F.A.M.P.S Step by Step Installation

FreeBSD Apache MySQL PHP5 Samba3

 

For those of you looking for a step by step installation of your own webserver - whether it be for a VMWare instance, or a physical box installation, this is the step by step document that will get you well on your way.  This installation was done for a production environment now in use.  The FreeBSD installation media was revision 7.1 on DVD format, and the others were all from their latest Ports library.  Follow this manual and you'll be way on your way.  If you have anyquestions about it, let me know and I'll be sure to help you out!

If you don't know about FreeBSD or what it is, take a look at FreeBSD.org for more information.

 Using VMWare Create a New Server Instance
 Create Other --> FreeBSD

Select your options - including a 20GB Hard Drive
 Make sure NO floppy Drive is included in your server creation
 Mount ISO Image of FreeBSD 7.0 Disk 1 to the CDRom Drive Letter

Start Your Installation:
 Boot to your FreeBSD 7.0 Installation CD by pressing the ESC key at the beginning of Boot Process
 Select Country of United States
 Select a Custom Install
 Select Options - Accept all defaults by pressing Q
 Create your partition by pressing A to alocate all disk space
 Use the Standard MBR Boot Manager
 Label Your Drives as follows:

  / 512M
  Swap 512M
  /var 768M
  /usr 6000M (required to create your ports collection)
  /usr2 250M (for your main website)
  /usr3 50M (for secondary website)
  /usr4 1000M (for log files)
  /tmp 100M

 Leave the rest of the disk un accounted for (roughly 12GB Free Disk Space) this allows for you to add additional /usr# mount points for additional website hostings
 Select Distributions and select Custom
  Select Base, Kernels, Man, and Ports
 Select Media - CD/DVD
 Select Commit to begin the install

Finishing the Base Installation:
 Once you are prompted if you would like to finish general options select yes
 Configure Network Adapter as needed
 Enable SSHD
 Change your Time Zone Settings accordingly
 
Your first boot:
 Start by adding any additional IP Addresses to your /etc/rc.conf file by copying the line where the ip address is and typeing the same thing but changing the IP address and appending alias# to the end of the adapter name.  Example:
 ifconfig_le0_alias="inet 192.168.76.254 netmask 255.255.255.0"
 Add this new address to your /etc/hosts file with the appropriate name by copying the previous line and changing it to the new address
 
Installing PHP and ultimately installing Apache as well:
 # cd /usr/ports/lang/php5
 # make config
 select: Apache and any other options as needed
 # make install
 # make clean
 
 # cd /usr/ports/lang/php5-extensions
 # make config
 select: bcmath, bz2, ctype, curl, dom, ftp, gd, gettext, mbstring, mysql, pcre, posix, pdo, session, simplexml, sqlite, xml, zlib (also by default there are many options pre-selected including some of the ones listed here, make sure to leave those checked).
 # make install
 # make clean

At this point MySQL Client and Apache have already been installed due to pre-requisites of the other components.

Usually after everything is done you will notice a few mysql errors appear, run this command:

# pkg_add -r mysql50-server

Now before editing any file on my system I always make a backup of it:
# cp /usr/local/etc/apache/httpd.conf /usr/local/etc/apache/httpd.conf.orig

Now let’s edit your Apache config file to get everything configured properly:
# edit /usr/local/etc/apache/httpd.conf

Change the default listen address to the IP address of your webserver.

#Listen 12.34.56.78:80
To:
#Listen 192.168.1.10:80 (example, use your machines IP Address)

Change the email address of the ServerAdmin to your email address or the address of the person in charge on this server:

#ServerAdmin you@your.address (use your email address)

Change the ServerName option, if you don’t have a fully qualified domain name please change this to the servers IP address:

#ServerName www.example.com
To:
#ServerName 192.168.1.10 (example, use your machines IP Address - for internal, intranet implementations)
Or:
#ServerName www.domainname.com (example, use your domain name if you have one and your going to point DNS to that machine)

# Add a DirectoryIndex option:
DirectoryIndex index.php index.html index.htm index.php3 index.php4

# In the AddType section add the following for PHP:
AddType application/x-httpd-php .php .htm .html
AddType application/x-httpd-php-source .phps

Append to the bottom a custom hostname section if needed and comment out the DocumentRoot line.
For example:

<VirtualHost *:80>
    ServerName fax.penn.net
    DocumentRoot /usr3/http/docs
</VirtualHost>

<VirtualHost *:80>
 ServerName mercury.penn.net
 DocumentRoot /usr3/http/docs/psppage
 CustomLog /usr3/http/logs/httpd-access-mercury.log combined
 ErrorLog /usr3/http/logs/httpd-error-mercury.log
</VirtualHost>

and delete # from NameVirtualHost *:80

Remember to create your directory structure for where you will contain your log files and http documents.

Now exit and save, your all done with Apache.

# echo ‘/usr/local/sbin/apachectl start’ >> /etc/rc.local

Now let’s configure MySQL:

# cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf
# echo ‘mysql_enable=”YES”‘ >> /etc/rc.conf

# /usr/local/bin/mysql_install_db
# chown -R mysql:mysql /var/db/mysql
# /usr/local/share/mysql/mysql.server start

# /usr/local/bin/mysqladmin -u root -h Hostname.domainname.tld password ‘YourPassword’
# /usr/local/bin/mysqladmin -u root password ‘YourPassword’

At this point mysql server has LOCAL access only. I personally like to remotely administer the mysql server via the Windows GUI application.  The application will fail the connection unless you explicitly allow your computer access to the mysql server.  You can do this by issueing the following commands.

mysql -u root -ppassword (this is the password you generated in the previous steps)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'username'@'hostname or ip' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES

Do this for each ip address or hostname and user you want to be able to remotely administer the server.

Now let’s install Perl DBI and DBD Support (which many apps need that run using Apache and MySQL):

# cd /usr/ports/databases/p5-DBI && make install && make clean
# cd /usr/ports/databases/p5-DBD-mysql50 && make install && make clean

What good is it to have a FAMP server without a way to get files to the system.  Lets continue and make our server into a FAMPS server.  (Install Samba)

# cd /usr/ports/net/samba3
# make config
(select the components you need for your particular installation
# make install
# make clean
# echo 'samba_enable=”YES”' >> /etc/rc.conf

Now create a configuration file for samba to use.
# vi /usr/local/etc/smb.conf
Add
[global]
netbios name = COMPUTERNAME
workgroup = WORKGROUP
security = user
log file = /var/log/samba.log
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 99

[homes]
read only = no
guest ok = no
browseable = no

Change COMPUTERNAME and WORKGROUP to your liking.
The homes section will setup a share for each users home directory.
Windows users will only see the directory for the user that they are logged into.

If you want to setup a normal share that everyone who is authenticated can see, add this to smb.conf
[sharename]
path = /path/to/shared/directory
read only = no
guest ok = no

The port sets up a directory called /var/log/samba which I delete, but that is up to you.
# cd /var/log
# rm -rf samba
# touch samba.log
# chmod 600 samba.log

Now set your newsyslog.conf to rotate the files, add this to /etc/newsyslog.conf
/var/log/samba.log 600 3 300 * Z
If you don’t understand this man newsyslog

home# adduser
Username: testuser
Full name:
Uid (Leave empty for default):
Login group [testuser]:
Login group is testuser. Invite testuser into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash nologin) [sh]: bash
Home directory [/home/testuser]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : testuser
Password : *****
Full Name :
Uid : 1004
Class :
Groups : testuser
Home : /home/testuser
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): y
adduser: INFO: Successfully added (testuser) to the user database.
Add another user? (yes/no): n

[test]
comment = test
path = /test
valid users = user
read only = No
create mask = 0777
directory mask = 0777
force directory mode = 0777
force directory security mode = 0777
You may wish to change the default shell to /sbin/false or something similar so that this username cannot login through ssh, etc…

After you have setup the the unix user, you must setup the samba username.
Use the same password that you use on your Microsoft machines so you will not have to login to access your shares.
It is not recommended, but smbpasswd will take a blank password in case you don’t use one on your Microsoft machine.
# smbpasswd -a testuser
New SMB password:
Retype new SMB password:
Added user testuser.

You should now be ready to start the samba daemons.
# /usr/local/etc/rc.d/samba start

Edit your MOTD file by modifying /etc/motd to your liking.

Setup your Log Rotation:
Modify /etc/newsyslog.conf accordingly
example:
/usr2/http/logs/httpd-access-psp.log  600 7  *  @T00
!Don't forget to rotate your apache access logs!

run /usr/libexec/locate.updatedb to update your locate database to help you find files...

Lastly, do some house cleaning.  Delete your ports collection unless you know you'll be using it again.

# cd /usr
# rm -r ports
# mkdir ports (this is an optional step, but nice to have incase you want to redownload your ports collection at a later time)

That should be everything you need to be well on your way! Hope that helps!