Nginx it’s good to setup log rotation for its log files. It can be done by adding the following line to /etc/newsyslog.conf:

/var/log/nginx-*.log 644 7 * @T00 GJ /var/run/nginx.pid 30

The first part of this line /var/log/nginx-*.log is the logfile name. We’re using glob pattern here.

Read more…

Setup PHP 5.6 with Nginx Oct 4

PHP-FPM (FastCGI Process Manager) can be used together with Nginx to host PHP websites on the FreeBSD 10 system. We need to install PHP and configure Nginx to make these things work together.

Install PHP 5.6 (don’t forget to enable FPM option to build php-fpm executable):

make -C /usr/ports/lang/php56 install clean

Install some PHP extensions (e.g. enable MYSQL, MYSQLI or PDO_MYSQL if the website is working with MySQL database):

make -C /usr/ports/lang/php56-extensions install clean

Read more…

Vi Improved in FreeBSD Oct 2

The base FreeBSD system include Vi editor which might not be as good as its improved version called Vim. There is lite version editors/vim-lite which doesn’t have any extra dependencies. It can be installed using the binary package:

pkg install vim...
Read more…

Installing and configuring Nginx Sep 29

Either the binary packages or the ports can be used to install Nginx in FreeBSD. Using the ports is the prefered way of installing Nginx to do it as Nginx consists of a lot of different modules and often we need to build it with a custom set of them.

There are two nginx versions available in the ports:

The mainline version includes more features so lets install it:

make -C /usr/ports/www/nginx-devel install clean

Read more…

FreeBSD and time zones Sep 29

FreeBSD support various time zones. To see all available time zones you can inspect /usr/share/zoneinfo directory contents. To change time zone you need to copy the time zone file to /etc/localtime.

For example, to set the local time zone to UTC you...

Read more…

Protect SSH with SSHGuard Sep 28

There are some tools to prevent brute-force attacks on SSH servers. Both DenyHosts and Fail2ban are Python scripts coming with a bunch of dependencies.

But there is a better option available. SSHGuard is a small application written in C which is more closer to the traditional UNIX daemon. SSHGuard integrates with existing software from FreeBSD 10 base system (PF and syslog).

Read more…

Setting up PF firewall in FreeBSD 10 Sep 27

FreeBSD 10 provides several firewall options built into the base system. PF (Packet Filter) is the most advanced among them.

PF configuration is defined by the ruleset configuration file. The default ruleset is named /etc/pf.conf.

## Macros
# External...
Read more…