Nginx, Php-fpm, MySQL on FreeBSD 10

Home » Computer Articles » BSD » Nginx, Php-fpm, MySQL on FreeBSD 10
September 9, 2015 BSD No Comments

Setup a webserver on FreeBSD.

Used Vultr VPS Hosting. They use SSD drives and the performance is very good.

Deploy FreeBSD in Vultr, do this under Deploy New Instance and Deploy your new FreeBSD VPS Server.

 

Here is the basic setup I was playing with.

Update to the current FreeBSD version.

freebsd-update fetch install

# shutdown -r now

Do regular updates.

pkg upgrade

Restart if needed.

 

Install all the packages you need.

# pkg install bash freecolor nano curl rsync sudo php56-gd php56-mbstring php56-mcrypt php56-pdo php56-xmlrpc php56-soap nginx mysql56-server

 

Change the default shell

Need to add a mount point for bash.

# sh -c 'echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab'

Mount the new entry.

# mount -a

Load bash.

# bash

 

Change the shell for a user.

# chsh -s /usr/local/bin/bash username

 

Add a bash profile with a basic configuration.

# nano ~/.bash_profile

umask 022
if [ -f ~/.bashrc ]; then
     . ~/.bashrc
fi
if [ -d ~/bin ] ; then
     PATH=~/bin:"${PATH}"
fi
export PAGER=less
export EDITOR=nano

alias c='clear'
alias e='nano'
alias ls='ls -l'
alias free='freecolor -t -m -o'
alias fw='ipfw show'

Load the new profile file, Logout and log back in.

 

Set the root passwd.

# passwd

 

Setup a basic firewall

# nano /etc/ipfw.rules

IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ssh (22), http (80)
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow udp from any to any 53 out
$IPF 155 allow tcp from any to any 53 out
$IPF 160 allow tcp from any to any 80 in
$IPF 170 allow tcp from any to any 80 out

# deny and log everything
$IPF 500 deny log all from any to any

 

Edit /etc/rc.conf and add entry below.

# nano /etc/rc.conf

firewall_enable="YES"
firewall_script="/etc/ipfw.rules"

 

Start or restart firewall Service.

# service ipfw start

# service ipfw restart

 

Show you that the firewall is working.

# ipfw show

 

 

Lets setup the Web Server part of the installation. Above we already install the services.

# nano /etc/rc.conf

mysql_enable="YES"
nginx_enable="YES"
php_fpm_enable="YES"

 

Setup a basic nginx.conf file.

# nano /usr/local/etc/nginx/nginx.conf

user  www;

worker_processes  2;

error_log  /var/log/error.log  info;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    sendfile        on;

    #tcp_nopush     on;

    #keepalive_timeout  0;

    keepalive_timeout  65;

    gzip  on;

    server {

        listen       80;

        server_name  localhost;

        #charset koi8-r;

        access_log  /var/log/access.log  main;

error_log /var/log/local-error.log error;

        location / {

            root   /usr/share/nginx/html;

            index  index.php index.html;

        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html

        #

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   /usr/local/www/nginx-dist;

        }

        #

        location ~ \.php$ {

root /usr/share/nginx/html;

                include fastcgi_params;

fastcgi_pass  unix:/tmp/php-fpm.sock;

                fastcgi_index index.php;

                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        }

        # deny access to .htaccess files, if Apache's document root

        # concurs with nginx's one

        #

        location ~ /\.ht {

            deny  all;

        }

    }

}

Default Nginx root directory with CentOS.

# mkdir /usr/share/nginx

# mkdir /usr/share/nginx/html

Copy default index.html to new directory.

# cp /usr/local/www/nginx-dist/index.html /usr/share/nginx/html

Start Nginx WebServer.

# service nginx start

You can test the Nginx configuration.

# nginx -t

Setup a basic php-fpm.conf file, just edit and add or change the information below.

# nano /usr/local/etc/php-fpm.conf

listen = 127.0.0.1:9000 -> listen = /var/run/php-fpm.sock

;listen.owner = www -> listen.owner = www
;listen.group = www -> listen.group = www
;listen.mode = 0660 -> listen.mode = 0660

Setup the php.ini file.

# cd /usr/local/etc

Copy php.ini-production to php.ini.

# cp php.ini-production php.ini

Edit php.ini and change this one entry.

# nano php.ini

cgi.fix_pathinfo=0

Start or Restart Service.

# service php-fpm start

 

Setup MySQL Server

# service mysql-server start

Secure MySQL Server

# mysql_secure_installation

Restart MySQL after running script above.

# service mysql-server restart

 

If everything is working properly you should now have a working WebServer.

http://newwebserver.com

 

References:

https://www.freebsd.org/doc/handbook/

https://www.digitalocean.com/community/tutorials/how-to-get-started-with-freebsd-10-1

https://www.digitalocean.com/community/tutorials/how-to-install-an-nginx-mysql-and-php-femp-stack-on-freebsd-10-1

http://twisteddaemon.com/post/92921205276/freebsd-installed-your-next-five-moves-should

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *