Author: Sture

sSMTP – Simple MTA to get Mail off the System

sSMTP – Simple MTA to get Mail off the System

By |

Description

A secure, effective, and simple way of getting mail off a system to your mail hub. It does not include a mail spool to poke around in and no daemons running in the background. Mail is forwarded to the configured email host. It is extremely easy to configure.

WARNING: the above is all it does; it does not receive mail, expand aliases, or manage a queue. That belongs on a mail hub with a system administrator.

WWW: http://packages.debian.org/stable/mail/ssmtp.

Installation

Install sSMTP with;

user@freebsdsrv:~ $ sudo pkg install -y ssmtp [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	ssmtp: 2.64_7

Number of packages to be installed: 1

21 KiB to be downloaded.
[1/1] Fetching ssmtp-2.64_7.pkg: 100%   21 KiB  21.6kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing ssmtp-2.64_7...
===> Creating groups
Creating group 'ssmtp' with gid '916'
[1/1] Extracting ssmtp-2.64_7: 100%
=====
Message from ssmtp-2.64_7:

--
sSMTP has been installed successfully.

Firstly, edit /etc/mail/mailer.conf to replace sendmail with ssmtp:

sendmail	/usr/local/sbin/ssmtp
send-mail	/usr/local/sbin/ssmtp
mailq		/usr/local/sbin/ssmtp
newaliases	/usr/local/sbin/ssmtp
hoststat	/usr/bin/true
purgestat	/usr/bin/true

Hint: in case sSMPT is being installed directly from ports,
editing /etc/mail/mailer.conf can be done by running "make replace".

Secondly, edit the following files to configure sSMTP:

- /usr/local/etc/ssmtp/revaliases
- /usr/local/etc/ssmtp/ssmtp.conf

At this point sSMTP should be ready to go.
--
===>   NOTICE:

The ssmtp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://docs.freebsd.org/en/articles/contributing/#ports-contributing
user@freebsdsrv:~ $

Configuration

Stop the Sendmail daemon if it is running:

user@freebsdsrv:~ $ sudo service sendmail stop [enter]
Stopping sendmail.
Waiting for PIDS: 739.
Stopping sendmail_msp_queue.
Waiting for PIDS: 742.
user@freebsdsrv:~ $

Disable sendmail on system boot with this commands:

user@freebsdsrv:~ $ sudo sysrc sendmail_enable="NONE" [enter]
sendmail_enable: YES -> NONE
user@freebsdsrv:~ $

Edit file /etc/mail/mailer.conf with:

user@freebsdsrv:~ $ sudo ee /etc/mail/mailer.conf [enter]

It should look like this:

#
# Use "ssmtp" for sending mail
#
sendmail	/usr/local/sbin/ssmtp
send-mail	/usr/local/sbin/ssmtp
mailq		/usr/local/sbin/ssmtp
newaliases	/usr/local/sbin/ssmtp
hoststat	/usr/bin/true
purgestat	/usr/bin/true

The command sendmail will invoke the ssmtp executable. But you have not told sSMTP which SMTP server to use with which credentials. These settings are looked for in the sSMTP configuration files /usr/local/etc/ssmtp/revaliases and /usr/local/etc/ssmtp/ssmtp.conf.

Copy the sample file /usr/local/etc/revaliases.sample to /usr/local/etc/revaliases with:

user@freebsdsrv:~ $ sudo cp /usr/local/etc/ssmtp/revaliases.sample /usr/local/etc/ssmtp/revaliases [enter]

…and edit appropriately with this command:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/ssmtp/revaliases [enter]

Example:

# sSMTP aliases
#
# Format:       local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:your.mail@example.net:mail.example.net
postmaster:your.mail@example.net:mail.example.net

Edit file ssmtp.conf appropriately with this command:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/ssmtp/ssmtp.conf [enter]

Example:

#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#

# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=your.mail@example.net

# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
mailhub=smtp.example.net:465

# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465

# Where will the mail seem to come from?
rewriteDomain=example.net

# The full hostname
hostname=freebsdsrv.example.net

# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES

# Use SSL/TLS to send secure messages to server.
UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES

# Use this RSA certificate.
#TLSCert=/usr/local/etc/ssmtp/ssmtp.pem

# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES

# Username/Password
AuthUser=username
AuthPass=password

Edit file /etc/crontab with:

user@freebsdsrv:~ $ sudo ee /etc/crontab [enter]

Add the following two lines (example):

# /etc/crontab - root's crontab for FreeBSD
#
#
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
HOME=/var/log
MAILTO="your.mail@example.net"
#
...

Run some tests as an unprivileged user – user should not a member of groupe ssmtp – with:

user@freebsdsrv:~ $ cat /usr/local/etc/ssmtp/ssmtp.conf [enter]
cat: /usr/local/etc/ssmtp/ssmtp.conf: Permission denied
user@freebsdsrv:~ $

Test your mail settings with:

user@freebsdsrv:~ $ echo Testing | mail -v -s Testing your.name@example.net [enter]
[<-] 220 ts201-smtpout75.ddc.example.net ESMTP Service ready
[->] EHLO freebsdsrv.local.lan
[<-] 250 SIZE 78643200
[->] AUTH LOGIN
[<-] 334 V..........6
[->] c.........y
[<-] 334 U........6
[<-] 235 LOGIN authentication successful
[->] MAIL FROM:
[<-] 250 MAIL FROM: OK
[->] RCPT TO:
[<-] 250 RCPT TO: OK
[->] DATA
[<-] 354 Start mail input; end with .
[->] Received: by freebsdsrv.local.lan (sSMTP sendmail emulation); Mon, 03 Feb 2025 15:48:39 +0100
[->] From: "Admin User" 
[->] Date: Mon, 03 Feb 2025 15:48:39 +0100
[->] To: your.name@example.net
[->] Subject: Testing
[->] 
[->] Testing
[->] .
[<-] 250 <66E9614204233F1E> Mail accepted
[->] QUIT
[<-] 221 ts201-smtpout75.ddc.example.net QUIT
user@freebsdsrv:~ $

N.B.: Mail transfer output to the terminal has been edited for security reasons!

user@freebsdsrv:~ $ mail -s "Testing sSMTP" your.address@example.net [enter]
This is a test with sSMTP [enter]

Type <Ctr><D> on a blank line to send message.

user@freebsdsrv:~ $

Change user to root and heck error log with:

user@freebsdsrv:~ $ tail /var/log/maillog [enter]
Feb  3 16:08:04 freebsdsrv sSMTP[2113]: Creating SSL connection to host
Feb  3 16:08:04 freebsdsrv sSMTP[2113]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Feb  3 16:08:05 freebsdsrv sSMTP[2113]: Sent mail for user@local.lan (221 ts201-smtpout73.ddc.example.net QUIT) uid=1001 username=user outbytes=370
user@freebsdsrv:~ $
Mantis Bug Tracker

Mantis Bug Tracker

By |

Descriptions

MantisBT is a web-based bug-tracking system made available to the public in November 2000. Over time, it has matured and gained much popularity, and now it has become one of the most popular open-source bug/issue tracking systems. MantisBT is developed in PHP, with support for multiple database backends, including MySQL, MS SQL, and PostgreSQL.

MantisBT, as a PHP script, can run on any operating system that is supported by PHP and has support for one of the DBMSes that are supported. MantisBT runs fine on Windows, Linux, macOS, and Unix operating systems.

Requirements

Install required PHP modules with:

user@freebsdsrv:~ $ sudo pkg install php84 php84-mysqli php84-mbstring php84-ctype php84-filter php84-session php84-tokenizer php84-curl php84-GD php84-fileinfo php84-soap php84-xml [enter]
...
user@freebsdsrv:~ $

Download phpMyAdmin Code

Download the current version of phpMyAdmin code with:

user@freebsdsrv:~ $ fetch https://sourceforge.net/projects/mantisbt/files/mantis-stable/2.27.0/mantisbt-2.27.0.tar.gz [enter]
mantisbt-2.27.0.tar.gz                                  15 MB  417 kBps    37s
user@freebsdsrv:~ $

Extract the Mantis Bug Tracker code

user@freebsdsrv:~ $ sudo tar zxvf mantisbt-2.27.0.tar.gz -C /usr/local/www/ [enter]
x mantisbt-2.27.0/
x mantisbt-2.27.0/bug_monitor_add.php
x mantisbt-2.27.0/bug_view_advanced_page.php
x mantisbt-2.27.0/account_prof_menu_page.php
x mantisbt-2.27.0/tag_create.php
...
x mantisbt-2.27.0/manage_proj_cat_delete.php
x mantisbt-2.27.0/bug_actiongroup_ext_page.php
x mantisbt-2.27.0/tag_view_page.php
x mantisbt-2.27.0/manage_proj_create.php
user@freebsdsrv:~ $

Delete the downloaded file mantisbt-2.27.0.tar.gz with:

user@freebsdsrv:~ $ rm mantisbt-2.27.0.tar.gz [enter]
user@freebsdsrv:~ $

Configuration

Rename the Mantis Bug Tracker directory with:

user@freebsdsrv:~ $ sudo mv /usr/local/www/mantisbt-2.27.0/ /usr/local/www/mantisbt/ [enter] 
user@freebsdsrv:~ $

Change file owner and group on the Mantis Bug Tracker directory with:

user@freebsdsrv:~ $ sudo chown -R root:www /usr/local/www/mantisbt ; sudo ls -l /usr/local/www/mantisbt/ [enter]
user@freebsdsrv:~ $

Change file owner and group on the Mantis Bug Tracker directory with:

user@freebsdsrv:~ $ sudo chmod 775 /usr/local/www/mantisbt ; sudo ls -l /usr/local/www/ [enter]
...
drwxr-xr-x  16 root www    226 Sep 29 19:11 mantisbt/
...
user@freebsdsrv:~ $

Create an Apache Include file to make Mantis Bug Tracker available on the website with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/mantisbt.conf [enter]

Add the following text;

Alias /mantisbt/ "/usr/local/www/mantisbt/"
<Directory "/usr/local/www/mantisbt/">
    DirectoryIndex index.php
    Options None
    AllowOverride Limit
    # range of access allowed
    Require ip 127.0.0.1 192.168.1.0/24
</Directory>

N.B.: Access is only allowed from computers connected to the network 192.168.1.0/24, the same network as this FreeBSD server!

Restart Apache

Restart Apache for the changes to take effect:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 9059.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $
Create the WordPress MariaDB Database

Log in to the MariaDB console with:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: <-- DBpassWD [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Create a Mantis Bug Tracker database with:

root@localhost [(none)]> CREATE DATABASE bugtracker; [enter]
Query OK, 1 row affected (0.000 sec)

root@localhost [(none)]>

Create a database user and password to manage the sudo mysql -u root -p database with:

root@localhost [(none)]> GRANT ALL PRIVILEGES ON 'bugtracker'.* TO 'btdbuser'@'localhost' IDENTIFIED BY 'btDBpassWd' WITH GRANT OPTION; [enter]
Query OK, 0 rows affected (0.859 sec)

root@localhost [(none)]>

Flush privileges with:

root@localhost [(none)]> FLUSH PRIVILEGES; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]>

Exit the MariaDB console with:

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Access the Mantis Bug Tracker README file via https://192.168.1.50/mantisbt/README.md

Access the Mantis Bug Tracker install file via https://192.168.1.50/mantisbt/admin/install.php

Warning: If the error message Can’t retrieve web page at… is displayed during the web-based installation, then perform the following workaround:

user@freebsdsrv:~ $ sudo ee +504 /usr/local/www/mantisbt/admin/install.php [enter]

Change $t_hard_fail = true; to $t_hard_fail = false;
…and continue the installation process.

Access the Mantis Bug Tracker dashboard via https://192.168.1.50/mantisbt/.

Log in as user ‘administrator’ with password ‘root’ and then change the administrator password.

The “admin” directory should be removed after you have verifyed that all is OK.

Remove the “admin” directory with:

user@freebsdsrv:~ $ sudo rm -R /usr/local/www/mantisbt/admin [enter]
user@freebsdsrv:~ $
WordPress

WordPress

By |

Download phpMyAdmin Code

Download the current version of WordPress code with:

user@freebsdsrv:~ $ fetch  https://wordpress.org/latest.tar.gz [enter]
latest.tar.gz                                           25 MB    9 MBps    03s
user@freebsdsrv:~ $

Extract the WordPress code

user@freebsdsrv:~ $ sudo tar zxvf latest.tar.gz  -C /usr/local/www/ [enter]
x wordpress/
x wordpress/xmlrpc.php
x wordpress/wp-blog-header.php
x wordpress/readme.html
...
x wordpress/wp-admin/options-reading.php
x wordpress/wp-trackback.php
x wordpress/wp-comments-post.php
user@freebsdsrv:~ $
user@freebsdsrv:~ $ ls -l /usr/local/www/wordpress [enter]
total 204
-rw-r--r--   1 nobody nogroup   405 Feb  6  2020 index.php
-rw-r--r--   1 nobody nogroup 19915 Jan  1  2024 license.txt
-rw-r--r--   1 nobody nogroup  7409 Jun 18  2024 readme.html
-rw-r--r--   1 nobody nogroup  7387 Feb 13  2024 wp-activate.php
drwxr-xr-x   9 nobody nogroup   102 Nov 21 15:07 wp-admin/
-rw-r--r--   1 nobody nogroup   351 Feb  6  2020 wp-blog-header.php
-rw-r--r--   1 nobody nogroup  2323 Jun 14  2023 wp-comments-post.php
-rw-r--r--   1 nobody nogroup  3336 Oct 15 17:24 wp-config-sample.php
drwxr-xr-x   4 nobody nogroup     5 Nov 21 15:07 wp-content/
-rw-r--r--   1 nobody nogroup  5617 Aug  2  2024 wp-cron.php
drwxr-xr-x  30 nobody nogroup   270 Nov 21 15:07 wp-includes/
-rw-r--r--   1 nobody nogroup  2502 Nov 26  2022 wp-links-opml.php
-rw-r--r--   1 nobody nogroup  3937 Mar 11  2024 wp-load.php
-rw-r--r--   1 nobody nogroup 51367 Sep 30 21:12 wp-login.php
-rw-r--r--   1 nobody nogroup  8543 Sep 19 00:37 wp-mail.php
-rw-r--r--   1 nobody nogroup 29032 Sep 30 19:08 wp-settings.php
-rw-r--r--   1 nobody nogroup 34385 Jun 19  2023 wp-signup.php
-rw-r--r--   1 nobody nogroup  5102 Oct 18 17:56 wp-trackback.php
-rw-r--r--   1 nobody nogroup  3246 Mar  2  2024 xmlrpc.php
user@freebsdsrv:~ $

Set file owner and group to www:www with:

user@freebsdsrv:~ $ sudo chown -R www:www /usr/local/www/wordpress ; ls -l /usr/local/www/wordpress [enter]
total 204
-rw-r--r--   1 www www   405 Feb  6  2020 index.php
-rw-r--r--   1 www www 19915 Jan  1  2024 license.txt
-rw-r--r--   1 www www  7409 Jun 18  2024 readme.html
-rw-r--r--   1 www www  7387 Feb 13  2024 wp-activate.php
drwxr-xr-x   9 www www   102 Nov 21 15:07 wp-admin/
-rw-r--r--   1 www www   351 Feb  6  2020 wp-blog-header.php
-rw-r--r--   1 www www  2323 Jun 14  2023 wp-comments-post.php
-rw-r--r--   1 www www  3336 Oct 15 17:24 wp-config-sample.php
drwxr-xr-x   4 www www     5 Nov 21 15:07 wp-content/
-rw-r--r--   1 www www  5617 Aug  2  2024 wp-cron.php
drwxr-xr-x  30 www www   270 Nov 21 15:07 wp-includes/
-rw-r--r--   1 www www  2502 Nov 26  2022 wp-links-opml.php
-rw-r--r--   1 www www  3937 Mar 11  2024 wp-load.php
-rw-r--r--   1 www www 51367 Sep 30 21:12 wp-login.php
-rw-r--r--   1 www www  8543 Sep 19 00:37 wp-mail.php
-rw-r--r--   1 www www 29032 Sep 30 19:08 wp-settings.php
-rw-r--r--   1 www www 34385 Jun 19  2023 wp-signup.php
-rw-r--r--   1 www www  5102 Oct 18 17:56 wp-trackback.php
-rw-r--r--   1 www www  3246 Mar  2  2024 xmlrpc.php
user@freebsdsrv:~ $

Create an Apache Include file to make wordpress available on the website with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/wordpress.conf [enter]

Add the following text;

Alias /wp/ "/usr/local/www/wordpress/"
<Directory "/usr/local/www/wordpress/">
    DirectoryIndex index.php
    Options None
    AllowOverride Limit
    # range of access allowed
    Require ip 127.0.0.1 192.168.1.0/24
</Directory>

N.B.: Access is only allowed from computers connected to the network 192.168.1.0/24, the same network as this FreeBSD server!

Restart Apache

Restart Apache for the changes to take effect:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 9059.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Create the WordPress MariaDB Database

Log in to the MariaDB console with:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: <-- DBpassWD [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Create a WordPress database with:

root@localhost [(none)]> create database wordpress; [enter]
Query OK, 1 row affected (0.000 sec)

root@localhost [(none)]>

Create a database user and password to manage the wordpress database with:

root@localhost [(none)]> grant all privileges on wordpress.* to 'wpdbadmin'@'localhost' identified by 'WPdbpassWd'; [enter]
Query OK, 0 rows affected (0.859 sec)

root@localhost [(none)]>

Flush privileges with:

root@localhost [(none)]> flush privileges; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]>

Exit the MariaDB console with:

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Create file wp-config.php with:

user@freebsdsrv:~ $ sudo cp /usr/local/www/wordpress/wp-config-sample.php /usr/local/www/wordpress/wp-config.php [enter]
user@freebsdsrv:~ $

Generate unique phrases using the WordPress.org secret-key service at:
https://api.wordpress.org/secret-key/1.1/salt/

Edit file wp-config.php with:

user@freebsdsrv:~ $ sudo ee /usr/local/www/wordpress/wp-config.php [enter]

…and update settings as in this example:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the website, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/
 *
 * @package WordPress
 */

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );

/** Database username */
define( 'DB_USER', 'wpdbadmin' );

/** Database password */
define( 'DB_PASSWORD', 'WPdbpassWd' );

/** Database hostname */
define( 'DB_HOST', 'localhost:/var/run/mysql/mysql.sock' );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

/** Download and install online files or updates without running FTP server. */
define('FS_METHOD', 'direct');

/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'O?wuw>h$O:[%S6Lo0M}FYMvH,)1i=Y,SK+cvD#-6g6%cb|0WGZqUvp59ar,XV4hU');
define('SECURE_AUTH_KEY',  ':0h a;/LJc--PaG-PnwT(!eoWV;-A#n%}$ UiDNKsj,@QqV=,}rQ&&A}rQ99_Qbu');
define('LOGGED_IN_KEY',    '-!Zx)z6;=if;ui }BPy-91=r5xgDJn+V8:B>`{+n$RM,dVEAk; YrAJk%GS=|;JF');
define('NONCE_KEY',        '77zgrS_oip)dcQM!;]JH*!S=7GzS^T+fH<mF548.q4^|ASDPIw|hwVcaVv{Hl^&%');
define('AUTH_SALT',        'UBt<2jMOL3e/^gzi=LX+$kzsC5||b],@;srO8Z0q612^rcyuK!Eft9)`g=@dSn G');
define('SECURE_AUTH_SALT', ':<<8<S@MVR!.}2?(o=,t@,@5}Uu+c(Xi0A`Cn[dxTMJgvLjeXTnrx`d5A)-xF1+V'); define('LOGGED_IN_SALT', '@E{7>+%(Bw#?3+q|vN)Z?mr?evIEo3I>+S<<AEBFSKCK:bWYk0My]OKVD-pp2i#g');
define('NONCE_SALT',       'y+OD9?eFIE$T/.:;%FZA.|C%T6ikt,H5K.I-!2cAn<^+p>.+3eDc7v,c+1LdlUyH');

/**#@-*/

/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 *
 * At the installation time, database tables are created with the specified prefix.
 * Changing this value after WordPress is installed will make your site think
 * it has not been installed.
 *
 * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#table-prefix
 */
$table_prefix = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/
 */
define( 'WP_DEBUG', false );

/* Add any custom values between this line and the "stop editing" line. */

/* That's all, stop editing! Happy publishing. */

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

Run the WordPress Famous 5-minute install

In your browser go to https://192.168.1.50/wordpress/readme.html.

Click the link wp-admin/install.php and follow the instruction on the screen.

PhpMyAdmin – PHP-Scripts To Manage MariaDB/MySQL

PhpMyAdmin – PHP-Scripts To Manage MariaDB/MySQL

By |

Description:

phpMyAdmin is a free software tool developed in PHP designed to manage MySQL administration over the web. It supports a wide range of operations on MySQL and MariaDB. Common tasks such as managing databases, tables, columns, relationships, indexes, users, permissions, and more can be performed through the user interface. Additionally, you can execute any SQL statement directly.
WWW: https://www.phpmyadmin.net/.

Requirements

The following application(s) must be installed, configured, and running before phpMyadmin is installed:

  1. Apache – Enable Hypertext Transfer Protocol Secure (HTTPS)
  2. Apache – PHP Scripting Language (8.4.X Branch)
  3. Apache – PHP-FPM (FastCGI Process Manager)
  4. MariaDB – Multithreaded SQL Database Server/Client

Check the version of PHP installed with:

user@freebsdsrv:~ $ php -v [enter]
PHP 8.3.15 (cli) (built: Jan 30 2025 02:19:13) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.15, Copyright (c), by Zend Technologies
user@freebsdsrv:~ $

In this example, PHP version 8.3.15 is installed.

Download phpMyAdmin Code

Download the latest version of the phpMyAdmin code. with:

user@freebsdsrv:~ $ fetch https://files.phpmyadmin.net/phpMyAdmin/5.2.2/phpMyAdmin-5.2.2-all-languages.tar.gz [enter]
phpMyAdmin-5.2.2-all-languages.tar.gz                   13 MB   27 MBps    01s
user@freebsdsrv:~ $

Extract the phpMyAdmin code

user@freebsdsrv:~ $ sudo tar zxvf phpMyAdmin-5.2.2-all-languages.tar.gz -C /usr/local/www/ [enter]
x phpMyAdmin-5.2.2-all-languages/
x phpMyAdmin-5.2.2-all-languages/.rtlcssrc.json
x phpMyAdmin-5.2.2-all-languages/CONTRIBUTING.md
x phpMyAdmin-5.2.2-all-languages/ChangeLog
x phpMyAdmin-5.2.2-all-languages/LICENSE
x phpMyAdmin-5.2.2-all-languages/README
x phpMyAdmin-5.2.2-all-languages/RELEASE-DATE-5.2.2

...
x phpMyAdmin-5.2.2-all-languages/vendor/williamdes/mariadb-mysql-kbs/src/Search.php
x phpMyAdmin-5.2.2-all-languages/vendor/williamdes/mariadb-mysql-kbs/src/SlimData.php
x phpMyAdmin-5.2.2-all-languages/yarn.lock
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo mv /usr/local/www/phpMyAdmin-5.2.2-all-languages/ /usr/local/www/phpMyAdmin [enter] 
user@freebsdsrv:~ $

Configuration

Display the MariaDB sock with:

user@freebsdsrv:~ $ sudo sockstat | grep "mariadb" [enter]
mysql    mariadbd    3620 20  tcp4   127.0.0.1:3306        *:*
mysql    mariadbd    3620 21  stream /var/run/mysql/mysql.sock
user@freebsdsrv:~ $

Create a copy of file /usr/local/www/phpMyAdmin/config.sample.inc.php to /usr/local/www/phpMyAdmin/config.inc.php with:

user@freebsdsrv:~ $ sudo cp /usr/local/www/phpMyAdmin/config.sample.inc.php /usr/local/www/phpMyAdmin/config.inc.php ; ls -l /usr/local/www/phpMyAdmin/config* [enter]
-rw-r--r--  1 root wheel 4810 Jan 31 23:57 /usr/local/www/phpMyAdmin/config.inc.php
-rw-r--r--  1 root wheel 4810 Jan 21 04:15 /usr/local/www/phpMyAdmin/config.sample.inc.php
user@freebsdsrv:~ $

Create a Blowfish secret required for cookie-based authentication to encrypt passwords in cookies. The secret must be a 32-byte long string of random bytes. Generate the Blowfish secret with (Example; DO NOT USE THIS CODE!):

user@freebsdsrv:~ $ sudo openssl rand -hex 16 [enter]
f0ae3f22ccd506ec5430f3ac6fde0d63
user@freebsdsrv:~ $

Edit file /usr/local/www/phpMyAdmin/config.inc.php with:

user@freebsdsrv:~ $ sudo ee /usr/local/www/phpMyAdmin/config.inc.php [enter]

Add 32 random characters to $cfg[‘blowfish_secret’] to encrypt passwords in cookies as in this example:

$cfg['blowfish_secret'] = 'f0ae3f22ccd506ec5430f3ac6fde0d63'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

..and then add $cfg[‘Servers’][$i][‘socket’] = ‘/var/run/mysql/mysql.sock’; as in this example:

...
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['socket'] = '/var/run/mysql/mysql.sock';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
...

Create a UploadDir directory where SQL files can be uploaded by other means than phpMyAdmin (for example, FTP) and then set permissions with:

user@freebsdsrv:~ $ sudo mkdir /usr/local/www/phpMyAdmin/UploadDir; sudo chmod -vv 777 /usr/local/www/phpMyAdmin/UploadDir [enter]
/usr/local/www/phpMyAdmin/UploadDir: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
user@freebsdsrv:~ $

Create a SaveDir webserver directory where exported files can be saved and then set permissions with:

user@freebsdsrv:~ $ sudo mkdir /usr/local/www/phpMyAdmin/SaveDir ; sudo chmod -vv 777 /usr/local/www/phpMyAdmin/SaveDir [enter]
/usr/local/www/phpMyAdmin/SaveDir: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
user@freebsdsrv:~ $

Create a tmp for template caching with:

user@freebsdsrv:~ $ sudo mkdir /usr/local/www/phpMyAdmin/tmp ; sudo chmod -vv 777 /usr/local/www/phpMyAdmin/tmp [enter]
/usr/local/www/phpMyAdmin/tmp: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
user@freebsdsrv:~ $

Create an Apache Include file to make phpMyAdmin available on the website with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/phpMyAdmin.conf [enter]

Add the following text;

Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
    DirectoryIndex index.php
    Options None
    AllowOverride Limit
    # range of access allowed
    Require ip 127.0.0.1 192.168.1.0/24
</Directory>

N.B.: Access is only allowed from computers connected to the network 192.168.1.0/24, the same network as this FreeBSD server!
The mbstring and mysqli extension is required by phpMyAdmin. Install php83-mbstring and php83-mysqli with:

user@freebsdsrv:~ $ sudo pkg install -y php83-mbstring php83-mysqli [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	oniguruma: 6.9.10
	php83-mbstring: 8.3.15
	php83-mysqli: 8.3.15

Number of packages to be installed: 3

The process will require 5 MiB more space.
1 MiB to be downloaded.
[1/3] Fetching php83-mysqli-8.3.15.pkg: 100%   52 KiB  53.6kB/s    00:01    
[2/3] Fetching php83-mbstring-8.3.15.pkg: 100%  922 KiB 944.0kB/s    00:01    
[3/3] Fetching oniguruma-6.9.10.pkg: 100%  253 KiB 258.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/3] Installing oniguruma-6.9.10...
[1/3] Extracting oniguruma-6.9.10: 100%
[2/3] Installing php83-mysqli-8.3.15...
[2/3] Extracting php83-mysqli-8.3.15: 100%
[3/3] Installing php83-mbstring-8.3.15...
[3/3] Extracting php83-mbstring-8.3.15: 100%
=====
Message from php83-mysqli-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-mysqli.ini.sample
=====
Message from php83-mbstring-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-mbstring.ini.sample
user@freebsdsrv:~ $

Restart PHP-FMP and Apache for the changes to take effect.
Restart PHP-FMP with:

user@freebsdsrv:~ $ sudo service php_fpm restart [enter]
Performing sanity check on php-fpm configuration:
[04-Feb-2025 13:23:56] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful
Stopping php_fpm.
Waiting for PIDS: 2041.
Performing sanity check on php-fpm configuration:
[04-Feb-2025 13:23:56] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful
Starting php_fpm.
freebsdsrv:~ $

Show PHP-FMP status with:

user@freebsdsrv:~ $ sudo service php_fpm status [enter]
php_fpm is running as pid 2662.
freebsdsrv:~ $

Restart Apache with:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 2009.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Show Apache status with:

user@freebsdsrv:~ $ sudo service apache24 status [enter]
apache24 is running as pid 2698.
freebsdsrv:~ $

phpMyAdmin Dashboard

Access the phpMyAdmin dashboard via https://192.168.1.50/phpmyadmin/index.php.
Log in to phpMyAdmin dashboard with the MariaDB database root/DBpassWd credentials.
N.B.: phpMyAdmin is not completely set up!
Some features are not enabled, and this should be indicated on the phpMyAdmin dashboard. Click on the ‘Find out why’ at the end of this message and complete the operation in the phpMyAdmin configuration storage dashboard.

If you encounter a phpMyAdmin login problems:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: DBpassWd [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> SET old_passwords=0; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]> ALTER USER root@localhost IDENTIFIED BY 'DBpassWd'; [enter]
Query OK, 0 rows affected (0.428 sec)

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Enable PMA function

Add user PMA with:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: DBpassWd [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> SET old_passwords=0; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]> CREATE USER 'pma'@'localhost' IDENTIFIED VIA mysql_native_password USING 'pmaPassWd'; [enter]
Query OK, 0 rows affected (0.428 sec)

root@localhost [(none)]> GRANT ALL PRIVILEGES ON `phpmyadmin`.* TO 'pma'@'localhost'; [enter]
Query OK, 0 rows affected (0.428 sec)

root@localhost [(none)]> FLUSH PRIVILEGES; [enter]
Query OK, 0 rows affected (0 sec)

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Enable use of PMA with:

user@freebsdsrv:~ $ sudo sudo ee +43 /usr/local/www/phpMyAdmin/config.inc.php [enter]
...
/**
 * phpMyAdmin configuration storage settings.
 */

/* User used to manipulate with storage */
// $cfg['Servers'][$i]['controlhost'] = '';
// $cfg['Servers'][$i]['controlport'] = '';
$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'pmaPassWd';

/* Storage database and tables */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
...

phpMyAdmin Configuration File

user@freebsdsrv:~ $ sudo ee /usr/local/www/phpMyAdmin/config.inc.php [enter]
<?php
/**
 * phpMyAdmin sample configuration, you can use it as base for
 * manual configuration. For easier setup you can use setup/
 *
 * All directives are explained in documentation in the doc/ folder
 * or at <https://docs.phpmyadmin.net/>.
 */

declare(strict_types=1);

/**
 * This is needed for cookie based authentication to encrypt the cookie.
 * Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
 */
$cfg['blowfish_secret'] = '7dc4d9bc3eafddd348d0c1bb7d34d139'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/**
 * Servers configuration
 */
$i = 0;

/**
 * First server
 */
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['socket'] = '/var/run/mysql/mysql.sock';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;

/**
 * phpMyAdmin configuration storage settings.
 */

/* User used to manipulate with storage */
// $cfg['Servers'][$i]['controlhost'] = '';
// $cfg['Servers'][$i]['controlport'] = '';
// $cfg['Servers'][$i]['controluser'] = 'pma';
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';

/* Storage database and tables */
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
// $cfg['Servers'][$i]['relation'] = 'pma__relation';
// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
// $cfg['Servers'][$i]['history'] = 'pma__history';
// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
// $cfg['Servers'][$i]['recent'] = 'pma__recent';
// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
// $cfg['Servers'][$i]['users'] = 'pma__users';
// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';

/**
 * End of servers configuration
 */

/**
 * Directories for saving/loading files from server
 */
$cfg['UploadDir'] = '/usr/local/www/phpMyAdmin/UploadDir';
$cfg['SaveDir'] = '/usr/local/www/phpMyAdmin/SaveDir';

/**
 * Whether to display icons or text or both icons and text in table row
 * action segment. Value can be either of 'icons', 'text' or 'both'.
 * default = 'both'
 */
//$cfg['RowActionType'] = 'icons';

/**
 * Defines whether a user should be displayed a "show all (records)"
 * button in browse mode or not.
 * default = false
 */
//$cfg['ShowAll'] = true;

/**
 * Number of rows displayed when browsing a result set. If the result
 * set contains more rows, "Previous" and "Next".
 * Possible values: 25, 50, 100, 250, 500
 * default = 25
 */
//$cfg['MaxRows'] = 50;

/**
 * Disallow editing of binary fields
 * valid values are:
 *   false    allow editing
 *   'blob'   allow editing except for BLOB fields
 *   'noblob' disallow editing except for BLOB fields
 *   'all'    disallow editing
 * default = 'blob'
 */
//$cfg['ProtectBinary'] = false;

/**
 * Default language to use, if not browser-defined or user-defined
 * (you find all languages in the locale folder)
 * uncomment the desired line:
 * default = 'en'
 */
//$cfg['DefaultLang'] = 'en';
//$cfg['DefaultLang'] = 'de';

/**
 * How many columns should be used for table display of a database?
 * (a value larger than 1 results in some information being hidden)
 * default = 1
 */
//$cfg['PropertiesNumColumns'] = 2;

/**
 * Set to true if you want DB-based query history.If false, this utilizes
 * JS-routines to display query history (lost by window close)
 *
 * This requires configuration storage enabled, see above.
 * default = false
 */
//$cfg['QueryHistoryDB'] = true;

/**
 * When using DB-based query history, how many entries should be kept?
 * default = 25
 */
//$cfg['QueryHistoryMax'] = 100;

/**
 * Whether or not to query the user before sending the error report to
 * the phpMyAdmin team when a JavaScript error occurs
 *
 * Available options
 * ('ask' | 'always' | 'never')
 * default = 'ask'
 */
//$cfg['SendErrorReports'] = 'always';

/**
 * 'URLQueryEncryption' defines whether phpMyAdmin will encrypt sensitive data from the URL query string.
 * 'URLQueryEncryptionSecretKey' is a 32 bytes long secret key used to encrypt/decrypt the URL query string.
 */
//$cfg['URLQueryEncryption'] = true;
//$cfg['URLQueryEncryptionSecretKey'] = '';

/**
 * You can find more configuration options in the documentation
 * in the doc/ folder or at <https://docs.phpmyadmin.net/>.
 */
MariaDB – Multithreaded SQL Database Server/Client

MariaDB – Multithreaded SQL Database Server/Client

By |

Description:

MariaDB is a database server that offers drop-in replacement functionality for MySQL. MariaDB is built by some of the original authors of MySQL, with assistance from the broader community of Free and open-source software developers. In addition to the core functionality of MySQL, MariaDB offers a rich set of feature enhancements, including alternate storage engines, server optimizations, and patches.

Developers primarily drive MariaDB at Monty Program, a company founded by Michael “Monty” Widenius, the original author of MySQL, but this is not the whole story about MariaDB. On the “About MariaDB” page, you will find more information about all participants in the MariaDB community, including storage engines XtraDB and PBXT.

WWW: https://mariadb.org/.

Creat ZFS datasets for MariaDB databas storage

One area that definitely needs Specialized Tuning is when you create a ZFS mount specifically for a database.

N.B.: This should be done on a new MariaDB install. It is assumed mySQL has never run on this machine, so the data directories are not populated (on FreeBSD, the first run of mySQL creates the data files. If you have run it, back up any data, then:

### WARNING!, WARNING!, WARNING ###
This will delete any existing databases!

user@freebsdsrv:~ $ sudo rm -fR /var/db/mysql/* [enter]
user@freebsdsrv:~ $

Create ZFS datasets for MariaDB with:

user@freebsdsrv:~ $ sudo zfs create zroot/db ; sudo zfs create zroot/db/logs ; sudo zfs create zroot/db/innodb ; sudo zfs create zroot/db/myisam [enter]
user@freebsdsrv:~ $

Set global ZFS paraemters with:

user@freebsdsrv:~ $ sudo zfs set zfs:zfs_nocacheflush=1 zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set setuid=off zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set primarycache=metadata zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set atime=off zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set sync=disabled zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set compression=off zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set logbias=throughput zroot/db [enter]
user@freebsdsrv:~ $

Set individual parameters (blocksizes) with:

user@freebsdsrv:~ $ sudo zfs set recordsize=16k zroot/db/innodb [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set recordsize=128k zroot/db/logs [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set recordsize=8k zroot/db/myisam [enter]
user@freebsdsrv:~ $

Create directories, set the mount points and then set ownership with:

user@freebsdsrv:~ $ sudo mkdir /var/log/mysql [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set mountpoint=/var/log/mysql zroot/db/logs [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo mkdir /var/db/mysql [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set mountpoint=/var/db/mysql zroot/db/myisam [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo mkdir /var/db/mysql-innodb [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set mountpoint=/var/db/mysql-innodb zroot/db/innodb [enter]
user@freebsdsrv:~ $

To start the MariaDB Server on system boot:

user@freebsdsrv:~ $ sudo sysrc mysql_enable="YES" [enter]
mysql_enable:  -> YES
user@freebsdsrv:~ $

Installation

Search for “mariadb” in the remote package repositories with:

user@freebsdsrv:~ $ pkg search mariadb1 [enter]
mariadb1011-client-10.11.10_1  Multithreaded SQL database (client)
mariadb1011-server-10.11.10_1  Multithreaded SQL database (server)
mariadb105-client-10.5.27      Multithreaded SQL database (client)
mariadb105-server-10.5.27      Multithreaded SQL database (server)
mariadb106-client-10.6.20      Multithreaded SQL database (client)
mariadb106-server-10.6.20      Multithreaded SQL database (server)
mariadb114-client-11.4.4       Multithreaded SQL database (client)
mariadb114-server-11.4.4       Multithreaded SQL database (server)
user@freebsdsrv:~ $

In this example, mariadb114-server and mariadb114-client will be installed with;

user@freebsdsrv:~ $ sudo pkg install -y mariadb114-server mariadb114-client [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 10 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	bash: 5.2.37
	boost-libs: 1.85.0
	galera26: 26.4.16_3
	icu: 74.2_1,1
	libfmt: 10.2.1
	mariadb114-client: 11.4.3
	mariadb114-server: 11.4.3
	rsync: 3.3.0
	unixODBC: 2.3.12_1
	xxhash: 0.8.2_1

Number of packages to be installed: 10

The process will require 591 MiB more space.
82 MiB to be downloaded.
[1/10] Fetching galera26-26.4.16_3.pkg: 100%  908 KiB 929.6kB/s    00:01    
[2/10] Fetching boost-libs-1.85.0.pkg: 100%   15 MiB  15.2MB/s    00:01    
[3/10] Fetching unixODBC-2.3.12_1.pkg: 100%  547 KiB 559.9kB/s    00:01    
[4/10] Fetching mariadb114-server-11.4.3.pkg: 100%   49 MiB  51.3MB/s    00:01    
[5/10] Fetching icu-74.2_1,1.pkg: 100%   13 MiB  13.2MB/s    00:01    
[6/10] Fetching xxhash-0.8.2_1.pkg: 100%   92 KiB  93.9kB/s    00:01    
[7/10] Fetching bash-5.2.37.pkg: 100%    2 MiB   1.8MB/s    00:01    
[8/10] Fetching mariadb114-client-11.4.3.pkg: 100%    3 MiB   2.9MB/s    00:01    
[9/10] Fetching rsync-3.3.0.pkg: 100%  396 KiB 405.7kB/s    00:01    
[10/10] Fetching libfmt-10.2.1.pkg: 100%  178 KiB 182.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/10] Installing icu-74.2_1,1...
[1/10] Extracting icu-74.2_1,1: 100%
[2/10] Installing boost-libs-1.85.0...
[2/10] Extracting boost-libs-1.85.0: 100%
[3/10] Installing xxhash-0.8.2_1...
[3/10] Extracting xxhash-0.8.2_1: 100%
[4/10] Installing libfmt-10.2.1...
[4/10] Extracting libfmt-10.2.1: 100%
[5/10] Installing galera26-26.4.16_3...
[5/10] Extracting galera26-26.4.16_3: 100%
[6/10] Installing unixODBC-2.3.12_1...
[6/10] Extracting unixODBC-2.3.12_1: 100%
[7/10] Installing bash-5.2.37...
[7/10] Extracting bash-5.2.37: 100%
[8/10] Installing mariadb114-client-11.4.3...
===> Creating groups
Creating group 'mysql' with gid '88'
===> Creating users
Creating user 'mysql' with uid '88'
===> Creating homedir(s)
[8/10] Extracting mariadb114-client-11.4.3: 100%
[9/10] Installing rsync-3.3.0...
[9/10] Extracting rsync-3.3.0: 100%
[10/10] Installing mariadb114-server-11.4.3...
===> Creating groups
Using existing group 'mysql'
===> Creating users
Using existing user 'mysql'
===> Creating homedir(s)
[10/10] Extracting mariadb114-server-11.4.3: 100%
=====
Message from boost-libs-1.85.0:

--
You have built the Boost library with thread support.

Don't forget to add -pthread to your linker options when
linking your code.
=====
Message from galera26-26.4.16_3:

--
Find the Galera Cluster documentation at
https://galeracluster.com/library/documentation/index.html
=====
Message from mariadb114-client-11.4.3:

--
MariaDB respects hier(7) and doesn't check /etc and /etc/mysql for
my.cnf. Please move existing my.cnf files from those paths to
/usr/local/etc/mysql or /usr/local/etc. Sample
configuration files are provided in /usr/local/etc/mysql
and /usr/local/etc/mysql/conf.d.
The rc(8) script no longer uses /var/db/mysql/my.cnf for configuration
nor /var/db/mysql for logs and PID-file.

This port does NOT include the mytop perl script, this is included in
the MariaDB tarball but the most recent version can be found in the
databases/mytop port

%%WSREP%%The Using wsrep clustering requires additional configuration.
%%WSREP%%Edit /usr/local/etc/mysql/conf.d/wsrep.conf and change what you need there.

The hashicorp_key_management, s3 and spider plugins must be enabled
before they can be used, check the specific .cnf files in /usr/local/etc/mysql/conf.d/
=====
Message from rsync-3.3.0:

--
Some scripts provided by rsync, such as rrsync,
require Python, which is not installed by default.
=====
Message from mariadb114-server-11.4.3:

--
MariaDB respects hier(7) and doesn't check /etc and /etc/mysql for
my.cnf. Please move existing my.cnf files from those paths to
/usr/local/etc/mysql or /usr/local/etc. Sample
configuration files are provided in /usr/local/etc/mysql
and /usr/local/etc/mysql/conf.d.
The rc(8) script no longer uses /var/db/mysql/my.cnf for configuration
nor /var/db/mysql for logs and PID-file.

This port does NOT include the mytop perl script, this is included in
the MariaDB tarball but the most recent version can be found in the
databases/mytop port

The Using wsrep clustering requires additional configuration.
Edit /usr/local/etc/mysql/conf.d/wsrep.conf and change what you need there.

The hashicorp_key_management, s3 and spider plugins must be enabled
before they can be used, check the specific .cnf files in /usr/local/etc/mysql/conf.d/
user@freebsdsrv:~ $

Change owner on MaraDB directories with:

user@freebsdsrv:~ $ sudo chown mysql:mysql /var/log/mysql ; sudo chown mysql:mysql /var/db/mysql ; sudo chown mysql:mysql /var/db/mysql-innodb [enter]
user@freebsdsrv:~ $

Initialize the MariaDB data directory and sart the MySQL server with:

user@freebsdsrv:~ $ sudo service mysql-server start [enter]
Installing MariaDB/MySQL system tables in './data' ...
OK

To start mariadbd at boot time you have to copy
support-files/mariadb.service to the right place for your system


Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is mysql@localhost, it has no password either, but
you need to be the system 'mysql' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo

See the MariaDB Knowledgebase at https://mariadb.com/kb

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mariadbd-safe --datadir='./data'

You can test the MariaDB daemon with mariadb-test-run.pl
cd '/usr/local/' ; perl mariadb-test-run.pl

Please report any problems at https://mariadb.org/jiraThe latest information about MariaDB is available at https://mariadb.org/.

Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
user@freebsdsrv:~ $

Verify status with:

user@freebsdsrv:~ $ sudo service mysql-server status [enter]
mysql is running as pid 14018.
user@freebsdsrv:~ $

Set MariaDB server root password with:

user@freebsdsrv:~ $ sudo /usr/local/bin/mariadb-admin -u root password 'DBrootPassWd' [enter]
user@freebsdsrv:~ $

Confirm that the MariaDB service is up and running by checking its status with:

user@freebsdsrv:~ $ sudo service mysql-server status [enter]
mysql is running as pid 6971.
user@freebsdsrv:~ $

Display file /var/log/mysql/mysqld.err with:

user@freebsdsrv:~ $ sudo cat /var/log/mysql/mysqld.err [enter]
2025-02-03 22:42:02 0 [Warning] 'wsrep-causal-reads' was removed. It does nothing now and exists only for compatibility with old my.cnf files.
2025-02-03 22:42:05 0 [Note] Starting MariaDB 11.4.4-MariaDB source revision e9a502df08bad16aa8a354e854f3c014b1380e32 server_uid DByzGKgo5W7evv3aCV6HD1tucBU= as process 14018
2025-02-03 22:42:05 0 [Note] InnoDB: Compressed tables use zlib 1.3.1
2025-02-03 22:42:05 0 [Note] InnoDB: Number of transaction pools: 1
2025-02-03 22:42:05 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2025-02-03 22:42:05 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
2025-02-03 22:42:05 0 [Note] InnoDB: Completed initialization of buffer pool
2025-02-03 22:42:06 0 [Note] InnoDB: End of log at LSN=47907
2025-02-03 22:42:06 0 [Note] InnoDB: Opened 3 undo tablespaces
2025-02-03 22:42:06 0 [Note] InnoDB: 128 rollback segments in 3 undo tablespaces are active.
2025-02-03 22:42:06 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
2025-02-03 22:42:06 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
2025-02-03 22:42:06 0 [Note] InnoDB: log sequence number 47907; transaction id 16
2025-02-03 22:42:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/db/mysql/ib_buffer_pool
2025-02-03 22:42:06 0 [Note] Plugin 'FEEDBACK' is disabled.
2025-02-03 22:42:06 0 [Note] Plugin 'wsrep-provider' is disabled.
2025-02-03 22:42:06 0 [Warning] 'wsrep-causal-reads' was removed. It does nothing now and exists only for compatibility with old my.cnf files.
2025-02-03 22:42:06 0 [Warning] 'wsrep-causal-reads' was removed. It does nothing now and exists only for compatibility with old my.cnf files.
2025-02-03 22:42:06 0 [Note] InnoDB: Buffer pool(s) load completed at 250203 22:42:06
2025-02-03 22:42:09 0 [Note] Server socket created on IP: '0.0.0.0'.
2025-02-03 22:42:09 0 [Note] mariadbd: Event Scheduler: Loaded 0 events
2025-02-03 22:42:09 0 [Note] /usr/local/libexec/mariadbd: ready for connections.
Version: '11.4.4-MariaDB'  socket: '/var/run/mysql/mysql.sock'  port: 3306  FreeBSD Ports

Harden the MariaDB database server with:

user@freebsdsrv:~ $ sudo mariadb-secure-installation [enter]

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): <--DBrootPassWd [enter]
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] [enter]
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] n [enter]
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] [enter]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] [enter]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] [enter]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] [enter]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
user@freebsdsrv:~ $

Access MariaDB using the root user:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: <-- DBrootPassWd [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Exit MariaDB root with:

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Lists open Internet or UNIX domain sockets MariaDB service binds to with:

user@freebsdsrv:~ $ sockstat | grep 3306 [enter]
mysql    mariadbd   43037 24  tcp4   *:3306                *:*
user@freebsdsrv:~ $

To prevent remote access to MariaDB, we must make sure that the daemon of MariaDB only listens to the localhost with:

user@freebsdsrv:~ $ sudo sysrc mysql_args="--bind-address=127.0.0.1" [enter]
mysql_args:  -> --bind-address=127.0.0.1
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo service mysql-server restart [enter]
Stopping mysql.
Waiting for PIDS: 51757.
Starting mysql.
user@freebsdsrv:~ $

Lists open Internet or UNIX domain sockets MariaDB service binds to with:

user@freebsdsrv:~ $ sockstat | grep 3306 [enter]
mysql    mariadbd   50299 24  tcp4   127.0.0.1:3306        *:*
user@freebsdsrv:~ $

Test MariaDB on FreeBSD

Test the connectivity to the databases with:

user@freebsdsrv:~ $ sudo mysql -u root -p -e "show databases" [enter]
Enter password: DBrootPassWd [enter]
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
user@freebsdsrv:~ $
Apache – PHP-FPM (FastCGI Process Manager)

Apache – PHP-FPM (FastCGI Process Manager)

By |

Consider switching to php-fpm and mod_fast_cgi as per Apache httpd project
recommendation. See https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM

Requirement:

Prevent PHP from running arbitrary code by mistake with:

user@freebsdsrv:~ $ sudo sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /usr/local/etc/php.ini && cat /usr/local/etc/php.ini | grep "fix_pathinfo=" [enter]
cgi.fix_pathinfo=0
user@freebsdsrv:~ $

PHP-FPM (FastCGI Process Manager) is a web tool used to speed up a website’s performance. It is much faster than traditional CGI-based methods and can handle tremendous loads simultaneously.

View the installed PHP-FPM version on your server.

user@freebsdsrv:~ $ php-fpm -v [enter]
PHP 8.3.15 (fpm-fcgi) (built: Jan 30 2025 02:19:24)
Copyright (c) The PHP Group
Zend Engine v4.3.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.15, Copyright (c), by Zend Technologies
user@freebsdsrv:~ $

Enable the PHP-FPM service to start automatically at boot time.

user@freebsdsrv:~ $ sudo sysrc php_fpm_enable="YES" [enter]
php_fpm_enable:  -> YES
user@freebsdsrv:~ $

Configure PHP-FPM to use a UNIX socket instead of a TCP with:

user@freebsdsrv:~ $ sudo sed -i -e 's/127.0.0.1:9000/\/var\/run\/php-fpm.sock/g' /usr/local/etc/php-fpm.d/www.conf && cat /usr/local/etc/php-fpm.d/www.conf | grep "php-fpm.sock" [enter]
listen = /var/run/php-fpm.sock
user@freebsdsrv:~ $

Set permissions for use of the UNIX socket with:

user@freebsdsrv:~ $ sudo sed -i -e 's/;listen.owner/listen.owner/g' /usr/local/etc/php-fpm.d/www.conf && cat /usr/local/etc/php-fpm.d/www.conf | grep "listen.owner =" [enter]
listen.owner = www
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo sed -i -e 's/;listen.group/listen.group/g' /usr/local/etc/php-fpm.d/www.conf && cat /usr/local/etc/php-fpm.d/www.conf | grep "listen.group =" [enter]
listen.group = www
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo sed -i -e 's/;listen.mode/listen.mode/g' /usr/local/etc/php-fpm.d/www.conf && cat /usr/local/etc/php-fpm.d/www.conf | grep "listen.mode =" [enter]
listen.mode = 0660
user@freebsdsrv:~ $

Display the changed settings in with:

user@freebsdsrv:~ $ head -n 60 /usr/local/etc/php-fpm.d/www.conf [enter]
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr/local) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
;       --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
;                 If the group is not set, the user's group is used.
user = www
group = www

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '0.0.0.0:port'         - to listen on a TCP socket to all IPv4 addresses on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;                            Note: IPv4-mapped addresses are disabled by-default in
;                                  FreeBSD for security reasons;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php-fpm.sock

; Set listen(2) backlog.
; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
;                 is not set, the owner's group is used. Mode is set to 0660.
listen.owner = www
listen.group = www
listen.mode = 0660

user@freebsdsrv:~ $

N.B.: Critical settings are displayed in bold!

Start PHP-FPM

Start the PHP-FPM service with:

user@freebsdsrv:~ $ sudo service php_fpm start [enter]
Performing sanity check on php-fpm configuration:
[09-Aug-2024 23:20:44] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful
Starting php_fpm.
user@freebsdsrv:~ $

..and then restart Nginx so it loads the latest configuration changes incorporating the PHP module:

Configure Apache to load the socache_shmcb modules, uncomment the line, LoadModule proxy_module libexec/apache24/mod_proxy.so and verify the change with:

user@freebsdsrv:~ $ sudo sed -i -e '/mod_proxy.so/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "mod_proxy.so" [enter]
LoadModule proxy_module libexec/apache24/mod_proxy.so
user@freebsdsrv:~ $

Configure Apache to load the mod_proxy_fcgi.so, uncomment the line, LoadModule proxy_module libexec/apache24/mod_proxy_fcgi.so and verify the change with:

user@freebsdsrv:~ $ sudo sed -i -e '/mod_proxy_fcgi.so/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "mod_proxy_fcgi.so" [enter]
LoadModule proxy_module libexec/apache24/mod_proxy_fcgi.so
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/php.conf [enter]

…and update as in thi example:

<IfModule dir_module>
         DirectoryIndex index.php index.html
         <FilesMatch "\.php$">
                SetHandler "proxy:unix:/var/run/php-fpm.sock|fcgi://127.0.0.1/"
         </FilesMatch>
         <FilesMatch "\.phps$">
                SetHandler application/x-httpd-php-source
         </FilesMatch>
</IfModule>
user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 42550.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Verify Configuration

In order to check that the configuration changes have been applied you’ll run some tests. The first one will check what multi-processing module Apache HTTP is using. The second will verify that PHP is using the FPM manager.

Check the Apache HTTP server by running the following command:

user@freebsdsrv:~ $ sudo apachectl -M | grep 'mpm' [enter]
mpm_event_module (shared)
user@freebsdsrv:~ $

Repeat the same for the proxy module and FastCGI:

user@freebsdsrv:~ $ sudo apachectl -M | grep 'proxy' [enter]
proxy_module (shared)
proxy_fcgi_module (shared)
user@freebsdsrv:~ $

To see the entire list of the modules, you can remove the the second part of the command after -M.

Display open PHP-FPM sockets with:

user@freebsdsrv:~ $ sudo sockstat | grep "php-fpm" [enter]
www      php-fpm     1995 9   stream /var/run/php-fpm.sock
www      php-fpm     1994 9   stream /var/run/php-fpm.sock
root     php-fpm     1993 5   stream -> [1993 7]
root     php-fpm     1993 7   stream -> [1993 5]
root     php-fpm     1993 8   stream /var/run/php-fpm.sock
user@freebsdsrv:~ $

Test the FPM configuration file and display the configuration with:

user@freebsdsrv:~ $ sudo php-fpm -tt [enter]
[09-Aug-2024 23:23:29] NOTICE: [global]
[09-Aug-2024 23:23:29] NOTICE: 	pid = /var/run/php-fpm.pid
[09-Aug-2024 23:23:29] NOTICE: 	error_log = /var/log/php-fpm.log
[09-Aug-2024 23:23:29] NOTICE: 	syslog.ident = php-fpm
[09-Aug-2024 23:23:29] NOTICE: 	syslog.facility = 24
[09-Aug-2024 23:23:29] NOTICE: 	log_buffering = yes
[09-Aug-2024 23:23:29] NOTICE: 	log_level = unknown value
[09-Aug-2024 23:23:29] NOTICE: 	log_limit = 1024
[09-Aug-2024 23:23:29] NOTICE: 	emergency_restart_interval = 0s
[09-Aug-2024 23:23:29] NOTICE: 	emergency_restart_threshold = 0
[09-Aug-2024 23:23:29] NOTICE: 	process_control_timeout = 0s
[09-Aug-2024 23:23:29] NOTICE: 	process.max = 0
[09-Aug-2024 23:23:29] NOTICE: 	process.priority = undefined
[09-Aug-2024 23:23:29] NOTICE: 	daemonize = yes
[09-Aug-2024 23:23:29] NOTICE: 	rlimit_files = 0
[09-Aug-2024 23:23:29] NOTICE: 	rlimit_core = 0
[09-Aug-2024 23:23:29] NOTICE: 	events.mechanism = kqueue
[09-Aug-2024 23:23:29] NOTICE:  
[09-Aug-2024 23:23:29] NOTICE: [www]
[09-Aug-2024 23:23:29] NOTICE: 	prefix = undefined
[09-Aug-2024 23:23:29] NOTICE: 	user = www
[09-Aug-2024 23:23:29] NOTICE: 	group = www
[09-Aug-2024 23:23:29] NOTICE: 	listen = /var/run/php-fpm.sock
[09-Aug-2024 23:23:29] NOTICE: 	listen.backlog = -1
[09-Aug-2024 23:23:29] NOTICE: 	listen.owner = www
[09-Aug-2024 23:23:29] NOTICE: 	listen.group = www
[09-Aug-2024 23:23:29] NOTICE: 	listen.mode = 0660
[09-Aug-2024 23:23:29] NOTICE: 	listen.allowed_clients = undefined
[09-Aug-2024 23:23:29] NOTICE: 	listen.setfib = -1
[09-Aug-2024 23:23:29] NOTICE: 	process.priority = undefined
[09-Aug-2024 23:23:29] NOTICE: 	process.dumpable = no
[09-Aug-2024 23:23:29] NOTICE: 	pm = dynamic
[09-Aug-2024 23:23:29] NOTICE: 	pm.max_children = 5
[09-Aug-2024 23:23:29] NOTICE: 	pm.start_servers = 2
[09-Aug-2024 23:23:29] NOTICE: 	pm.min_spare_servers = 1
[09-Aug-2024 23:23:29] NOTICE: 	pm.max_spare_servers = 3
[09-Aug-2024 23:23:29] NOTICE: 	pm.max_spawn_rate = 32
[09-Aug-2024 23:23:29] NOTICE: 	pm.process_idle_timeout = 10
[09-Aug-2024 23:23:29] NOTICE: 	pm.max_requests = 0
[09-Aug-2024 23:23:29] NOTICE: 	pm.status_path = undefined
[09-Aug-2024 23:23:29] NOTICE: 	pm.status_listen = undefined
[09-Aug-2024 23:23:29] NOTICE: 	ping.path = undefined
[09-Aug-2024 23:23:29] NOTICE: 	ping.response = undefined
[09-Aug-2024 23:23:29] NOTICE: 	access.log = undefined
[09-Aug-2024 23:23:29] NOTICE: 	access.format = undefined
[09-Aug-2024 23:23:29] NOTICE: 	slowlog = undefined
[09-Aug-2024 23:23:29] NOTICE: 	request_slowlog_timeout = 0s
[09-Aug-2024 23:23:29] NOTICE: 	request_slowlog_trace_depth = 20
[09-Aug-2024 23:23:29] NOTICE: 	request_terminate_timeout = 0s
[09-Aug-2024 23:23:29] NOTICE: 	request_terminate_timeout_track_finished = no
[09-Aug-2024 23:23:29] NOTICE: 	rlimit_files = 0
[09-Aug-2024 23:23:29] NOTICE: 	rlimit_core = 0
[09-Aug-2024 23:23:29] NOTICE: 	chroot = undefined
[09-Aug-2024 23:23:29] NOTICE: 	chdir = undefined
[09-Aug-2024 23:23:29] NOTICE: 	catch_workers_output = no
[09-Aug-2024 23:23:29] NOTICE: 	decorate_workers_output = yes
[09-Aug-2024 23:23:29] NOTICE: 	clear_env = yes
[09-Aug-2024 23:23:29] NOTICE: 	security.limit_extensions = .php .phar
[09-Aug-2024 23:23:29] NOTICE:  
[09-Aug-2024 23:23:29] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful
user@freebsdsrv:~ $

Check if PHP is using the FastCGI Process Manager by pointing your browser to: https://192.168.1.50/info.php.

N.B.: The Server API entry will be FPM/FastCGI.

More Information

Apache.org: PHP-FMP.

Apache – PHP Scripting Language (8.3.X Branch)

Apache – PHP Scripting Language (8.3.X Branch)

By |

Description:

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open-source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

WWW: http://www.php.net.

Requirements

The following application(s) must be installed, configured, and running before PHP is installed:

  1. Apache – HTTP Server

Installation

N.B.: The current version of Apache will be installed if missing!
Search for mod_php in the remote package repositories with:

user@freebsdsrv:~ $ pkg search mod_php | egrep '^mod_php[0-9]+-[0-9]' [enter]
mod_php81-8.1.31               PHP Scripting Language (8.1.X branch)
mod_php82-8.2.27               PHP Scripting Language (8.2.X branch)
mod_php83-8.3.15               PHP Scripting Language (8.3.X branch)
mod_php84-8.4.2                PHP Scripting Language (8.4.X branch)
user@freebsdsrv:~ $

If PHP based services is required to send email via phpmailer we are for det moment limited to use the 8.3.x branch of PHP.
In this example php83, php83-extensions and mod_php83 will installed due to that phpmailer6 will be required later on to be installed.

user@freebsdsrv:~ $ sudo pkg install -y php83 php83-extensions mod_php83 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 22 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	libargon2: 20190702_1
	libedit: 3.1.20240808,1
	mod_php83: 8.3.15
	php83: 8.3.15
	php83-ctype: 8.3.15
	php83-dom: 8.3.15
	php83-extensions: 1.0
	php83-filter: 8.3.15
	php83-iconv: 8.3.15
	php83-opcache: 8.3.15
	php83-pdo: 8.3.15
	php83-pdo_sqlite: 8.3.15
	php83-phar: 8.3.15
	php83-posix: 8.3.15
	php83-session: 8.3.15
	php83-simplexml: 8.3.15
	php83-sqlite3: 8.3.15
	php83-tokenizer: 8.3.15
	php83-xml: 8.3.15
	php83-xmlreader: 8.3.15
	php83-xmlwriter: 8.3.15
	sqlite3: 3.46.1,1

Number of packages to be installed: 22

The process will require 40 MiB more space.
9 MiB to be downloaded.
[1/22] Fetching php83-session-8.3.15.pkg: 100%   41 KiB  41.9kB/s    00:01    
[2/22] Fetching libedit-3.1.20240808,1.pkg: 100%  150 KiB 153.8kB/s    00:01    
[3/22] Fetching php83-filter-8.3.15.pkg: 100%   25 KiB  25.7kB/s    00:01    
[4/22] Fetching php83-pdo_sqlite-8.3.15.pkg: 100%   15 KiB  15.5kB/s    00:01    
[5/22] Fetching php83-ctype-8.3.15.pkg: 100%    8 KiB   7.8kB/s    00:01    
[6/22] Fetching php83-tokenizer-8.3.15.pkg: 100%   16 KiB  16.0kB/s    00:01    
[7/22] Fetching php83-8.3.15.pkg: 100%    5 MiB   4.7MB/s    00:01    
[8/22] Fetching mod_php83-8.3.15.pkg: 100%    2 MiB   1.8MB/s    00:01    
[9/22] Fetching php83-xmlwriter-8.3.15.pkg: 100%   16 KiB  16.8kB/s    00:01    
[10/22] Fetching php83-xml-8.3.15.pkg: 100%   23 KiB  23.9kB/s    00:01    
[11/22] Fetching php83-iconv-8.3.15.pkg: 100%   20 KiB  20.8kB/s    00:01    
[12/22] Fetching php83-dom-8.3.15.pkg: 100%   79 KiB  81.1kB/s    00:01    
[13/22] Fetching sqlite3-3.46.1,1.pkg: 100%    1 MiB   1.5MB/s    00:01    
[14/22] Fetching php83-simplexml-8.3.15.pkg: 100%   25 KiB  26.1kB/s    00:01    
[15/22] Fetching php83-pdo-8.3.15.pkg: 100%   55 KiB  56.6kB/s    00:01    
[16/22] Fetching php83-extensions-1.0.pkg: 100%    1 KiB   1.5kB/s    00:01    
[17/22] Fetching php83-phar-8.3.15.pkg: 100%  115 KiB 117.8kB/s    00:01    
[18/22] Fetching libargon2-20190702_1.pkg: 100%   69 KiB  70.2kB/s    00:01    
[19/22] Fetching php83-opcache-8.3.15.pkg: 100%  344 KiB 352.1kB/s    00:01    
[20/22] Fetching php83-posix-8.3.15.pkg: 100%   17 KiB  17.4kB/s    00:01    
[21/22] Fetching php83-xmlreader-8.3.15.pkg: 100%   18 KiB  18.1kB/s    00:01    
[22/22] Fetching php83-sqlite3-8.3.15.pkg: 100%   28 KiB  28.7kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/22] Installing libargon2-20190702_1...
[1/22] Extracting libargon2-20190702_1: 100%
[2/22] Installing libedit-3.1.20240808,1...
[2/22] Extracting libedit-3.1.20240808,1: 100%
[3/22] Installing php83-8.3.15...
[3/22] Extracting php83-8.3.15: 100%
[4/22] Installing php83-dom-8.3.15...
[4/22] Extracting php83-dom-8.3.15: 100%
[5/22] Installing sqlite3-3.46.1,1...
[5/22] Extracting sqlite3-3.46.1,1: 100%
[6/22] Installing php83-pdo-8.3.15...
[6/22] Extracting php83-pdo-8.3.15: 100%
[7/22] Installing php83-session-8.3.15...
[7/22] Extracting php83-session-8.3.15: 100%
[8/22] Installing php83-filter-8.3.15...
[8/22] Extracting php83-filter-8.3.15: 100%
[9/22] Installing php83-pdo_sqlite-8.3.15...
[9/22] Extracting php83-pdo_sqlite-8.3.15: 100%
[10/22] Installing php83-ctype-8.3.15...
[10/22] Extracting php83-ctype-8.3.15: 100%
[11/22] Installing php83-tokenizer-8.3.15...
[11/22] Extracting php83-tokenizer-8.3.15: 100%
[12/22] Installing php83-xmlwriter-8.3.15...
[12/22] Extracting php83-xmlwriter-8.3.15: 100%
[13/22] Installing php83-xml-8.3.15...
[13/22] Extracting php83-xml-8.3.15: 100%
[14/22] Installing php83-iconv-8.3.15...
[14/22] Extracting php83-iconv-8.3.15: 100%
[15/22] Installing php83-simplexml-8.3.15...
[15/22] Extracting php83-simplexml-8.3.15: 100%
[16/22] Installing php83-phar-8.3.15...
[16/22] Extracting php83-phar-8.3.15: 100%
[17/22] Installing php83-opcache-8.3.15...
[17/22] Extracting php83-opcache-8.3.15: 100%
[18/22] Installing php83-posix-8.3.15...
[18/22] Extracting php83-posix-8.3.15: 100%
[19/22] Installing php83-xmlreader-8.3.15...
[19/22] Extracting php83-xmlreader-8.3.15: 100%
[20/22] Installing php83-sqlite3-8.3.15...
[20/22] Extracting php83-sqlite3-8.3.15: 100%
[21/22] Installing mod_php83-8.3.15...
[21/22] Extracting mod_php83-8.3.15: 100%
[activating module `php' in /usr/local/etc/apache24/httpd.conf]
[22/22] Installing php83-extensions-1.0...
[22/22] Extracting php83-extensions-1.0: 100%
=====
Message from php83-dom-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-dom.ini.sample
=====
Message from php83-pdo-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-pdo.ini.sample
=====
Message from php83-session-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-18-session.ini.sample
=====
Message from php83-filter-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-filter.ini.sample
=====
Message from php83-pdo_sqlite-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-30-pdo_sqlite.ini.sample
=====
Message from php83-ctype-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-ctype.ini.sample
=====
Message from php83-tokenizer-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-tokenizer.ini.sample
=====
Message from php83-xmlwriter-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-xmlwriter.ini.sample
=====
Message from php83-xml-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-xml.ini.sample
=====
Message from php83-iconv-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-iconv.ini.sample
=====
Message from php83-simplexml-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-simplexml.ini.sample
=====
Message from php83-phar-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-phar.ini.sample
=====
Message from php83-opcache-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-10-opcache.ini.sample
=====
Message from php83-posix-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-posix.ini.sample
=====
Message from php83-xmlreader-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-30-xmlreader.ini.sample
=====
Message from php83-sqlite3-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-sqlite3.ini.sample
=====
Message from mod_php83-8.3.15:

--
******************************************************************************

Consider switching to php-fpm and mod_fast_cgi as per Apache httpd project
recommendation. See https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM

******************************************************************************

If you are building PHP-based ports in poudriere(8) or Synth with ZTS enabled,
add WITH_MPM=event to /etc/make.conf to prevent build failures.

******************************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

******************************************************************************
user@freebsdsrv:~ $

View the installed PHP version on your server.

user@freebsdsrv:~ $ php -v [enter]
PHP 8.3.15 (cli) (built: Jan 30 2025 02:19:13) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.15, Copyright (c), by Zend Technologies
user@freebsdsrv:~ $

List installed PHP compiled in modules with:

user@freebsdsrv:~ $ php -m [enter]
[PHP Modules]
Core
ctype
date
dom
filter
hash
iconv
json
libxml
mysqlnd
openssl
pcre
PDO
pdo_sqlite
Phar
posix
random
Reflection
session
SimpleXML
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter
Zend OPcache

[Zend Modules]
Zend OPcache

user@freebsdsrv:~ $

Configuration

Configure PHP to use production settings with this command:

user@freebsdsrv:~ $ sudo cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini; ls -l /usr/local/etc/php.* [enter]
-rw-r--r--  1 root wheel   123 Jan  7 03:10 /usr/local/etc/php.conf
-rw-r--r--  1 root wheel 69048 Jan 29 12:57 /usr/local/etc/php.ini
-rw-r--r--  1 root wheel 68914 Jan  7 03:10 /usr/local/etc/php.ini-development
-rw-r--r--  1 root wheel 69048 Jan  7 03:10 /usr/local/etc/php.ini-production
user@freebsdsrv:~ $

…and then edit /usr/local/etc/php.ini to meet your demands with:

user@freebsdsrv:~ $ sudo ee +713 /usr/local/etc/php.ini [enter]

Increase post_max_size from 8M to 32M;

; Maximum size of POST data that PHP will accept.
; http://php.net/post-max-size
post_max_size = 32M

Scroll down to line 989 and set date.timezone as in this example:

[Date]
; Defines the default timezone used by the date functions
; https://php.net/date.timezone
date.timezone = Europe/Stockholm

Configure a handler for PHP pages with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/php.conf [enter]
<IfModule dir_module>
         DirectoryIndex index.php index.html
         <FilesMatch "\.php$">
                  SetHandler application/x-httpd-php
         </FilesMatch>
         <FilesMatch "\.phps$">
                  SetHandler application/x-httpd-php-source
         </FilesMatch>
</IfModule>

Verify configuration by creating file:

user@freebsdsrv:~ $ sudo ee /usr/local/www/apache24/data/index.php [enter]
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Simple HTML Page with PHP</title>
</head>
<body>
    <h1>Hello, World!</h1>
    <p>This is a simple HTML page generated using PHP.</p>

    <?php                   
    // You can include PHP code within the HTML content
    $name = "Admin User";        
    echo "<p>Welcome, $name!</p>";
    ?>                      
                            
</body>                     
</html>

Restart Apache with:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 1732.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Test the PHP installation

Point your browser to: https://192.168.1.50/index.php

—-

Hello, World!

This is a simple HTML page generated using PHP.

Welcome, Admin User!
—-
Create a PHP Information display file with:

user@freebsdsrv:~ $ sudo sh -c 'echo "<?php phpinfo(); ?>" > /usr/local/www/apache24/data/info.php'; cat /usr/local/www/apache24/data/info.php [enter]

…then point your browser to https://192.168.1.50/info.php.

Information about the PHP installation on the FreeBSD server will be displayed.

Apache – Enable Hypertext Transfer Protocol Secure (HTTPS)

Apache – Enable Hypertext Transfer Protocol Secure (HTTPS)

By |

Enable Apache to load the SSL modules, uncomment the line, LoadModule ssl_module libexec/apache24/mod_ssl.so and verify the change with:

user@freebsdsrv:~ $ sudo sed -i -e '/ssl_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "ssl_module" [enter]
LoadModule ssl_module libexec/apache24/mod_ssl.so
<IfModule ssl_module&gt>
user@freebsdsrv:~ $

Configure Apache to load the socache_shmcb modules, uncomment the line, LoadModule ssl_module libexec/apache24/mod_ssl.so and verify the change with:

user@freebsdsrv:~ $ sudo sed -i -e '/socache_shmcb_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "socache_shmcb_module" [enter]
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
user@freebsdsrv:~ $

Configure Apache to load the rewrite_module modules, uncomment the line, LoadModule rewrite_module libexec/apache24/mod_rewrite.so and verify the change with:

user@freebsdsrv:~ $ sudo sed -i -e '/rewrite_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "rewrite_module" [enter]
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
user@freebsdsrv:~ $

Configure Apache to include the httpd-ssl.conf file, uncomment the line, Include etc/apache24/extra/httpd-ssl.conf and verify the change with:

user@freebsdsrv:~ $ sudo sed -i -e '/httpd-ssl.conf/s/#Include/Include/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "httpd-ssl.conf" [enter]
Include etc/apache24/extra/httpd-ssl.conf
user@freebsdsrv:~ $

Update ServerName in file /usr/local/etc/apache24/extra/httpd-ssl.conf with:

user@freebsdsrv:~ $ sudo sed -i -e '/ServerName/s/www.example.com/freebsdsrv.local.lan/' /usr/local/etc/apache24/extra/httpd-ssl.conf; cat /usr/local/etc/apache24/extra/httpd-ssl.conf | grep "ServerName" [enter]
ServerName freebsdsrv.local.lan:443
user@freebsdsrv:~ $

Update ServerAdmin in file /usr/local/etc/apache24/extra/httpd-ssl.conf with:

user@freebsdsrv:~ $ sudo sed -i -e '/ServerAdmin/s/you@example.com/admin@local.lan/' /usr/local/etc/apache24/extra/httpd-ssl.conf ; cat /usr/local/etc/apache24/extra/httpd-ssl.conf | grep "ServerAdmin" [enter]
ServerAdmin admin@local.lan
user@freebsdsrv:~ $

Copy your self-signed SSL/TLS certificate to Apache with:

user@freebsdsrv:~ $ sudo cp /etc/ssl/server.crt /usr/local/etc/apache24/server.crt; sudo cp /etc/ssl/server.key /usr/local/etc/apache24/server.key; ls -l /usr/local/etc/apache24/ [enter]
drwxr-xr-x  2 root wheel     4 Apr 11 12:17 Includes/
drwxr-xr-x  2 root wheel     2 Apr 11 12:01 envvars.d/
drwxr-xr-x  2 root wheel    27 Apr 11 12:20 extra/
-rw-r--r--  1 root wheel 21165 Apr 11 12:20 httpd.conf
-rw-r--r--  1 root wheel 21165 Apr 11 12:20 httpd.conf-e
-rw-r--r--  1 root wheel 21089 Mar 26 23:02 httpd.conf.sample
-rw-r--r--  1 root wheel 13064 Mar 26 23:02 magic
-rw-r--r--  1 root wheel 13064 Mar 26 23:02 magic.sample
-rw-r--r--  1 root wheel 60919 Mar 26 23:02 mime.types
-rw-r--r--  1 root wheel 60919 Mar 26 23:02 mime.types.sample
drwxr-xr-x  2 root wheel     3 Apr 11 12:01 modules.d/
-rw-r--r--  1 root wheel  1554 Apr 11 12:33 server.crt
-rw-------  1 root wheel  1704 Apr 11 12:35 server.key
user@freebsdsrv:~ $

Verify the Apache configuration file to ensure that there are no syntax errors with:

user@freebsdsrv:~ $ apachectl -t [enter]
Syntax OK
user@freebsdsrv:~ $

Erase content of log file /var/log/httpd-error.log with:

user@freebsdsrv:~ $ sudo sh -c "echo '' > /var/log/httpd-error.log" [enter]
user@freebsdsrv:~ $

Manually restart apache24 with:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 8225.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Verify apache24 status with:

user@freebsdsrv:~ $ service apache24 status [enter]
apache24 is running as pid 2491.
user@freebsdsrv:~ $

Check the httpd error log for possible errors:

user@freebsdsrv:~ $ tail /var/log/httpd-error.log [enter]

[Thu Jan 30 16:52:09.108534 2025] [mpm_prefork:notice] [pid 50648] AH00169: caught SIGTERM, shutting down
[Thu Jan 30 16:52:09.187884 2025] [ssl:warn] [pid 52360] AH01906: freebsdsrv.local.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jan 30 16:52:09.193692 2025] [ssl:warn] [pid 52361] AH01906: freebsdsrv.local.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jan 30 16:52:09.195173 2025] [mpm_prefork:notice] [pid 52361] AH00163: Apache/2.4.62 (FreeBSD) OpenSSL/3.0.15 configured -- resuming normal operations
[Thu Jan 30 16:52:09.195202 2025] [core:notice] [pid 52361] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
user@freebsdsrv:~ $

Show all loaded Apache24 modules with:

user@freebsdsrv:~ $ apachectl -M | sort [enter]
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 core_module (static)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 headers_module (shared)
 http_module (static)
 log_config_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 reqtimeout_module (shared)
 setenvif_module (shared)
 so_module (static)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)
 unixd_module (shared)
 version_module (shared)
Loaded Modules:
user@freebsdsrv:~ $

The Apache service should listen on port https/443. Verify this with:

user@freebsdsrv:~ $ sudo sockstat -4 -6 | grep 443 [enter]
www      httpd      52366 5   tcp6   *:443                 *:*
www      httpd      52366 6   tcp4   *:443                 *:*
www      httpd      52365 5   tcp6   *:443                 *:*
www      httpd      52365 6   tcp4   *:443                 *:*
www      httpd      52364 5   tcp6   *:443                 *:*
www      httpd      52364 6   tcp4   *:443                 *:*
www      httpd      52363 5   tcp6   *:443                 *:*
www      httpd      52363 6   tcp4   *:443                 *:*
www      httpd      52362 5   tcp6   *:443                 *:*
www      httpd      52362 6   tcp4   *:443                 *:*
root     httpd      52361 5   tcp6   *:443                 *:*
root     httpd      52361 6   tcp4   *:443                 *:*
user@freebsdsrv:~ $

Test HTTPS connection

Test HTTPS connection to the Apache Web server using address, https://freebsdsrv.local.lan. or https://192.168.1.50.

If all is well, you should see a “Your connection is not private” message since we are using a self-signed certificate.

Redirect to HTTPS

If you’d like to set HTTP connection to redirect to HTTPS (Always on SSL/TLS), Set RewriteRule to each Host settings.
For example, if you set Virtual Hostings like the link here, Add RewriteRule like follows. Or It’s possible to set RewriteRule in [.htaccess] not in [httpd.conf].

Configure Apache to load the rewrite_module modules, uncomment the line, LoadModule rewrite_module libexec/apache24/mod_rewrite.so and verify the change with:

user@freebsdsrv:~ $ sudo sed -i -e '/rewrite_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf; cat /usr/local/etc/apache24/httpd.conf | grep "rewrite_module" [enter]
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/vhost.conf [enter]
<VirtualHost *:80>
    DocumentRoot /usr/local/www/apache24/data
    ServerName freebsdsrv.local.lan
    # add RewriteRule
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
user@freebsdsrv:~ $ sudo service apache24 reload [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Performing sanity check on apache24 configuration:
Syntax OK
Performing a graceful restart
user@freebsdsrv:~ $
Apache – HTTP Server

Apache – HTTP Server

By |

Description:

The Apache HTTP Server Project aims to develop and maintain an open-source HTTP server for various modern desktop and server operating systems, such as UNIX and Windows NT. This project aims to provide a secure, efficient, and extensible server that provides HTTP services in sync with the current HTTP standards.

Apache HTTP Server version 2.4.43 or newer is required in order to operate a TLS 1.3 web server with OpenSSL 1.1.1.

WWW: http://httpd.apache.org/.

You must have a valid domain name for public access to your website.

Requirements

The following software must be installed before the Apache HTTP Server:

  1. OpenSSL – Cryptography And SSL/TLS Toolkit

Installation

Search for “apache2” in the remote package repositories with:

user@freebsdsrv:~ $ pkg search apache | egrep '^apache[0-9]+-[0-9]' [enter]
apache24-2.4.62                Version 2.4.x of Apache web server
user@freebsdsrv:~ $

In this example, apache24-2.4 will be installed.

Install Apache HTTP Server 2.4 with;

user@freebsdsrv:~ $ sudo pkg install -y apache24 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 14 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	apache24: 2.4.62
	apr: 1.7.5.1.6.3_3
	brotli: 1.1.0,1
	curl: 8.11.1_1
	expat: 2.6.4
	gdbm: 1.24
	jansson: 2.14
	libidn2: 2.3.7
	liblz4: 1.10.0,1
	libnghttp2: 1.64.0
	libpsl: 0.21.5_1
	libssh2: 1.11.1,3
	libunistring: 1.2
	zstd: 1.5.6

Number of packages to be installed: 14

The process will require 46 MiB more space.
10 MiB to be downloaded.
[1/14] Fetching libidn2-2.3.7.pkg: 100%  155 KiB 158.7kB/s    00:01    
[2/14] Fetching liblz4-1.10.0,1.pkg: 100%  163 KiB 167.3kB/s    00:01    
[3/14] Fetching zstd-1.5.6.pkg: 100%  503 KiB 515.3kB/s    00:01    
[4/14] Fetching libunistring-1.2.pkg: 100%  683 KiB 699.4kB/s    00:01    
[5/14] Fetching brotli-1.1.0,1.pkg: 100%  372 KiB 381.2kB/s    00:01    
[6/14] Fetching curl-8.11.1_1.pkg: 100%    2 MiB   1.7MB/s    00:01    
[7/14] Fetching jansson-2.14.pkg: 100%   50 KiB  51.7kB/s    00:01    
[8/14] Fetching libnghttp2-1.64.0.pkg: 100%  142 KiB 145.5kB/s    00:01    
[9/14] Fetching apr-1.7.5.1.6.3_3.pkg: 100%  500 KiB 512.4kB/s    00:01    
[10/14] Fetching apache24-2.4.62.pkg: 100%    5 MiB   5.5MB/s    00:01    
[11/14] Fetching libssh2-1.11.1,3.pkg: 100%  244 KiB 249.6kB/s    00:01    
[12/14] Fetching libpsl-0.21.5_1.pkg: 100%   65 KiB  66.1kB/s    00:01    
[13/14] Fetching expat-2.6.4.pkg: 100%  120 KiB 122.4kB/s    00:01    
[14/14] Fetching gdbm-1.24.pkg: 100%  244 KiB 250.0kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/14] Installing libunistring-1.2...
[1/14] Extracting libunistring-1.2: 100%
[2/14] Installing libidn2-2.3.7...
[2/14] Extracting libidn2-2.3.7: 100%
[3/14] Installing liblz4-1.10.0,1...
[3/14] Extracting liblz4-1.10.0,1: 100%
[4/14] Installing zstd-1.5.6...
[4/14] Extracting zstd-1.5.6: 100%
[5/14] Installing brotli-1.1.0,1...
[5/14] Extracting brotli-1.1.0,1: 100%
[6/14] Installing libnghttp2-1.64.0...
[6/14] Extracting libnghttp2-1.64.0: 100%
[7/14] Installing libssh2-1.11.1,3...
[7/14] Extracting libssh2-1.11.1,3: 100%
[8/14] Installing libpsl-0.21.5_1...
[8/14] Extracting libpsl-0.21.5_1: 100%
[9/14] Installing expat-2.6.4...
[9/14] Extracting expat-2.6.4: 100%
[10/14] Installing gdbm-1.24...
[10/14] Extracting gdbm-1.24: 100%
[11/14] Installing curl-8.11.1_1...
[11/14] Extracting curl-8.11.1_1: 100%
[12/14] Installing jansson-2.14...
[12/14] Extracting jansson-2.14: 100%
[13/14] Installing apr-1.7.5.1.6.3_3...
[13/14] Extracting apr-1.7.5.1.6.3_3: 100%
[14/14] Installing apache24-2.4.62...
===> Creating groups
Using existing group 'www'
===> Creating users
Using existing user 'www'
[14/14] Extracting apache24-2.4.62: 100%
=====
Message from apr-1.7.5.1.6.3_3:

--
The Apache Portable Runtime project removed support for FreeTDS with
version 1.6. Users requiring MS-SQL connectivity must migrate
configurations to use the added ODBC driver and FreeTDS' ODBC features.
=====
Message from apache24-2.4.62:

--
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.


- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!
user@freebsdsrv:~ $

To start the Apache HTTP Server on system boot:

user@freebsdsrv:~ $ sudo sysrc apache24_enable="YES" [enter]
apache24_enable:  -> YES
user@freebsdsrv:~ $


Open file /usr/local/etc/apache24/httpd.conf with:

user@freebsdsrv:~ $ sudo ee +217 /usr/local/etc/apache24/httpd.conf [enter]

Line 217: Change admin email address

ServerAdmin admin@local.lan

Line 226: Change to server name

ServerName freebsdsrv.local.lan:80

Make sure the Apache HTTP configuration is correct by running the following command to test:

user@freebsdsrv:~ $ sudo apachectl configtest [enter]
Performing sanity check on apache24 configuration:
Syntax OK
user@freebsdsrv:~ $

Start the httpd service

Manually start apache24 with:

user@freebsdsrv:~ $ sudo service apache24 start [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Display the apache24 service status with:

user@freebsdsrv:~ $ sudo service apache24 status [enter]
apache24 is running as pid 10207.
user@freebsdsrv:~ $

Display the /var/log/httpd-error.log file with:

user@freebsdsrv:~ $ cat /var/log/httpd-error.log [enter]
[Tue Jan 28 17:24:52.324956 2025] [mpm_prefork:notice] [pid 36445] AH00163: Apache/2.4.62 (FreeBSD) configured -- resuming normal operations
[Tue Jan 28 17:24:52.325105 2025] [core:notice] [pid 36445] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
user@freebsdsrv:~ $

Try to access the Apache HTTP server from a computer on the same network with:

http://192.168.1.50

http://freebsdsrv.local.lan

Display the /var/log/httpd-access.log file with:

user@freebsdsrv:~ $ cat /var/log/httpd-access.log [enter]
192.168.1.195 - - [30/Jan/2025:16:49:22 +0100] "GET / HTTP/1.1" 200 45
user@freebsdsrv:~ $
NTPd – NTP Daemon Program

NTPd – NTP Daemon Program

By |

Description:

The ntpd utility is an operating system daemon which sets and maintains the system time of day in synchronization with Internet standard time-servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, as defined by RFC-5905, but also retains compatibility with version 3, as defined by RFC-1305, and versions 1 and 2, as defined by RFC-1059 and RFC-1119, respectively.

Prerequisites

To follow along, make sure that your FreeBSD server has a fully configured Internet access.

Stop the ntpd daemon

Stop the ntpd daemon if it is running with:

user@freebsdsrv:~ $ sudo service ntpd stop [enter]
Stopping ntpd.
Waiting for PIDS: 1484.
user@freebsdsrv:~ $

Set the date and time via NTP, using this command:

# user@freebsdsrv:~ $ sudo ntpdate -v -b pool.ntp.org [enter]
27 Jan 16:15:43 ntpdate[4802]: ntpdate 4.2.8p18-a (1)
27 Jan 16:15:50 ntpdate[4802]: step time server 192.36.143.130 offset -0.000046 sec
user@freebsdsrv:~ $

N.B.: The ntp server “pool.ntp.org” is recommended by ntp.org. You can also select another one, check out http://www.ntp.org for details.

Default operating system daemon settings

List the defaults for ntpd with:

user@freebsdsrv:~ $ cat /etc/defaults/rc.conf | grep ntp [enter]
ntpdate_enable="NO"		# Run ntpdate to sync time on boot (or NO).
ntpdate_program="/usr/sbin/ntpdate"	# path to ntpdate, if you want a different one.
ntpdate_flags="-b"		# Flags to ntpdate (if enabled).
ntpdate_config="/etc/ntp.conf"	# ntpdate(8) configuration file
ntpdate_hosts=""		# Whitespace-separated list of ntpdate(8) servers.
ntpd_enable="NO"		# Run ntpd Network Time Protocol (or NO).
ntpd_program="/usr/sbin/ntpd"	# path to ntpd, if you want a different one.
ntpd_config="/etc/ntp.conf"	# ntpd(8) configuration file
ntpd_sync_on_start="NO"		# Sync time on ntpd startup, even if offset is high
ntpd_flags=""			# Additional flags to ntpd
ntp_src_leapfile="/etc/ntp/leap-seconds"
				# Initial source for ntpd leapfile
ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list https://data.iana.org/time-zones/tzdb/leap-seconds.list"
ntp_leapfile_fetch_opts="-mq"	# Options to use for ntp leapfile fetch,
ntp_leapfile_expiry_days=30	# Check for new leapfile 30 days prior to
ntp_leapfile_fetch_verbose="NO"	# Be verbose during NTP leapfile fetch
user@freebsdsrv:~ $

Enable start server boot

Enable start and set flags of the ntpd utility at boot time with:

user@freebsdsrv:~ $ sudo sysrc ntpd_enable="YES" ntpd_sync_on_start="YES" ntp_leapfile_fetch_verbose="YES" [enter]
ntpd_enable: YES -> YES
ntpd_sync_on_start: NO -> YES
ntp_leapfile_fetch_verbose: NO -> YES
user@freebsdsrv:~ $

Configure NTPd

The /etc/ntp.conf configuration file is read at initial startup by the ntpd(8) daemon in order to specify the synchronization sources, modes and other related information.
Update file /etc/ntp.conf to use the Swedish public NTP server with:

user@freebsdsrv:~ $ sudo sh -c "sed -i -e 's/0.freebsd.pool.ntp.org/0.se.pool.ntp.org/' /etc/ntp.conf" ; sudo sh -c "sed -i -e 's/2.freebsd.pool.ntp.org/1.se.pool.ntp.org/' /etc/ntp.conf" ; cat /etc/ntp.conf | grep se.pool.ntp.org [enter]
pool 0.se.pool.ntp.org iburst
pool 1.se.pool.ntp.org iburst
user@freebsdsrv:~ $

The drift file is by default /var/db/ntp/ntpd.drift.
Create an empty file, /var/db/ntp/ntpd.drift, with:

user@freebsdsrv:~ $ sudo touch /var/db/ntp/ntpd.drift; sudo chown ntpd:ntpd /var/db/ntp/ntpd.drift ; ls -l /var/db/ntp/ntpd.drift [enter]
-rw-r--r--  1 ntpd ntpd 9 Jan 27 16:22 /var/db/ntp/ntpd.drift
user@freebsdsrv:~ $

Download the current leap-seconds.list file with:

user@freebsdsrv:~ $ sudo rm /var/db/ntpd.leap-seconds.list ; sudo service ntpd fetch [enter]
ntp_src_leapfile version is 3929093563 expires 3960057600
ntp_db_leapfile version is 0 expires 0
replacing /var/db/ntpd.leap-seconds.list with /etc/ntp/leap-seconds
user@freebsdsrv:~ $

Manually start NTPd

Start the Network Time Protocol (NTP) daemon, with this command:

user@freebsdsrv:~ $ sudo service ntpd start [enter]
Starting ntpd.
user@freebsdsrv:~ $

Verify the NTPd setup with:

user@freebsdsrv:~ $ cat /var/log/messages | grep ntpd [enter]
...
Jan 27 16:27:29 freebsdsrv ntpd[11450]: ----------------------------------------------------
Jan 27 16:27:29 freebsdsrv ntpd[11450]: ntp-4 is maintained by Network Time Foundation,
Jan 27 16:27:29 freebsdsrv ntpd[11450]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Jan 27 16:27:29 freebsdsrv ntpd[11450]: corporation.  Support and training for ntp-4 are
Jan 27 16:27:29 freebsdsrv ntpd[11450]: available at https://www.nwtime.org/support
Jan 27 16:27:29 freebsdsrv ntpd[11450]: ----------------------------------------------------
Jan 27 16:27:29 freebsdsrv ntpd[11451]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
Jan 27 16:27:29 freebsdsrv ntpd[11451]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2025-06-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
user@freebsdsrv:~ $

NTP is a very cautious standard. It will report its stratum to 16 (the worst possible) until it’s certain it’s in sync. This can take a few minutes to a few hours.

ntpq – standard NTP query program

The ntpq utility program is used to query NTP servers to monitor NTP operations and performance, requesting information about the current state and/or changes in that state.

Print a list of the peers known to the server as well as a summary of their state:

user@freebsdsrv:~ $ ntpq --peers localhost [enter]
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.se.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.se.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
-sth2.ntp.netnod .PPS.            1 u   50   64  377   14.003   +0.642   0.117
+h-85-24-226-221 194.58.204.20    2 u   46   64  377    2.633   +0.659   0.144
*time100.stupi.s .PPS.            1 u   47   64  377   14.014   +0.466   0.107
+svl1.ntp.netnod .PPS.            1 u   44   64  377   18.632   +0.450   0.099
-h-98-128-175-45 194.58.200.20    2 u   40   64  377    2.168   +0.517   0.177
user@freebsdsrv:~ $

N.B.: Waiting for “st” to drop to 2 (since those should be stratum 2 servers) before the server is used for time sync of local computers.

ntpq Help

user@freebsdsrv:~ $ ntpq -? [enter]
ntpq - standard NTP query program - Ver. 4.2.8p17
Usage:  ntpq [ - [] | --[{=| }] ]... [ host ...]
  Flg Arg Option-Name    Description
   -4 no  ipv4           Force IPv4 name resolution
				- prohibits the option 'ipv6'
   -6 no  ipv6           Force IPv6 name resolution
				- prohibits the option 'ipv4'
   -c Str command        run a command and exit
				- may appear multiple times
   -d no  debug-level    Increase debug verbosity level
				- may appear multiple times
   -D Num set-debug-level Set the debug verbosity level
				- may appear multiple times
   -i no  interactive    Force ntpq to operate in interactive mode
				- prohibits these options:
				command
				peers
   -n no  numeric        numeric host addresses
      no  old-rv         Always output status line with readvar
   -p no  peers          Print a list of the peers
				- prohibits the option 'interactive'
   -r KWd refid          Set default display type for S2+ refids
   -u no  unconnected    Use unconnected UDP to communicate with ntpd (default on Windows)
   -w no  wide           Display the full 'remote' value
      opt version        output version information and exit
   -? no  help           display extended usage information and exit
   -! no  more-help      extended usage information passed thru pager
   -> opt save-opts      save the option state to a config file
   -< Str load-opts      load options from a config file
				- disabled as '--no-load-opts'
				- may appear multiple times

Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.

The following option preset mechanisms are supported:
 - reading file $HOME/.ntprc
 - reading file ./.ntprc
 - examining environment variables named NTPQ_*

The valid "refid" option keywords are:
  hash ipv4
  or an integer from 0 through 1

Please send bug reports to:  <https://bugs.ntp.org, bugs@ntp.org>
user@freebsdsrv:~ $

Documentation

Documentation in HTML format for the NTP server can be found in: /usr/share/doc/ntp/.

Optional: ntpstat

ntpstat is a script which prints a brief summary of the system clock’s synchronisation status when the ntpd or chronyd daemon is running. It prints the time source (NTP server or reference clock) to which the system clock is currently synchronised, its stratum, how often is the server polled, and the maximum estimated error of the clock. The script uses the ntpq or chronyc program to obtain the information from the daemon.

user@freebsdsrv:~ $ sudo pkg install -y ntpstat [enter]
Updating FreeBSD repository catalogue...
Fetching data.pkg: 100%   10 MiB  10.5MB/s    00:01    
Processing entries: 100%
FreeBSD repository update completed. 35863 packages processed.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gawk: 5.3.1
	ntpstat: 0.6_1

Number of packages to be installed: 2

The process will require 5 MiB more space.
1 MiB to be downloaded.
[1/2] Fetching ntpstat-0.6_1.pkg: 100%    4 KiB   4.3kB/s    00:01    
[2/2] Fetching gawk-5.3.1.pkg: 100%    1 MiB   1.2MB/s    00:01    
Checking integrity... done (0 conflicting)
[1/2] Installing gawk-5.3.1...
[1/2] Extracting gawk-5.3.1: 100%
[2/2] Installing ntpstat-0.6_1...
[2/2] Extracting ntpstat-0.6_1: 100%
user@freebsdsrv:~ $
How to use
user@freebsdsrv:~ $ ntpstat [enter]
synchronised to NTP server (194.58.205.20) at stratum 2
   time correct to within 39 ms
   polling server every 1024 s
user@freebsdsrv:~ $