Froxlor on FreeBSD 10 (wip)

WORK IN PROGRESS

Well it’s time again to setup a new hosting box and as time goes by I’m goint to try out something new again. So up until now it was set into stone that I would use Debian as the OS but I got more and more fed up with old and outdated packages/versions. I looked for alternatives and well I ended up choosing freebsd over ubuntu server and centos because of ZFS!! ZFS is the server filesystem to rule em all!!! I won’t go into the details why but if you’re interested I greatly suggest taking a look. Freebsd 10 makes it fairly easy to setup the system with zfs as root file system. Well next will be installing a admin panel to make hosting some websites easier. So this tutorial is about setting up a webstack with:

-nginx

-MySQL 5.6

-php 5.5 using php-fpm

-postfix/dovecot

so lets start!

Install all our needed packages

(I use pkg-ng for this)

pkg install mysql56-server nginx postfix dovecot openssl wget php55 php5-mysqli php55-pdo_mysql php55-pdo_sqlite php55-bcmath php55-posix php55-filter php55-xml php55-json php55-mbstring php55-mcrypt php55-phar php55-gd php55-gettext php55-fileinfo php55-bz2 php55-zip php55-xmlreader php55-zlib php55-xsl php55-xmlwriter php55-pcntl php55-imap php55-calendar php55-soap php55-tokenizer php55-simplexml php55-pcntl php55-extensions postfix dovecot

okay now edit /etc/rc.conf and add the following

php_fpm_enable="YES"
nginx_enable="YES"
mysql_enable="YES"

then copy the php.ini to the correct location with

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

a quick look with „ps -faux“ show’s that php-fpm is running fine… good so faar

MySQL

disable the strict mode since froxlor doesen’t work with that one yet 🙁

#open 
/usr/local/my.cnf

#change the last line to
sql_mode=NO_ENGINE_SUBSTITUTION

now start up our mysql server

/usr/local/etc/rc.d/mysql-server onestart

now change the password for the MySQL root user

mysql -u root

# Set new root passwords
UPDATE mysql.user SET Password = PASSWORD('mysecretrootpassword') WHERE User = 'root';
FLUSH PRIVILEGES;

#remove anonymous accounts
DROP USER ''@'localhost';
DROP USER ''@'<MYHOSTNAME>'; # you can find that out by viewing the users table with "SELECT User, Host, Password FROM mysql.user;"

Nginx

open up in your favorit editor

/usr/local/etc/nginx/nginx.conf

and put the following in it

user www www;

# put this one to the number of cores avaiable to the system
worker_processes 1; 

pid /var/run/nginx.pid;

events {
        # in my tests this one came up to be a good number for a single core box with 4G of RAM
        worker_connections 1500; 
        # multi_accept on;
}

http {
        ##
        # Basic Settings
        ##
        include /usr/local/etc/nginx/mime.types;
        default_type application/octet-stream;

        server_tokens off;
        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        ##
        # Buffer + Timeouts
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;

        types_hash_max_size 2048;

        send_timeout 2;
        keepalive_timeout 30;

        ##
        # Cache Settings
        ##
        open_file_cache                 max=5000  inactive=20s;
        open_file_cache_valid           30s;
        open_file_cache_min_uses        2;
        open_file_cache_errors          on;

        # ssl optimizations
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;

        # tell clients to use https after they have connected once (thanks @Moxie)
        add_header Strict-Transport-Security max-age=31536000;

        ##
        # Logging Settings
        ##
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##
        gzip on;
        gzip_disable "MSIE [1-6]\.(?!.*SV1)"

        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /usr/local/etc/nginx/conf.d/*.conf;
        include /usr/local/etc/nginx/sites-enabled/*;
}

Now create the missing directories

mkdir /usr/local/etc/nginx/conf.d
mkdir /usr/local/etc/nginx/sites-enabled
mkdir /var/log/nginx

now create the nginx config for the panel

/usr/local/etc/nginx/conf.d/froxlor.conf

and insert

server {
        listen          80 default;
        server_name     <my.panel.domain>;
        access_log      /var/log/nginx/access-froxlor.log;
        root            /usr/local/www/froxlor;
        location / {
                index   index.php index.html index.htm;
        }
        location ~ \.php$ {
                # fix for http://forum.nginx.org/read.php?2,88845,page=3
                if (!-f $request_filename) {
                        return 404;
                }
                fastcgi_index index.php;
                include /usr/local/etc/nginx/fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_pass 127.0.0.1:9000;
        }
        location ~ /\.ht {
            deny all;
        }
}

if you get a

nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: [emerg] mkdir() "/var/tmp/nginx/client_body_temp" failed (2: No such file or directory)
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

Don’t worry, that’s normal since nginx wasn’t started yet and the directory wasn’t created yet =) but our’s syntax is ok so all is good! ok let’s get us some admin panel!

# change directory
cd /usr/local/www/

# download latest froxlor version
wget http://files.froxlor.org/releases/froxlor-latest.tar.gz

# the content should go in to the folder /var/www/froxlor 
# note: the archive contains the folder 'froxlor' already!
tar xvfz froxlor-latest.tar.gz

# remove archive
rm froxlor-latest.tar.gz

#change owner of the directory
chown -R www:www /usr/local/www/froxlor/
chmod 755 /usr/local/www/froxlor

now restart php-fpm and nginx and hope we didn’t fuck up something :O

/usr/local/etc/rc.d/php-fpm restart
/usr/local/etc/rc.d/nginx restart

Browse to your froxlor installation and if everything went fine you should see the Froxlor webpage! Proceed with the Froxlor installation as asked! After the successful install let’s configure the panel since I don’t like the default path froxlor uses and to adhere FreeBSD convention user installed stuff should be placed in /usr/local/

mkdir -p /usr/local/customers/webs/
mkdir -p /usr/local/customers/logs/
mkdir -p /usr/local/customers/mail/
mkdir -p /usr/local/customers/tmp/
mkdir -p /usr/local/etc/php-fpm.d/
mkdir -p /usr/local/php-fpm/
pw groupadd froxlorlocal
pw useradd froxlorlocal -g froxlorlocal -s/sbin/nologin -d/dev/null
chown -R froxlorlocal:froxlorlocal /usr/local/www/froxlor

Now Login to the admin panel and navigate to

Settings -> System settings

and set the Home directory to

/usr/local/customers/webs/

hit save and then open up

Settings -> Webserver settings

Change Webserver vHost configuration file/dirname to

/usr/local/etc/nginx/sites-enabled/

Webserver diroptions configuration file/dirname to

/usr/local/etc/nginx/sites-enabled/

Webserver htpasswd dirname to

/usr/local/etc/nginx/froxlor-htpasswd/

Logfiles directory to

/usr/local/customers/logs/

Webserver reload command to

/usr/local/etc/rc.d/nginx restart

Path to fastcgi_params file to

/usr/local/etc/nginx/fastcgi_params

again, save the settings. If you wan’t to enable SSL then you should set Configure the allowed SSL ciphers to

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

and get yourself a valid SSL certificate (I recommend StartSSL) which provides them for free. Next step is configuring pfp-fpm and to do this enable php-fpm in the Setting panel, hit save and then klick on Settings to the right of php-fpm Configuration directory of php-fpm

/usr/local/etc/php-fpm.d/

Configuration Alias-directory of php-fpm

/usr/local/php-fpm/

Temp directory

/usr/local/customers/tmp/

Global PEAR directories

/usr/local/share/php/

FastCGI IPC directory

/var/run/

php-fpm restart command

/usr/local/etc/rc.d/php-fpm restart

Process manager control (pm)

dynamic

The number of child processes

50

The number of child processes created on startup

2

The desired minimum number of idle server processes

5

The desired maximum number of idle server processes

5

Requests per child before respawning

150

Configure fpm to actually load the config files from Froxlor

open up

/usr/local/etc/php-fpm.conf

and put the pollowing at the end of the file

;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;

; Multiple pools of child processes may be started with different listening
; ports and different management options.  The name of the pool will be
; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway :)

; To configure the pools it is recommended to have one .conf file per
; pool in the following directory:
include=/usr/local/etc/php-fpm.d/*.conf

 

Postfix & Dovecot

pw groupadd vmail -g 2000
pw useradd vmail -u 2000 -g 2000 -s/sbin/nologin -d/dev/null
mkdir -p /usr/local/customers/mail/
chown -R vmail:vmail /usr/local/customers/mail/
chmod 0750 /usr/local/customers/mail/

 

5 Antworten zu “Froxlor on FreeBSD 10 (wip)”

Kommentar verfassen

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.