Nginx, Php-fpm, MySQL on FreeBSD 10

Home » Computer Articles » BSD » Nginx, Php-fpm, MySQL on FreeBSD 10
September 9, 2015 BSD No Comments

Setup a webserver on FreeBSD.

Used Vultr VPS Hosting. They use SSD drives and the performance is very good.

Deploy FreeBSD in Vultr, do this under Deploy New Instance and Deploy your new FreeBSD VPS Server.


Here is the basic setup I was playing with.

Update to the current FreeBSD version.

freebsd-update fetch install

# shutdown -r now

Do regular updates.

pkg upgrade

Restart if needed.


Install all the packages you need.

# pkg install bash freecolor nano curl rsync sudo php56-gd php56-mbstring php56-mcrypt php56-pdo php56-xmlrpc php56-soap nginx mysql56-server


Change the default shell

Need to add a mount point for bash.

# sh -c 'echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab'

Mount the new entry.

# mount -a

Load bash.

# bash


Change the shell for a user.

# chsh -s /usr/local/bin/bash username


Add a bash profile with a basic configuration.

# nano ~/.bash_profile

umask 022
if [ -f ~/.bashrc ]; then
     . ~/.bashrc
if [ -d ~/bin ] ; then
export PAGER=less
export EDITOR=nano

alias c='clear'
alias e='nano'
alias ls='ls -l'
alias free='freecolor -t -m -o'
alias fw='ipfw show'

Load the new profile file, Logout and log back in.


Set the root passwd.

# passwd


Setup a basic firewall

# nano /etc/ipfw.rules

IPF="ipfw -q add"
ipfw -q -f flush

$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to
$IPF 30 deny all from to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ssh (22), http (80)
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow udp from any to any 53 out
$IPF 155 allow tcp from any to any 53 out
$IPF 160 allow tcp from any to any 80 in
$IPF 170 allow tcp from any to any 80 out

# deny and log everything
$IPF 500 deny log all from any to any


Edit /etc/rc.conf and add entry below.

# nano /etc/rc.conf



Start or restart firewall Service.

# service ipfw start

# service ipfw restart


Show you that the firewall is working.

# ipfw show



Lets setup the Web Server part of the installation. Above we already install the services.

# nano /etc/rc.conf



Setup a basic nginx.conf file.

# nano /usr/local/etc/nginx/nginx.conf

user  www;

worker_processes  2;

error_log  /var/log/error.log  info;

events {

    worker_connections  1024;


http {

    include       mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    sendfile        on;

    #tcp_nopush     on;

    #keepalive_timeout  0;

    keepalive_timeout  65;

    gzip  on;

    server {

        listen       80;

        server_name  localhost;

        #charset koi8-r;

        access_log  /var/log/access.log  main;

error_log /var/log/local-error.log error;

        location / {

            root   /usr/share/nginx/html;

            index  index.php index.html;


        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html


        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   /usr/local/www/nginx-dist;



        location ~ \.php$ {

root /usr/share/nginx/html;

                include fastcgi_params;

fastcgi_pass  unix:/tmp/php-fpm.sock;

                fastcgi_index index.php;

                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;


        # deny access to .htaccess files, if Apache's document root

        # concurs with nginx's one


        location ~ /\.ht {

            deny  all;




Default Nginx root directory with CentOS.

# mkdir /usr/share/nginx

# mkdir /usr/share/nginx/html

Copy default index.html to new directory.

# cp /usr/local/www/nginx-dist/index.html /usr/share/nginx/html

Start Nginx WebServer.

# service nginx start

You can test the Nginx configuration.

# nginx -t

Setup a basic php-fpm.conf file, just edit and add or change the information below.

# nano /usr/local/etc/php-fpm.conf

listen = -> listen = /var/run/php-fpm.sock

;listen.owner = www -> listen.owner = www
; = www -> = www
;listen.mode = 0660 -> listen.mode = 0660

Setup the php.ini file.

# cd /usr/local/etc

Copy php.ini-production to php.ini.

# cp php.ini-production php.ini

Edit php.ini and change this one entry.

# nano php.ini


Start or Restart Service.

# service php-fpm start


Setup MySQL Server

# service mysql-server start

Secure MySQL Server

# mysql_secure_installation

Restart MySQL after running script above.

# service mysql-server restart


If everything is working properly you should now have a working WebServer.



Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *