Category: FreeBSD

sSMTP – Simple MTA to get Mail off the System

sSMTP – Simple MTA to get Mail off the System

By |

Description

A secure, effective, and simple way of getting mail off a system to your mail hub. It does not include a mail spool to poke around in and no daemons running in the background. Mail is forwarded to the configured email host. It is extremely easy to configure.

WARNING: the above is all it does; it does not receive mail, expand aliases, or manage a queue. That belongs on a mail hub with a system administrator.

WWW: http://packages.debian.org/stable/mail/ssmtp.

Installation

Install sSMTP with;

user@freebsdsrv:~ $ sudo pkg install -y ssmtp [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	ssmtp: 2.64_7

Number of packages to be installed: 1

21 KiB to be downloaded.
[1/1] Fetching ssmtp-2.64_7.pkg: 100%   21 KiB  21.6kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing ssmtp-2.64_7...
===> Creating groups
Creating group 'ssmtp' with gid '916'
[1/1] Extracting ssmtp-2.64_7: 100%
=====
Message from ssmtp-2.64_7:

--
sSMTP has been installed successfully.

Firstly, edit /etc/mail/mailer.conf to replace sendmail with ssmtp:

sendmail	/usr/local/sbin/ssmtp
send-mail	/usr/local/sbin/ssmtp
mailq		/usr/local/sbin/ssmtp
newaliases	/usr/local/sbin/ssmtp
hoststat	/usr/bin/true
purgestat	/usr/bin/true

Hint: in case sSMPT is being installed directly from ports,
editing /etc/mail/mailer.conf can be done by running "make replace".

Secondly, edit the following files to configure sSMTP:

- /usr/local/etc/ssmtp/revaliases
- /usr/local/etc/ssmtp/ssmtp.conf

At this point sSMTP should be ready to go.
--
===>   NOTICE:

The ssmtp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://docs.freebsd.org/en/articles/contributing/#ports-contributing
user@freebsdsrv:~ $

Configuration

Stop the Sendmail daemon if it is running:

user@freebsdsrv:~ $ sudo service sendmail stop [enter]
Stopping sendmail.
Waiting for PIDS: 739.
Stopping sendmail_msp_queue.
Waiting for PIDS: 742.
user@freebsdsrv:~ $

Disable sendmail on system boot with this commands:

user@freebsdsrv:~ $ sudo sysrc sendmail_enable="NONE" [enter]
sendmail_enable: YES -> NONE
user@freebsdsrv:~ $

Edit file /etc/mail/mailer.conf with:

user@freebsdsrv:~ $ sudo ee /etc/mail/mailer.conf [enter]

It should look like this:

#
# Use "ssmtp" for sending mail
#
sendmail	/usr/local/sbin/ssmtp
send-mail	/usr/local/sbin/ssmtp
mailq		/usr/local/sbin/ssmtp
newaliases	/usr/local/sbin/ssmtp
hoststat	/usr/bin/true
purgestat	/usr/bin/true

The command sendmail will invoke the ssmtp executable. But you have not told sSMTP which SMTP server to use with which credentials. These settings are looked for in the sSMTP configuration files /usr/local/etc/ssmtp/revaliases and /usr/local/etc/ssmtp/ssmtp.conf.

Copy the sample file /usr/local/etc/revaliases.sample to /usr/local/etc/revaliases with:

user@freebsdsrv:~ $ sudo cp /usr/local/etc/ssmtp/revaliases.sample /usr/local/etc/ssmtp/revaliases [enter]

…and edit appropriately with this command:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/ssmtp/revaliases [enter]

Example:

# sSMTP aliases
#
# Format:       local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:your.mail@example.net:mail.example.net
postmaster:your.mail@example.net:mail.example.net

Edit file ssmtp.conf appropriately with this command:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/ssmtp/ssmtp.conf [enter]

Example:

#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#

# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=your.mail@example.net

# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
mailhub=smtp.example.net:465

# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465

# Where will the mail seem to come from?
rewriteDomain=example.net

# The full hostname
hostname=freebsdsrv.example.net

# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES

# Use SSL/TLS to send secure messages to server.
UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES

# Use this RSA certificate.
#TLSCert=/usr/local/etc/ssmtp/ssmtp.pem

# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES

# Username/Password
AuthUser=username
AuthPass=password

Edit file /etc/crontab with:

user@freebsdsrv:~ $ sudo ee /etc/crontab [enter]

Add the following two lines (example):

# /etc/crontab - root's crontab for FreeBSD
#
#
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
HOME=/var/log
MAILTO="your.mail@example.net"
#
...

Run some tests as an unprivileged user – user should not a member of groupe ssmtp – with:

user@freebsdsrv:~ $ cat /usr/local/etc/ssmtp/ssmtp.conf [enter]
cat: /usr/local/etc/ssmtp/ssmtp.conf: Permission denied
user@freebsdsrv:~ $

Test your mail settings with:

user@freebsdsrv:~ $ echo Testing | mail -v -s Testing your.name@example.net [enter]
[<-] 220 ts201-smtpout75.ddc.example.net ESMTP Service ready
[->] EHLO freebsdsrv.local.lan
[<-] 250 SIZE 78643200
[->] AUTH LOGIN
[<-] 334 V..........6
[->] c.........y
[<-] 334 U........6
[<-] 235 LOGIN authentication successful
[->] MAIL FROM:
[<-] 250 MAIL FROM: OK
[->] RCPT TO:
[<-] 250 RCPT TO: OK
[->] DATA
[<-] 354 Start mail input; end with .
[->] Received: by freebsdsrv.local.lan (sSMTP sendmail emulation); Mon, 03 Feb 2025 15:48:39 +0100
[->] From: "Admin User" 
[->] Date: Mon, 03 Feb 2025 15:48:39 +0100
[->] To: your.name@example.net
[->] Subject: Testing
[->] 
[->] Testing
[->] .
[<-] 250 <66E9614204233F1E> Mail accepted
[->] QUIT
[<-] 221 ts201-smtpout75.ddc.example.net QUIT
user@freebsdsrv:~ $

N.B.: Mail transfer output to the terminal has been edited for security reasons!

user@freebsdsrv:~ $ mail -s "Testing sSMTP" your.address@example.net [enter]
This is a test with sSMTP [enter]

Type <Ctr><D> on a blank line to send message.

user@freebsdsrv:~ $

Change user to root and heck error log with:

user@freebsdsrv:~ $ tail /var/log/maillog [enter]
Feb  3 16:08:04 freebsdsrv sSMTP[2113]: Creating SSL connection to host
Feb  3 16:08:04 freebsdsrv sSMTP[2113]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Feb  3 16:08:05 freebsdsrv sSMTP[2113]: Sent mail for user@local.lan (221 ts201-smtpout73.ddc.example.net QUIT) uid=1001 username=user outbytes=370
user@freebsdsrv:~ $
Mantis Bug Tracker

Mantis Bug Tracker

By |

Descriptions

MantisBT is a web-based bug-tracking system made available to the public in November 2000. Over time, it has matured and gained much popularity, and now it has become one of the most popular open-source bug/issue tracking systems. MantisBT is developed in PHP, with support for multiple database backends, including MySQL, MS SQL, and PostgreSQL.

MantisBT, as a PHP script, can run on any operating system that is supported by PHP and has support for one of the DBMSes that are supported. MantisBT runs fine on Windows, Linux, macOS, and Unix operating systems.

Requirements

Install required PHP modules with:

user@freebsdsrv:~ $ sudo pkg install php84 php84-mysqli php84-mbstring php84-ctype php84-filter php84-session php84-tokenizer php84-curl php84-GD php84-fileinfo php84-soap php84-xml [enter]
...
user@freebsdsrv:~ $

Download phpMyAdmin Code

Download the current version of phpMyAdmin code with:

user@freebsdsrv:~ $ fetch https://sourceforge.net/projects/mantisbt/files/mantis-stable/2.27.0/mantisbt-2.27.0.tar.gz [enter]
mantisbt-2.27.0.tar.gz                                  15 MB  417 kBps    37s
user@freebsdsrv:~ $

Extract the Mantis Bug Tracker code

user@freebsdsrv:~ $ sudo tar zxvf mantisbt-2.27.0.tar.gz -C /usr/local/www/ [enter]
x mantisbt-2.27.0/
x mantisbt-2.27.0/bug_monitor_add.php
x mantisbt-2.27.0/bug_view_advanced_page.php
x mantisbt-2.27.0/account_prof_menu_page.php
x mantisbt-2.27.0/tag_create.php
...
x mantisbt-2.27.0/manage_proj_cat_delete.php
x mantisbt-2.27.0/bug_actiongroup_ext_page.php
x mantisbt-2.27.0/tag_view_page.php
x mantisbt-2.27.0/manage_proj_create.php
user@freebsdsrv:~ $

Delete the downloaded file mantisbt-2.27.0.tar.gz with:

user@freebsdsrv:~ $ rm mantisbt-2.27.0.tar.gz [enter]
user@freebsdsrv:~ $

Configuration

Rename the Mantis Bug Tracker directory with:

user@freebsdsrv:~ $ sudo mv /usr/local/www/mantisbt-2.27.0/ /usr/local/www/mantisbt/ [enter] 
user@freebsdsrv:~ $

Change file owner and group on the Mantis Bug Tracker directory with:

user@freebsdsrv:~ $ sudo chown -R root:www /usr/local/www/mantisbt ; sudo ls -l /usr/local/www/mantisbt/ [enter]
user@freebsdsrv:~ $

Change file owner and group on the Mantis Bug Tracker directory with:

user@freebsdsrv:~ $ sudo chmod 775 /usr/local/www/mantisbt ; sudo ls -l /usr/local/www/ [enter]
...
drwxr-xr-x  16 root www    226 Sep 29 19:11 mantisbt/
...
user@freebsdsrv:~ $

Create an Apache Include file to make Mantis Bug Tracker available on the website with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/mantisbt.conf [enter]

Add the following text;

Alias /mantisbt/ "/usr/local/www/mantisbt/"
<Directory "/usr/local/www/mantisbt/">
    DirectoryIndex index.php
    Options None
    AllowOverride Limit
    # range of access allowed
    Require ip 127.0.0.1 192.168.1.0/24
</Directory>

N.B.: Access is only allowed from computers connected to the network 192.168.1.0/24, the same network as this FreeBSD server!

Restart Apache

Restart Apache for the changes to take effect:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 9059.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $
Create the WordPress MariaDB Database

Log in to the MariaDB console with:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: <-- DBpassWD [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Create a Mantis Bug Tracker database with:

root@localhost [(none)]> CREATE DATABASE bugtracker; [enter]
Query OK, 1 row affected (0.000 sec)

root@localhost [(none)]>

Create a database user and password to manage the sudo mysql -u root -p database with:

root@localhost [(none)]> GRANT ALL PRIVILEGES ON 'bugtracker'.* TO 'btdbuser'@'localhost' IDENTIFIED BY 'btDBpassWd' WITH GRANT OPTION; [enter]
Query OK, 0 rows affected (0.859 sec)

root@localhost [(none)]>

Flush privileges with:

root@localhost [(none)]> FLUSH PRIVILEGES; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]>

Exit the MariaDB console with:

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Access the Mantis Bug Tracker README file via https://192.168.1.50/mantisbt/README.md

Access the Mantis Bug Tracker install file via https://192.168.1.50/mantisbt/admin/install.php

Warning: If the error message Can’t retrieve web page at… is displayed during the web-based installation, then perform the following workaround:

user@freebsdsrv:~ $ sudo ee +504 /usr/local/www/mantisbt/admin/install.php [enter]

Change $t_hard_fail = true; to $t_hard_fail = false;
…and continue the installation process.

Access the Mantis Bug Tracker dashboard via https://192.168.1.50/mantisbt/.

Log in as user ‘administrator’ with password ‘root’ and then change the administrator password.

The “admin” directory should be removed after you have verifyed that all is OK.

Remove the “admin” directory with:

user@freebsdsrv:~ $ sudo rm -R /usr/local/www/mantisbt/admin [enter]
user@freebsdsrv:~ $
WordPress

WordPress

By |

Download phpMyAdmin Code

Download the current version of WordPress code with:

user@freebsdsrv:~ $ fetch  https://wordpress.org/latest.tar.gz [enter]
latest.tar.gz                                           25 MB    9 MBps    03s
user@freebsdsrv:~ $

Extract the WordPress code

user@freebsdsrv:~ $ sudo tar zxvf latest.tar.gz  -C /usr/local/www/ [enter]
x wordpress/
x wordpress/xmlrpc.php
x wordpress/wp-blog-header.php
x wordpress/readme.html
...
x wordpress/wp-admin/options-reading.php
x wordpress/wp-trackback.php
x wordpress/wp-comments-post.php
user@freebsdsrv:~ $
user@freebsdsrv:~ $ ls -l /usr/local/www/wordpress [enter]
total 204
-rw-r--r--   1 nobody nogroup   405 Feb  6  2020 index.php
-rw-r--r--   1 nobody nogroup 19915 Jan  1  2024 license.txt
-rw-r--r--   1 nobody nogroup  7409 Jun 18  2024 readme.html
-rw-r--r--   1 nobody nogroup  7387 Feb 13  2024 wp-activate.php
drwxr-xr-x   9 nobody nogroup   102 Nov 21 15:07 wp-admin/
-rw-r--r--   1 nobody nogroup   351 Feb  6  2020 wp-blog-header.php
-rw-r--r--   1 nobody nogroup  2323 Jun 14  2023 wp-comments-post.php
-rw-r--r--   1 nobody nogroup  3336 Oct 15 17:24 wp-config-sample.php
drwxr-xr-x   4 nobody nogroup     5 Nov 21 15:07 wp-content/
-rw-r--r--   1 nobody nogroup  5617 Aug  2  2024 wp-cron.php
drwxr-xr-x  30 nobody nogroup   270 Nov 21 15:07 wp-includes/
-rw-r--r--   1 nobody nogroup  2502 Nov 26  2022 wp-links-opml.php
-rw-r--r--   1 nobody nogroup  3937 Mar 11  2024 wp-load.php
-rw-r--r--   1 nobody nogroup 51367 Sep 30 21:12 wp-login.php
-rw-r--r--   1 nobody nogroup  8543 Sep 19 00:37 wp-mail.php
-rw-r--r--   1 nobody nogroup 29032 Sep 30 19:08 wp-settings.php
-rw-r--r--   1 nobody nogroup 34385 Jun 19  2023 wp-signup.php
-rw-r--r--   1 nobody nogroup  5102 Oct 18 17:56 wp-trackback.php
-rw-r--r--   1 nobody nogroup  3246 Mar  2  2024 xmlrpc.php
user@freebsdsrv:~ $

Set file owner and group to www:www with:

user@freebsdsrv:~ $ sudo chown -R www:www /usr/local/www/wordpress ; ls -l /usr/local/www/wordpress [enter]
total 204
-rw-r--r--   1 www www   405 Feb  6  2020 index.php
-rw-r--r--   1 www www 19915 Jan  1  2024 license.txt
-rw-r--r--   1 www www  7409 Jun 18  2024 readme.html
-rw-r--r--   1 www www  7387 Feb 13  2024 wp-activate.php
drwxr-xr-x   9 www www   102 Nov 21 15:07 wp-admin/
-rw-r--r--   1 www www   351 Feb  6  2020 wp-blog-header.php
-rw-r--r--   1 www www  2323 Jun 14  2023 wp-comments-post.php
-rw-r--r--   1 www www  3336 Oct 15 17:24 wp-config-sample.php
drwxr-xr-x   4 www www     5 Nov 21 15:07 wp-content/
-rw-r--r--   1 www www  5617 Aug  2  2024 wp-cron.php
drwxr-xr-x  30 www www   270 Nov 21 15:07 wp-includes/
-rw-r--r--   1 www www  2502 Nov 26  2022 wp-links-opml.php
-rw-r--r--   1 www www  3937 Mar 11  2024 wp-load.php
-rw-r--r--   1 www www 51367 Sep 30 21:12 wp-login.php
-rw-r--r--   1 www www  8543 Sep 19 00:37 wp-mail.php
-rw-r--r--   1 www www 29032 Sep 30 19:08 wp-settings.php
-rw-r--r--   1 www www 34385 Jun 19  2023 wp-signup.php
-rw-r--r--   1 www www  5102 Oct 18 17:56 wp-trackback.php
-rw-r--r--   1 www www  3246 Mar  2  2024 xmlrpc.php
user@freebsdsrv:~ $

Create an Apache Include file to make wordpress available on the website with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/wordpress.conf [enter]

Add the following text;

Alias /wp/ "/usr/local/www/wordpress/"
<Directory "/usr/local/www/wordpress/">
    DirectoryIndex index.php
    Options None
    AllowOverride Limit
    # range of access allowed
    Require ip 127.0.0.1 192.168.1.0/24
</Directory>

N.B.: Access is only allowed from computers connected to the network 192.168.1.0/24, the same network as this FreeBSD server!

Restart Apache

Restart Apache for the changes to take effect:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 9059.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Create the WordPress MariaDB Database

Log in to the MariaDB console with:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: <-- DBpassWD [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Create a WordPress database with:

root@localhost [(none)]> create database wordpress; [enter]
Query OK, 1 row affected (0.000 sec)

root@localhost [(none)]>

Create a database user and password to manage the wordpress database with:

root@localhost [(none)]> grant all privileges on wordpress.* to 'wpdbadmin'@'localhost' identified by 'WPdbpassWd'; [enter]
Query OK, 0 rows affected (0.859 sec)

root@localhost [(none)]>

Flush privileges with:

root@localhost [(none)]> flush privileges; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]>

Exit the MariaDB console with:

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Create file wp-config.php with:

user@freebsdsrv:~ $ sudo cp /usr/local/www/wordpress/wp-config-sample.php /usr/local/www/wordpress/wp-config.php [enter]
user@freebsdsrv:~ $

Generate unique phrases using the WordPress.org secret-key service at:
https://api.wordpress.org/secret-key/1.1/salt/

Edit file wp-config.php with:

user@freebsdsrv:~ $ sudo ee /usr/local/www/wordpress/wp-config.php [enter]

…and update settings as in this example:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the website, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/
 *
 * @package WordPress
 */

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );

/** Database username */
define( 'DB_USER', 'wpdbadmin' );

/** Database password */
define( 'DB_PASSWORD', 'WPdbpassWd' );

/** Database hostname */
define( 'DB_HOST', 'localhost:/var/run/mysql/mysql.sock' );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

/** Download and install online files or updates without running FTP server. */
define('FS_METHOD', 'direct');

/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'O?wuw>h$O:[%S6Lo0M}FYMvH,)1i=Y,SK+cvD#-6g6%cb|0WGZqUvp59ar,XV4hU');
define('SECURE_AUTH_KEY',  ':0h a;/LJc--PaG-PnwT(!eoWV;-A#n%}$ UiDNKsj,@QqV=,}rQ&&A}rQ99_Qbu');
define('LOGGED_IN_KEY',    '-!Zx)z6;=if;ui }BPy-91=r5xgDJn+V8:B>`{+n$RM,dVEAk; YrAJk%GS=|;JF');
define('NONCE_KEY',        '77zgrS_oip)dcQM!;]JH*!S=7GzS^T+fH<mF548.q4^|ASDPIw|hwVcaVv{Hl^&%');
define('AUTH_SALT',        'UBt<2jMOL3e/^gzi=LX+$kzsC5||b],@;srO8Z0q612^rcyuK!Eft9)`g=@dSn G');
define('SECURE_AUTH_SALT', ':<<8<S@MVR!.}2?(o=,t@,@5}Uu+c(Xi0A`Cn[dxTMJgvLjeXTnrx`d5A)-xF1+V'); define('LOGGED_IN_SALT', '@E{7>+%(Bw#?3+q|vN)Z?mr?evIEo3I>+S<<AEBFSKCK:bWYk0My]OKVD-pp2i#g');
define('NONCE_SALT',       'y+OD9?eFIE$T/.:;%FZA.|C%T6ikt,H5K.I-!2cAn<^+p>.+3eDc7v,c+1LdlUyH');

/**#@-*/

/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 *
 * At the installation time, database tables are created with the specified prefix.
 * Changing this value after WordPress is installed will make your site think
 * it has not been installed.
 *
 * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#table-prefix
 */
$table_prefix = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/
 */
define( 'WP_DEBUG', false );

/* Add any custom values between this line and the "stop editing" line. */

/* That's all, stop editing! Happy publishing. */

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

Run the WordPress Famous 5-minute install

In your browser go to https://192.168.1.50/wordpress/readme.html.

Click the link wp-admin/install.php and follow the instruction on the screen.

PhpMyAdmin – PHP-Scripts To Manage MariaDB/MySQL

PhpMyAdmin – PHP-Scripts To Manage MariaDB/MySQL

By |

Description:

phpMyAdmin is a free software tool developed in PHP designed to manage MySQL administration over the web. It supports a wide range of operations on MySQL and MariaDB. Common tasks such as managing databases, tables, columns, relationships, indexes, users, permissions, and more can be performed through the user interface. Additionally, you can execute any SQL statement directly.
WWW: https://www.phpmyadmin.net/.

Requirements

The following application(s) must be installed, configured, and running before phpMyadmin is installed:

  1. Apache – Enable Hypertext Transfer Protocol Secure (HTTPS)
  2. Apache – PHP Scripting Language (8.4.X Branch)
  3. Apache – PHP-FPM (FastCGI Process Manager)
  4. MariaDB – Multithreaded SQL Database Server/Client

Check the version of PHP installed with:

user@freebsdsrv:~ $ php -v [enter]
PHP 8.3.15 (cli) (built: Jan 30 2025 02:19:13) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.15, Copyright (c), by Zend Technologies
user@freebsdsrv:~ $

In this example, PHP version 8.3.15 is installed.

Download phpMyAdmin Code

Download the latest version of the phpMyAdmin code. with:

user@freebsdsrv:~ $ fetch https://files.phpmyadmin.net/phpMyAdmin/5.2.2/phpMyAdmin-5.2.2-all-languages.tar.gz [enter]
phpMyAdmin-5.2.2-all-languages.tar.gz                   13 MB   27 MBps    01s
user@freebsdsrv:~ $

Extract the phpMyAdmin code

user@freebsdsrv:~ $ sudo tar zxvf phpMyAdmin-5.2.2-all-languages.tar.gz -C /usr/local/www/ [enter]
x phpMyAdmin-5.2.2-all-languages/
x phpMyAdmin-5.2.2-all-languages/.rtlcssrc.json
x phpMyAdmin-5.2.2-all-languages/CONTRIBUTING.md
x phpMyAdmin-5.2.2-all-languages/ChangeLog
x phpMyAdmin-5.2.2-all-languages/LICENSE
x phpMyAdmin-5.2.2-all-languages/README
x phpMyAdmin-5.2.2-all-languages/RELEASE-DATE-5.2.2

...
x phpMyAdmin-5.2.2-all-languages/vendor/williamdes/mariadb-mysql-kbs/src/Search.php
x phpMyAdmin-5.2.2-all-languages/vendor/williamdes/mariadb-mysql-kbs/src/SlimData.php
x phpMyAdmin-5.2.2-all-languages/yarn.lock
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo mv /usr/local/www/phpMyAdmin-5.2.2-all-languages/ /usr/local/www/phpMyAdmin [enter] 
user@freebsdsrv:~ $

Configuration

Display the MariaDB sock with:

user@freebsdsrv:~ $ sudo sockstat | grep "mariadb" [enter]
mysql    mariadbd    3620 20  tcp4   127.0.0.1:3306        *:*
mysql    mariadbd    3620 21  stream /var/run/mysql/mysql.sock
user@freebsdsrv:~ $

Create a copy of file /usr/local/www/phpMyAdmin/config.sample.inc.php to /usr/local/www/phpMyAdmin/config.inc.php with:

user@freebsdsrv:~ $ sudo cp /usr/local/www/phpMyAdmin/config.sample.inc.php /usr/local/www/phpMyAdmin/config.inc.php ; ls -l /usr/local/www/phpMyAdmin/config* [enter]
-rw-r--r--  1 root wheel 4810 Jan 31 23:57 /usr/local/www/phpMyAdmin/config.inc.php
-rw-r--r--  1 root wheel 4810 Jan 21 04:15 /usr/local/www/phpMyAdmin/config.sample.inc.php
user@freebsdsrv:~ $

Create a Blowfish secret required for cookie-based authentication to encrypt passwords in cookies. The secret must be a 32-byte long string of random bytes. Generate the Blowfish secret with (Example; DO NOT USE THIS CODE!):

user@freebsdsrv:~ $ sudo openssl rand -hex 16 [enter]
f0ae3f22ccd506ec5430f3ac6fde0d63
user@freebsdsrv:~ $

Edit file /usr/local/www/phpMyAdmin/config.inc.php with:

user@freebsdsrv:~ $ sudo ee /usr/local/www/phpMyAdmin/config.inc.php [enter]

Add 32 random characters to $cfg[‘blowfish_secret’] to encrypt passwords in cookies as in this example:

$cfg['blowfish_secret'] = 'f0ae3f22ccd506ec5430f3ac6fde0d63'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

..and then add $cfg[‘Servers’][$i][‘socket’] = ‘/var/run/mysql/mysql.sock’; as in this example:

...
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['socket'] = '/var/run/mysql/mysql.sock';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
...

Create a UploadDir directory where SQL files can be uploaded by other means than phpMyAdmin (for example, FTP) and then set permissions with:

user@freebsdsrv:~ $ sudo mkdir /usr/local/www/phpMyAdmin/UploadDir; sudo chmod -vv 777 /usr/local/www/phpMyAdmin/UploadDir [enter]
/usr/local/www/phpMyAdmin/UploadDir: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
user@freebsdsrv:~ $

Create a SaveDir webserver directory where exported files can be saved and then set permissions with:

user@freebsdsrv:~ $ sudo mkdir /usr/local/www/phpMyAdmin/SaveDir ; sudo chmod -vv 777 /usr/local/www/phpMyAdmin/SaveDir [enter]
/usr/local/www/phpMyAdmin/SaveDir: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
user@freebsdsrv:~ $

Create a tmp for template caching with:

user@freebsdsrv:~ $ sudo mkdir /usr/local/www/phpMyAdmin/tmp ; sudo chmod -vv 777 /usr/local/www/phpMyAdmin/tmp [enter]
/usr/local/www/phpMyAdmin/tmp: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
user@freebsdsrv:~ $

Create an Apache Include file to make phpMyAdmin available on the website with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/phpMyAdmin.conf [enter]

Add the following text;

Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
    DirectoryIndex index.php
    Options None
    AllowOverride Limit
    # range of access allowed
    Require ip 127.0.0.1 192.168.1.0/24
</Directory>

N.B.: Access is only allowed from computers connected to the network 192.168.1.0/24, the same network as this FreeBSD server!
The mbstring and mysqli extension is required by phpMyAdmin. Install php83-mbstring and php83-mysqli with:

user@freebsdsrv:~ $ sudo pkg install -y php83-mbstring php83-mysqli [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	oniguruma: 6.9.10
	php83-mbstring: 8.3.15
	php83-mysqli: 8.3.15

Number of packages to be installed: 3

The process will require 5 MiB more space.
1 MiB to be downloaded.
[1/3] Fetching php83-mysqli-8.3.15.pkg: 100%   52 KiB  53.6kB/s    00:01    
[2/3] Fetching php83-mbstring-8.3.15.pkg: 100%  922 KiB 944.0kB/s    00:01    
[3/3] Fetching oniguruma-6.9.10.pkg: 100%  253 KiB 258.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/3] Installing oniguruma-6.9.10...
[1/3] Extracting oniguruma-6.9.10: 100%
[2/3] Installing php83-mysqli-8.3.15...
[2/3] Extracting php83-mysqli-8.3.15: 100%
[3/3] Installing php83-mbstring-8.3.15...
[3/3] Extracting php83-mbstring-8.3.15: 100%
=====
Message from php83-mysqli-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-mysqli.ini.sample
=====
Message from php83-mbstring-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-mbstring.ini.sample
user@freebsdsrv:~ $

Restart PHP-FMP and Apache for the changes to take effect.
Restart PHP-FMP with:

user@freebsdsrv:~ $ sudo service php_fpm restart [enter]
Performing sanity check on php-fpm configuration:
[04-Feb-2025 13:23:56] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful
Stopping php_fpm.
Waiting for PIDS: 2041.
Performing sanity check on php-fpm configuration:
[04-Feb-2025 13:23:56] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful
Starting php_fpm.
freebsdsrv:~ $

Show PHP-FMP status with:

user@freebsdsrv:~ $ sudo service php_fpm status [enter]
php_fpm is running as pid 2662.
freebsdsrv:~ $

Restart Apache with:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 2009.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Show Apache status with:

user@freebsdsrv:~ $ sudo service apache24 status [enter]
apache24 is running as pid 2698.
freebsdsrv:~ $

phpMyAdmin Dashboard

Access the phpMyAdmin dashboard via https://192.168.1.50/phpmyadmin/index.php.
Log in to phpMyAdmin dashboard with the MariaDB database root/DBpassWd credentials.
N.B.: phpMyAdmin is not completely set up!
Some features are not enabled, and this should be indicated on the phpMyAdmin dashboard. Click on the ‘Find out why’ at the end of this message and complete the operation in the phpMyAdmin configuration storage dashboard.

If you encounter a phpMyAdmin login problems:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: DBpassWd [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> SET old_passwords=0; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]> ALTER USER root@localhost IDENTIFIED BY 'DBpassWd'; [enter]
Query OK, 0 rows affected (0.428 sec)

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Enable PMA function

Add user PMA with:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: DBpassWd [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> SET old_passwords=0; [enter]
Query OK, 0 rows affected (0.000 sec)

root@localhost [(none)]> CREATE USER 'pma'@'localhost' IDENTIFIED VIA mysql_native_password USING 'pmaPassWd'; [enter]
Query OK, 0 rows affected (0.428 sec)

root@localhost [(none)]> GRANT ALL PRIVILEGES ON `phpmyadmin`.* TO 'pma'@'localhost'; [enter]
Query OK, 0 rows affected (0.428 sec)

root@localhost [(none)]> FLUSH PRIVILEGES; [enter]
Query OK, 0 rows affected (0 sec)

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Enable use of PMA with:

user@freebsdsrv:~ $ sudo sudo ee +43 /usr/local/www/phpMyAdmin/config.inc.php [enter]
...
/**
 * phpMyAdmin configuration storage settings.
 */

/* User used to manipulate with storage */
// $cfg['Servers'][$i]['controlhost'] = '';
// $cfg['Servers'][$i]['controlport'] = '';
$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'pmaPassWd';

/* Storage database and tables */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
...

phpMyAdmin Configuration File

user@freebsdsrv:~ $ sudo ee /usr/local/www/phpMyAdmin/config.inc.php [enter]
<?php
/**
 * phpMyAdmin sample configuration, you can use it as base for
 * manual configuration. For easier setup you can use setup/
 *
 * All directives are explained in documentation in the doc/ folder
 * or at <https://docs.phpmyadmin.net/>.
 */

declare(strict_types=1);

/**
 * This is needed for cookie based authentication to encrypt the cookie.
 * Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
 */
$cfg['blowfish_secret'] = '7dc4d9bc3eafddd348d0c1bb7d34d139'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/**
 * Servers configuration
 */
$i = 0;

/**
 * First server
 */
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['socket'] = '/var/run/mysql/mysql.sock';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;

/**
 * phpMyAdmin configuration storage settings.
 */

/* User used to manipulate with storage */
// $cfg['Servers'][$i]['controlhost'] = '';
// $cfg['Servers'][$i]['controlport'] = '';
// $cfg['Servers'][$i]['controluser'] = 'pma';
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';

/* Storage database and tables */
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
// $cfg['Servers'][$i]['relation'] = 'pma__relation';
// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
// $cfg['Servers'][$i]['history'] = 'pma__history';
// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
// $cfg['Servers'][$i]['recent'] = 'pma__recent';
// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
// $cfg['Servers'][$i]['users'] = 'pma__users';
// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';

/**
 * End of servers configuration
 */

/**
 * Directories for saving/loading files from server
 */
$cfg['UploadDir'] = '/usr/local/www/phpMyAdmin/UploadDir';
$cfg['SaveDir'] = '/usr/local/www/phpMyAdmin/SaveDir';

/**
 * Whether to display icons or text or both icons and text in table row
 * action segment. Value can be either of 'icons', 'text' or 'both'.
 * default = 'both'
 */
//$cfg['RowActionType'] = 'icons';

/**
 * Defines whether a user should be displayed a "show all (records)"
 * button in browse mode or not.
 * default = false
 */
//$cfg['ShowAll'] = true;

/**
 * Number of rows displayed when browsing a result set. If the result
 * set contains more rows, "Previous" and "Next".
 * Possible values: 25, 50, 100, 250, 500
 * default = 25
 */
//$cfg['MaxRows'] = 50;

/**
 * Disallow editing of binary fields
 * valid values are:
 *   false    allow editing
 *   'blob'   allow editing except for BLOB fields
 *   'noblob' disallow editing except for BLOB fields
 *   'all'    disallow editing
 * default = 'blob'
 */
//$cfg['ProtectBinary'] = false;

/**
 * Default language to use, if not browser-defined or user-defined
 * (you find all languages in the locale folder)
 * uncomment the desired line:
 * default = 'en'
 */
//$cfg['DefaultLang'] = 'en';
//$cfg['DefaultLang'] = 'de';

/**
 * How many columns should be used for table display of a database?
 * (a value larger than 1 results in some information being hidden)
 * default = 1
 */
//$cfg['PropertiesNumColumns'] = 2;

/**
 * Set to true if you want DB-based query history.If false, this utilizes
 * JS-routines to display query history (lost by window close)
 *
 * This requires configuration storage enabled, see above.
 * default = false
 */
//$cfg['QueryHistoryDB'] = true;

/**
 * When using DB-based query history, how many entries should be kept?
 * default = 25
 */
//$cfg['QueryHistoryMax'] = 100;

/**
 * Whether or not to query the user before sending the error report to
 * the phpMyAdmin team when a JavaScript error occurs
 *
 * Available options
 * ('ask' | 'always' | 'never')
 * default = 'ask'
 */
//$cfg['SendErrorReports'] = 'always';

/**
 * 'URLQueryEncryption' defines whether phpMyAdmin will encrypt sensitive data from the URL query string.
 * 'URLQueryEncryptionSecretKey' is a 32 bytes long secret key used to encrypt/decrypt the URL query string.
 */
//$cfg['URLQueryEncryption'] = true;
//$cfg['URLQueryEncryptionSecretKey'] = '';

/**
 * You can find more configuration options in the documentation
 * in the doc/ folder or at <https://docs.phpmyadmin.net/>.
 */
MariaDB – Multithreaded SQL Database Server/Client

MariaDB – Multithreaded SQL Database Server/Client

By |

Description:

MariaDB is a database server that offers drop-in replacement functionality for MySQL. MariaDB is built by some of the original authors of MySQL, with assistance from the broader community of Free and open-source software developers. In addition to the core functionality of MySQL, MariaDB offers a rich set of feature enhancements, including alternate storage engines, server optimizations, and patches.

Developers primarily drive MariaDB at Monty Program, a company founded by Michael “Monty” Widenius, the original author of MySQL, but this is not the whole story about MariaDB. On the “About MariaDB” page, you will find more information about all participants in the MariaDB community, including storage engines XtraDB and PBXT.

WWW: https://mariadb.org/.

Creat ZFS datasets for MariaDB databas storage

One area that definitely needs Specialized Tuning is when you create a ZFS mount specifically for a database.

N.B.: This should be done on a new MariaDB install. It is assumed mySQL has never run on this machine, so the data directories are not populated (on FreeBSD, the first run of mySQL creates the data files. If you have run it, back up any data, then:

### WARNING!, WARNING!, WARNING ###
This will delete any existing databases!

user@freebsdsrv:~ $ sudo rm -fR /var/db/mysql/* [enter]
user@freebsdsrv:~ $

Create ZFS datasets for MariaDB with:

user@freebsdsrv:~ $ sudo zfs create zroot/db ; sudo zfs create zroot/db/logs ; sudo zfs create zroot/db/innodb ; sudo zfs create zroot/db/myisam [enter]
user@freebsdsrv:~ $

Set global ZFS paraemters with:

user@freebsdsrv:~ $ sudo zfs set zfs:zfs_nocacheflush=1 zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set setuid=off zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set primarycache=metadata zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set atime=off zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set sync=disabled zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set compression=off zroot/db [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set logbias=throughput zroot/db [enter]
user@freebsdsrv:~ $

Set individual parameters (blocksizes) with:

user@freebsdsrv:~ $ sudo zfs set recordsize=16k zroot/db/innodb [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set recordsize=128k zroot/db/logs [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set recordsize=8k zroot/db/myisam [enter]
user@freebsdsrv:~ $

Create directories, set the mount points and then set ownership with:

user@freebsdsrv:~ $ sudo mkdir /var/log/mysql [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set mountpoint=/var/log/mysql zroot/db/logs [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo mkdir /var/db/mysql [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set mountpoint=/var/db/mysql zroot/db/myisam [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo mkdir /var/db/mysql-innodb [enter]
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo zfs set mountpoint=/var/db/mysql-innodb zroot/db/innodb [enter]
user@freebsdsrv:~ $

To start the MariaDB Server on system boot:

user@freebsdsrv:~ $ sudo sysrc mysql_enable="YES" [enter]
mysql_enable:  -> YES
user@freebsdsrv:~ $

Installation

Search for “mariadb” in the remote package repositories with:

user@freebsdsrv:~ $ pkg search mariadb1 [enter]
mariadb1011-client-10.11.10_1  Multithreaded SQL database (client)
mariadb1011-server-10.11.10_1  Multithreaded SQL database (server)
mariadb105-client-10.5.27      Multithreaded SQL database (client)
mariadb105-server-10.5.27      Multithreaded SQL database (server)
mariadb106-client-10.6.20      Multithreaded SQL database (client)
mariadb106-server-10.6.20      Multithreaded SQL database (server)
mariadb114-client-11.4.4       Multithreaded SQL database (client)
mariadb114-server-11.4.4       Multithreaded SQL database (server)
user@freebsdsrv:~ $

In this example, mariadb114-server and mariadb114-client will be installed with;

user@freebsdsrv:~ $ sudo pkg install -y mariadb114-server mariadb114-client [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 10 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	bash: 5.2.37
	boost-libs: 1.85.0
	galera26: 26.4.16_3
	icu: 74.2_1,1
	libfmt: 10.2.1
	mariadb114-client: 11.4.3
	mariadb114-server: 11.4.3
	rsync: 3.3.0
	unixODBC: 2.3.12_1
	xxhash: 0.8.2_1

Number of packages to be installed: 10

The process will require 591 MiB more space.
82 MiB to be downloaded.
[1/10] Fetching galera26-26.4.16_3.pkg: 100%  908 KiB 929.6kB/s    00:01    
[2/10] Fetching boost-libs-1.85.0.pkg: 100%   15 MiB  15.2MB/s    00:01    
[3/10] Fetching unixODBC-2.3.12_1.pkg: 100%  547 KiB 559.9kB/s    00:01    
[4/10] Fetching mariadb114-server-11.4.3.pkg: 100%   49 MiB  51.3MB/s    00:01    
[5/10] Fetching icu-74.2_1,1.pkg: 100%   13 MiB  13.2MB/s    00:01    
[6/10] Fetching xxhash-0.8.2_1.pkg: 100%   92 KiB  93.9kB/s    00:01    
[7/10] Fetching bash-5.2.37.pkg: 100%    2 MiB   1.8MB/s    00:01    
[8/10] Fetching mariadb114-client-11.4.3.pkg: 100%    3 MiB   2.9MB/s    00:01    
[9/10] Fetching rsync-3.3.0.pkg: 100%  396 KiB 405.7kB/s    00:01    
[10/10] Fetching libfmt-10.2.1.pkg: 100%  178 KiB 182.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/10] Installing icu-74.2_1,1...
[1/10] Extracting icu-74.2_1,1: 100%
[2/10] Installing boost-libs-1.85.0...
[2/10] Extracting boost-libs-1.85.0: 100%
[3/10] Installing xxhash-0.8.2_1...
[3/10] Extracting xxhash-0.8.2_1: 100%
[4/10] Installing libfmt-10.2.1...
[4/10] Extracting libfmt-10.2.1: 100%
[5/10] Installing galera26-26.4.16_3...
[5/10] Extracting galera26-26.4.16_3: 100%
[6/10] Installing unixODBC-2.3.12_1...
[6/10] Extracting unixODBC-2.3.12_1: 100%
[7/10] Installing bash-5.2.37...
[7/10] Extracting bash-5.2.37: 100%
[8/10] Installing mariadb114-client-11.4.3...
===> Creating groups
Creating group 'mysql' with gid '88'
===> Creating users
Creating user 'mysql' with uid '88'
===> Creating homedir(s)
[8/10] Extracting mariadb114-client-11.4.3: 100%
[9/10] Installing rsync-3.3.0...
[9/10] Extracting rsync-3.3.0: 100%
[10/10] Installing mariadb114-server-11.4.3...
===> Creating groups
Using existing group 'mysql'
===> Creating users
Using existing user 'mysql'
===> Creating homedir(s)
[10/10] Extracting mariadb114-server-11.4.3: 100%
=====
Message from boost-libs-1.85.0:

--
You have built the Boost library with thread support.

Don't forget to add -pthread to your linker options when
linking your code.
=====
Message from galera26-26.4.16_3:

--
Find the Galera Cluster documentation at
https://galeracluster.com/library/documentation/index.html
=====
Message from mariadb114-client-11.4.3:

--
MariaDB respects hier(7) and doesn't check /etc and /etc/mysql for
my.cnf. Please move existing my.cnf files from those paths to
/usr/local/etc/mysql or /usr/local/etc. Sample
configuration files are provided in /usr/local/etc/mysql
and /usr/local/etc/mysql/conf.d.
The rc(8) script no longer uses /var/db/mysql/my.cnf for configuration
nor /var/db/mysql for logs and PID-file.

This port does NOT include the mytop perl script, this is included in
the MariaDB tarball but the most recent version can be found in the
databases/mytop port

%%WSREP%%The Using wsrep clustering requires additional configuration.
%%WSREP%%Edit /usr/local/etc/mysql/conf.d/wsrep.conf and change what you need there.

The hashicorp_key_management, s3 and spider plugins must be enabled
before they can be used, check the specific .cnf files in /usr/local/etc/mysql/conf.d/
=====
Message from rsync-3.3.0:

--
Some scripts provided by rsync, such as rrsync,
require Python, which is not installed by default.
=====
Message from mariadb114-server-11.4.3:

--
MariaDB respects hier(7) and doesn't check /etc and /etc/mysql for
my.cnf. Please move existing my.cnf files from those paths to
/usr/local/etc/mysql or /usr/local/etc. Sample
configuration files are provided in /usr/local/etc/mysql
and /usr/local/etc/mysql/conf.d.
The rc(8) script no longer uses /var/db/mysql/my.cnf for configuration
nor /var/db/mysql for logs and PID-file.

This port does NOT include the mytop perl script, this is included in
the MariaDB tarball but the most recent version can be found in the
databases/mytop port

The Using wsrep clustering requires additional configuration.
Edit /usr/local/etc/mysql/conf.d/wsrep.conf and change what you need there.

The hashicorp_key_management, s3 and spider plugins must be enabled
before they can be used, check the specific .cnf files in /usr/local/etc/mysql/conf.d/
user@freebsdsrv:~ $

Change owner on MaraDB directories with:

user@freebsdsrv:~ $ sudo chown mysql:mysql /var/log/mysql ; sudo chown mysql:mysql /var/db/mysql ; sudo chown mysql:mysql /var/db/mysql-innodb [enter]
user@freebsdsrv:~ $

Initialize the MariaDB data directory and sart the MySQL server with:

user@freebsdsrv:~ $ sudo service mysql-server start [enter]
Installing MariaDB/MySQL system tables in './data' ...
OK

To start mariadbd at boot time you have to copy
support-files/mariadb.service to the right place for your system


Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is mysql@localhost, it has no password either, but
you need to be the system 'mysql' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo

See the MariaDB Knowledgebase at https://mariadb.com/kb

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mariadbd-safe --datadir='./data'

You can test the MariaDB daemon with mariadb-test-run.pl
cd '/usr/local/' ; perl mariadb-test-run.pl

Please report any problems at https://mariadb.org/jiraThe latest information about MariaDB is available at https://mariadb.org/.

Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
user@freebsdsrv:~ $

Verify status with:

user@freebsdsrv:~ $ sudo service mysql-server status [enter]
mysql is running as pid 14018.
user@freebsdsrv:~ $

Set MariaDB server root password with:

user@freebsdsrv:~ $ sudo /usr/local/bin/mariadb-admin -u root password 'DBrootPassWd' [enter]
user@freebsdsrv:~ $

Confirm that the MariaDB service is up and running by checking its status with:

user@freebsdsrv:~ $ sudo service mysql-server status [enter]
mysql is running as pid 6971.
user@freebsdsrv:~ $

Display file /var/log/mysql/mysqld.err with:

user@freebsdsrv:~ $ sudo cat /var/log/mysql/mysqld.err [enter]
2025-02-03 22:42:02 0 [Warning] 'wsrep-causal-reads' was removed. It does nothing now and exists only for compatibility with old my.cnf files.
2025-02-03 22:42:05 0 [Note] Starting MariaDB 11.4.4-MariaDB source revision e9a502df08bad16aa8a354e854f3c014b1380e32 server_uid DByzGKgo5W7evv3aCV6HD1tucBU= as process 14018
2025-02-03 22:42:05 0 [Note] InnoDB: Compressed tables use zlib 1.3.1
2025-02-03 22:42:05 0 [Note] InnoDB: Number of transaction pools: 1
2025-02-03 22:42:05 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2025-02-03 22:42:05 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
2025-02-03 22:42:05 0 [Note] InnoDB: Completed initialization of buffer pool
2025-02-03 22:42:06 0 [Note] InnoDB: End of log at LSN=47907
2025-02-03 22:42:06 0 [Note] InnoDB: Opened 3 undo tablespaces
2025-02-03 22:42:06 0 [Note] InnoDB: 128 rollback segments in 3 undo tablespaces are active.
2025-02-03 22:42:06 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
2025-02-03 22:42:06 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
2025-02-03 22:42:06 0 [Note] InnoDB: log sequence number 47907; transaction id 16
2025-02-03 22:42:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/db/mysql/ib_buffer_pool
2025-02-03 22:42:06 0 [Note] Plugin 'FEEDBACK' is disabled.
2025-02-03 22:42:06 0 [Note] Plugin 'wsrep-provider' is disabled.
2025-02-03 22:42:06 0 [Warning] 'wsrep-causal-reads' was removed. It does nothing now and exists only for compatibility with old my.cnf files.
2025-02-03 22:42:06 0 [Warning] 'wsrep-causal-reads' was removed. It does nothing now and exists only for compatibility with old my.cnf files.
2025-02-03 22:42:06 0 [Note] InnoDB: Buffer pool(s) load completed at 250203 22:42:06
2025-02-03 22:42:09 0 [Note] Server socket created on IP: '0.0.0.0'.
2025-02-03 22:42:09 0 [Note] mariadbd: Event Scheduler: Loaded 0 events
2025-02-03 22:42:09 0 [Note] /usr/local/libexec/mariadbd: ready for connections.
Version: '11.4.4-MariaDB'  socket: '/var/run/mysql/mysql.sock'  port: 3306  FreeBSD Ports

Harden the MariaDB database server with:

user@freebsdsrv:~ $ sudo mariadb-secure-installation [enter]

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): <--DBrootPassWd [enter]
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] [enter]
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] n [enter]
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] [enter]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] [enter]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] [enter]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] [enter]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
user@freebsdsrv:~ $

Access MariaDB using the root user:

user@freebsdsrv:~ $ sudo mysql -u root -p [enter]
Enter password: <-- DBrootPassWd [enter]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 11.4.4-MariaDB FreeBSD Ports

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Exit MariaDB root with:

root@localhost [(none)]> exit [enter]
Bye
user@freebsdsrv:~ $

Lists open Internet or UNIX domain sockets MariaDB service binds to with:

user@freebsdsrv:~ $ sockstat | grep 3306 [enter]
mysql    mariadbd   43037 24  tcp4   *:3306                *:*
user@freebsdsrv:~ $

To prevent remote access to MariaDB, we must make sure that the daemon of MariaDB only listens to the localhost with:

user@freebsdsrv:~ $ sudo sysrc mysql_args="--bind-address=127.0.0.1" [enter]
mysql_args:  -> --bind-address=127.0.0.1
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo service mysql-server restart [enter]
Stopping mysql.
Waiting for PIDS: 51757.
Starting mysql.
user@freebsdsrv:~ $

Lists open Internet or UNIX domain sockets MariaDB service binds to with:

user@freebsdsrv:~ $ sockstat | grep 3306 [enter]
mysql    mariadbd   50299 24  tcp4   127.0.0.1:3306        *:*
user@freebsdsrv:~ $

Test MariaDB on FreeBSD

Test the connectivity to the databases with:

user@freebsdsrv:~ $ sudo mysql -u root -p -e "show databases" [enter]
Enter password: DBrootPassWd [enter]
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
user@freebsdsrv:~ $
Apache – PHP Scripting Language (8.3.X Branch)

Apache – PHP Scripting Language (8.3.X Branch)

By |

Description:

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open-source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

WWW: http://www.php.net.

Requirements

The following application(s) must be installed, configured, and running before PHP is installed:

  1. Apache – HTTP Server

Installation

N.B.: The current version of Apache will be installed if missing!
Search for mod_php in the remote package repositories with:

user@freebsdsrv:~ $ pkg search mod_php | egrep '^mod_php[0-9]+-[0-9]' [enter]
mod_php81-8.1.31               PHP Scripting Language (8.1.X branch)
mod_php82-8.2.27               PHP Scripting Language (8.2.X branch)
mod_php83-8.3.15               PHP Scripting Language (8.3.X branch)
mod_php84-8.4.2                PHP Scripting Language (8.4.X branch)
user@freebsdsrv:~ $

If PHP based services is required to send email via phpmailer we are for det moment limited to use the 8.3.x branch of PHP.
In this example php83, php83-extensions and mod_php83 will installed due to that phpmailer6 will be required later on to be installed.

user@freebsdsrv:~ $ sudo pkg install -y php83 php83-extensions mod_php83 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 22 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	libargon2: 20190702_1
	libedit: 3.1.20240808,1
	mod_php83: 8.3.15
	php83: 8.3.15
	php83-ctype: 8.3.15
	php83-dom: 8.3.15
	php83-extensions: 1.0
	php83-filter: 8.3.15
	php83-iconv: 8.3.15
	php83-opcache: 8.3.15
	php83-pdo: 8.3.15
	php83-pdo_sqlite: 8.3.15
	php83-phar: 8.3.15
	php83-posix: 8.3.15
	php83-session: 8.3.15
	php83-simplexml: 8.3.15
	php83-sqlite3: 8.3.15
	php83-tokenizer: 8.3.15
	php83-xml: 8.3.15
	php83-xmlreader: 8.3.15
	php83-xmlwriter: 8.3.15
	sqlite3: 3.46.1,1

Number of packages to be installed: 22

The process will require 40 MiB more space.
9 MiB to be downloaded.
[1/22] Fetching php83-session-8.3.15.pkg: 100%   41 KiB  41.9kB/s    00:01    
[2/22] Fetching libedit-3.1.20240808,1.pkg: 100%  150 KiB 153.8kB/s    00:01    
[3/22] Fetching php83-filter-8.3.15.pkg: 100%   25 KiB  25.7kB/s    00:01    
[4/22] Fetching php83-pdo_sqlite-8.3.15.pkg: 100%   15 KiB  15.5kB/s    00:01    
[5/22] Fetching php83-ctype-8.3.15.pkg: 100%    8 KiB   7.8kB/s    00:01    
[6/22] Fetching php83-tokenizer-8.3.15.pkg: 100%   16 KiB  16.0kB/s    00:01    
[7/22] Fetching php83-8.3.15.pkg: 100%    5 MiB   4.7MB/s    00:01    
[8/22] Fetching mod_php83-8.3.15.pkg: 100%    2 MiB   1.8MB/s    00:01    
[9/22] Fetching php83-xmlwriter-8.3.15.pkg: 100%   16 KiB  16.8kB/s    00:01    
[10/22] Fetching php83-xml-8.3.15.pkg: 100%   23 KiB  23.9kB/s    00:01    
[11/22] Fetching php83-iconv-8.3.15.pkg: 100%   20 KiB  20.8kB/s    00:01    
[12/22] Fetching php83-dom-8.3.15.pkg: 100%   79 KiB  81.1kB/s    00:01    
[13/22] Fetching sqlite3-3.46.1,1.pkg: 100%    1 MiB   1.5MB/s    00:01    
[14/22] Fetching php83-simplexml-8.3.15.pkg: 100%   25 KiB  26.1kB/s    00:01    
[15/22] Fetching php83-pdo-8.3.15.pkg: 100%   55 KiB  56.6kB/s    00:01    
[16/22] Fetching php83-extensions-1.0.pkg: 100%    1 KiB   1.5kB/s    00:01    
[17/22] Fetching php83-phar-8.3.15.pkg: 100%  115 KiB 117.8kB/s    00:01    
[18/22] Fetching libargon2-20190702_1.pkg: 100%   69 KiB  70.2kB/s    00:01    
[19/22] Fetching php83-opcache-8.3.15.pkg: 100%  344 KiB 352.1kB/s    00:01    
[20/22] Fetching php83-posix-8.3.15.pkg: 100%   17 KiB  17.4kB/s    00:01    
[21/22] Fetching php83-xmlreader-8.3.15.pkg: 100%   18 KiB  18.1kB/s    00:01    
[22/22] Fetching php83-sqlite3-8.3.15.pkg: 100%   28 KiB  28.7kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/22] Installing libargon2-20190702_1...
[1/22] Extracting libargon2-20190702_1: 100%
[2/22] Installing libedit-3.1.20240808,1...
[2/22] Extracting libedit-3.1.20240808,1: 100%
[3/22] Installing php83-8.3.15...
[3/22] Extracting php83-8.3.15: 100%
[4/22] Installing php83-dom-8.3.15...
[4/22] Extracting php83-dom-8.3.15: 100%
[5/22] Installing sqlite3-3.46.1,1...
[5/22] Extracting sqlite3-3.46.1,1: 100%
[6/22] Installing php83-pdo-8.3.15...
[6/22] Extracting php83-pdo-8.3.15: 100%
[7/22] Installing php83-session-8.3.15...
[7/22] Extracting php83-session-8.3.15: 100%
[8/22] Installing php83-filter-8.3.15...
[8/22] Extracting php83-filter-8.3.15: 100%
[9/22] Installing php83-pdo_sqlite-8.3.15...
[9/22] Extracting php83-pdo_sqlite-8.3.15: 100%
[10/22] Installing php83-ctype-8.3.15...
[10/22] Extracting php83-ctype-8.3.15: 100%
[11/22] Installing php83-tokenizer-8.3.15...
[11/22] Extracting php83-tokenizer-8.3.15: 100%
[12/22] Installing php83-xmlwriter-8.3.15...
[12/22] Extracting php83-xmlwriter-8.3.15: 100%
[13/22] Installing php83-xml-8.3.15...
[13/22] Extracting php83-xml-8.3.15: 100%
[14/22] Installing php83-iconv-8.3.15...
[14/22] Extracting php83-iconv-8.3.15: 100%
[15/22] Installing php83-simplexml-8.3.15...
[15/22] Extracting php83-simplexml-8.3.15: 100%
[16/22] Installing php83-phar-8.3.15...
[16/22] Extracting php83-phar-8.3.15: 100%
[17/22] Installing php83-opcache-8.3.15...
[17/22] Extracting php83-opcache-8.3.15: 100%
[18/22] Installing php83-posix-8.3.15...
[18/22] Extracting php83-posix-8.3.15: 100%
[19/22] Installing php83-xmlreader-8.3.15...
[19/22] Extracting php83-xmlreader-8.3.15: 100%
[20/22] Installing php83-sqlite3-8.3.15...
[20/22] Extracting php83-sqlite3-8.3.15: 100%
[21/22] Installing mod_php83-8.3.15...
[21/22] Extracting mod_php83-8.3.15: 100%
[activating module `php' in /usr/local/etc/apache24/httpd.conf]
[22/22] Installing php83-extensions-1.0...
[22/22] Extracting php83-extensions-1.0: 100%
=====
Message from php83-dom-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-dom.ini.sample
=====
Message from php83-pdo-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-pdo.ini.sample
=====
Message from php83-session-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-18-session.ini.sample
=====
Message from php83-filter-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-filter.ini.sample
=====
Message from php83-pdo_sqlite-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-30-pdo_sqlite.ini.sample
=====
Message from php83-ctype-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-ctype.ini.sample
=====
Message from php83-tokenizer-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-tokenizer.ini.sample
=====
Message from php83-xmlwriter-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-xmlwriter.ini.sample
=====
Message from php83-xml-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-xml.ini.sample
=====
Message from php83-iconv-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-iconv.ini.sample
=====
Message from php83-simplexml-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-simplexml.ini.sample
=====
Message from php83-phar-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-phar.ini.sample
=====
Message from php83-opcache-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-10-opcache.ini.sample
=====
Message from php83-posix-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-posix.ini.sample
=====
Message from php83-xmlreader-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-30-xmlreader.ini.sample
=====
Message from php83-sqlite3-8.3.15:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-sqlite3.ini.sample
=====
Message from mod_php83-8.3.15:

--
******************************************************************************

Consider switching to php-fpm and mod_fast_cgi as per Apache httpd project
recommendation. See https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM

******************************************************************************

If you are building PHP-based ports in poudriere(8) or Synth with ZTS enabled,
add WITH_MPM=event to /etc/make.conf to prevent build failures.

******************************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

******************************************************************************
user@freebsdsrv:~ $

View the installed PHP version on your server.

user@freebsdsrv:~ $ php -v [enter]
PHP 8.3.15 (cli) (built: Jan 30 2025 02:19:13) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.15, Copyright (c), by Zend Technologies
user@freebsdsrv:~ $

List installed PHP compiled in modules with:

user@freebsdsrv:~ $ php -m [enter]
[PHP Modules]
Core
ctype
date
dom
filter
hash
iconv
json
libxml
mysqlnd
openssl
pcre
PDO
pdo_sqlite
Phar
posix
random
Reflection
session
SimpleXML
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter
Zend OPcache

[Zend Modules]
Zend OPcache

user@freebsdsrv:~ $

Configuration

Configure PHP to use production settings with this command:

user@freebsdsrv:~ $ sudo cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini; ls -l /usr/local/etc/php.* [enter]
-rw-r--r--  1 root wheel   123 Jan  7 03:10 /usr/local/etc/php.conf
-rw-r--r--  1 root wheel 69048 Jan 29 12:57 /usr/local/etc/php.ini
-rw-r--r--  1 root wheel 68914 Jan  7 03:10 /usr/local/etc/php.ini-development
-rw-r--r--  1 root wheel 69048 Jan  7 03:10 /usr/local/etc/php.ini-production
user@freebsdsrv:~ $

…and then edit /usr/local/etc/php.ini to meet your demands with:

user@freebsdsrv:~ $ sudo ee +713 /usr/local/etc/php.ini [enter]

Increase post_max_size from 8M to 32M;

; Maximum size of POST data that PHP will accept.
; http://php.net/post-max-size
post_max_size = 32M

Scroll down to line 989 and set date.timezone as in this example:

[Date]
; Defines the default timezone used by the date functions
; https://php.net/date.timezone
date.timezone = Europe/Stockholm

Configure a handler for PHP pages with:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/php.conf [enter]
<IfModule dir_module>
         DirectoryIndex index.php index.html
         <FilesMatch "\.php$">
                  SetHandler application/x-httpd-php
         </FilesMatch>
         <FilesMatch "\.phps$">
                  SetHandler application/x-httpd-php-source
         </FilesMatch>
</IfModule>

Verify configuration by creating file:

user@freebsdsrv:~ $ sudo ee /usr/local/www/apache24/data/index.php [enter]
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Simple HTML Page with PHP</title>
</head>
<body>
    <h1>Hello, World!</h1>
    <p>This is a simple HTML page generated using PHP.</p>

    <?php                   
    // You can include PHP code within the HTML content
    $name = "Admin User";        
    echo "<p>Welcome, $name!</p>";
    ?>                      
                            
</body>                     
</html>

Restart Apache with:

user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 1732.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Test the PHP installation

Point your browser to: https://192.168.1.50/index.php

—-

Hello, World!

This is a simple HTML page generated using PHP.

Welcome, Admin User!
—-
Create a PHP Information display file with:

user@freebsdsrv:~ $ sudo sh -c 'echo "<?php phpinfo(); ?>" > /usr/local/www/apache24/data/info.php'; cat /usr/local/www/apache24/data/info.php [enter]

…then point your browser to https://192.168.1.50/info.php.

Information about the PHP installation on the FreeBSD server will be displayed.

Apache – HTTP Server

Apache – HTTP Server

By |

Description:

The Apache HTTP Server Project aims to develop and maintain an open-source HTTP server for various modern desktop and server operating systems, such as UNIX and Windows NT. This project aims to provide a secure, efficient, and extensible server that provides HTTP services in sync with the current HTTP standards.

Apache HTTP Server version 2.4.43 or newer is required in order to operate a TLS 1.3 web server with OpenSSL 1.1.1.

WWW: http://httpd.apache.org/.

You must have a valid domain name for public access to your website.

Requirements

The following software must be installed before the Apache HTTP Server:

  1. OpenSSL – Cryptography And SSL/TLS Toolkit

Installation

Search for “apache2” in the remote package repositories with:

user@freebsdsrv:~ $ pkg search apache | egrep '^apache[0-9]+-[0-9]' [enter]
apache24-2.4.62                Version 2.4.x of Apache web server
user@freebsdsrv:~ $

In this example, apache24-2.4 will be installed.

Install Apache HTTP Server 2.4 with;

user@freebsdsrv:~ $ sudo pkg install -y apache24 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 14 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	apache24: 2.4.62
	apr: 1.7.5.1.6.3_3
	brotli: 1.1.0,1
	curl: 8.11.1_1
	expat: 2.6.4
	gdbm: 1.24
	jansson: 2.14
	libidn2: 2.3.7
	liblz4: 1.10.0,1
	libnghttp2: 1.64.0
	libpsl: 0.21.5_1
	libssh2: 1.11.1,3
	libunistring: 1.2
	zstd: 1.5.6

Number of packages to be installed: 14

The process will require 46 MiB more space.
10 MiB to be downloaded.
[1/14] Fetching libidn2-2.3.7.pkg: 100%  155 KiB 158.7kB/s    00:01    
[2/14] Fetching liblz4-1.10.0,1.pkg: 100%  163 KiB 167.3kB/s    00:01    
[3/14] Fetching zstd-1.5.6.pkg: 100%  503 KiB 515.3kB/s    00:01    
[4/14] Fetching libunistring-1.2.pkg: 100%  683 KiB 699.4kB/s    00:01    
[5/14] Fetching brotli-1.1.0,1.pkg: 100%  372 KiB 381.2kB/s    00:01    
[6/14] Fetching curl-8.11.1_1.pkg: 100%    2 MiB   1.7MB/s    00:01    
[7/14] Fetching jansson-2.14.pkg: 100%   50 KiB  51.7kB/s    00:01    
[8/14] Fetching libnghttp2-1.64.0.pkg: 100%  142 KiB 145.5kB/s    00:01    
[9/14] Fetching apr-1.7.5.1.6.3_3.pkg: 100%  500 KiB 512.4kB/s    00:01    
[10/14] Fetching apache24-2.4.62.pkg: 100%    5 MiB   5.5MB/s    00:01    
[11/14] Fetching libssh2-1.11.1,3.pkg: 100%  244 KiB 249.6kB/s    00:01    
[12/14] Fetching libpsl-0.21.5_1.pkg: 100%   65 KiB  66.1kB/s    00:01    
[13/14] Fetching expat-2.6.4.pkg: 100%  120 KiB 122.4kB/s    00:01    
[14/14] Fetching gdbm-1.24.pkg: 100%  244 KiB 250.0kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/14] Installing libunistring-1.2...
[1/14] Extracting libunistring-1.2: 100%
[2/14] Installing libidn2-2.3.7...
[2/14] Extracting libidn2-2.3.7: 100%
[3/14] Installing liblz4-1.10.0,1...
[3/14] Extracting liblz4-1.10.0,1: 100%
[4/14] Installing zstd-1.5.6...
[4/14] Extracting zstd-1.5.6: 100%
[5/14] Installing brotli-1.1.0,1...
[5/14] Extracting brotli-1.1.0,1: 100%
[6/14] Installing libnghttp2-1.64.0...
[6/14] Extracting libnghttp2-1.64.0: 100%
[7/14] Installing libssh2-1.11.1,3...
[7/14] Extracting libssh2-1.11.1,3: 100%
[8/14] Installing libpsl-0.21.5_1...
[8/14] Extracting libpsl-0.21.5_1: 100%
[9/14] Installing expat-2.6.4...
[9/14] Extracting expat-2.6.4: 100%
[10/14] Installing gdbm-1.24...
[10/14] Extracting gdbm-1.24: 100%
[11/14] Installing curl-8.11.1_1...
[11/14] Extracting curl-8.11.1_1: 100%
[12/14] Installing jansson-2.14...
[12/14] Extracting jansson-2.14: 100%
[13/14] Installing apr-1.7.5.1.6.3_3...
[13/14] Extracting apr-1.7.5.1.6.3_3: 100%
[14/14] Installing apache24-2.4.62...
===> Creating groups
Using existing group 'www'
===> Creating users
Using existing user 'www'
[14/14] Extracting apache24-2.4.62: 100%
=====
Message from apr-1.7.5.1.6.3_3:

--
The Apache Portable Runtime project removed support for FreeTDS with
version 1.6. Users requiring MS-SQL connectivity must migrate
configurations to use the added ODBC driver and FreeTDS' ODBC features.
=====
Message from apache24-2.4.62:

--
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.


- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!
user@freebsdsrv:~ $

To start the Apache HTTP Server on system boot:

user@freebsdsrv:~ $ sudo sysrc apache24_enable="YES" [enter]
apache24_enable:  -> YES
user@freebsdsrv:~ $


Open file /usr/local/etc/apache24/httpd.conf with:

user@freebsdsrv:~ $ sudo ee +217 /usr/local/etc/apache24/httpd.conf [enter]

Line 217: Change admin email address

ServerAdmin admin@local.lan

Line 226: Change to server name

ServerName freebsdsrv.local.lan:80

Make sure the Apache HTTP configuration is correct by running the following command to test:

user@freebsdsrv:~ $ sudo apachectl configtest [enter]
Performing sanity check on apache24 configuration:
Syntax OK
user@freebsdsrv:~ $

Start the httpd service

Manually start apache24 with:

user@freebsdsrv:~ $ sudo service apache24 start [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $

Display the apache24 service status with:

user@freebsdsrv:~ $ sudo service apache24 status [enter]
apache24 is running as pid 10207.
user@freebsdsrv:~ $

Display the /var/log/httpd-error.log file with:

user@freebsdsrv:~ $ cat /var/log/httpd-error.log [enter]
[Tue Jan 28 17:24:52.324956 2025] [mpm_prefork:notice] [pid 36445] AH00163: Apache/2.4.62 (FreeBSD) configured -- resuming normal operations
[Tue Jan 28 17:24:52.325105 2025] [core:notice] [pid 36445] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
user@freebsdsrv:~ $

Try to access the Apache HTTP server from a computer on the same network with:

http://192.168.1.50

http://freebsdsrv.local.lan

Display the /var/log/httpd-access.log file with:

user@freebsdsrv:~ $ cat /var/log/httpd-access.log [enter]
192.168.1.195 - - [30/Jan/2025:16:49:22 +0100] "GET / HTTP/1.1" 200 45
user@freebsdsrv:~ $
NTPd – NTP Daemon Program

NTPd – NTP Daemon Program

By |

Description:

The ntpd utility is an operating system daemon which sets and maintains the system time of day in synchronization with Internet standard time-servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, as defined by RFC-5905, but also retains compatibility with version 3, as defined by RFC-1305, and versions 1 and 2, as defined by RFC-1059 and RFC-1119, respectively.

Prerequisites

To follow along, make sure that your FreeBSD server has a fully configured Internet access.

Stop the ntpd daemon

Stop the ntpd daemon if it is running with:

user@freebsdsrv:~ $ sudo service ntpd stop [enter]
Stopping ntpd.
Waiting for PIDS: 1484.
user@freebsdsrv:~ $

Set the date and time via NTP, using this command:

# user@freebsdsrv:~ $ sudo ntpdate -v -b pool.ntp.org [enter]
27 Jan 16:15:43 ntpdate[4802]: ntpdate 4.2.8p18-a (1)
27 Jan 16:15:50 ntpdate[4802]: step time server 192.36.143.130 offset -0.000046 sec
user@freebsdsrv:~ $

N.B.: The ntp server “pool.ntp.org” is recommended by ntp.org. You can also select another one, check out http://www.ntp.org for details.

Default operating system daemon settings

List the defaults for ntpd with:

user@freebsdsrv:~ $ cat /etc/defaults/rc.conf | grep ntp [enter]
ntpdate_enable="NO"		# Run ntpdate to sync time on boot (or NO).
ntpdate_program="/usr/sbin/ntpdate"	# path to ntpdate, if you want a different one.
ntpdate_flags="-b"		# Flags to ntpdate (if enabled).
ntpdate_config="/etc/ntp.conf"	# ntpdate(8) configuration file
ntpdate_hosts=""		# Whitespace-separated list of ntpdate(8) servers.
ntpd_enable="NO"		# Run ntpd Network Time Protocol (or NO).
ntpd_program="/usr/sbin/ntpd"	# path to ntpd, if you want a different one.
ntpd_config="/etc/ntp.conf"	# ntpd(8) configuration file
ntpd_sync_on_start="NO"		# Sync time on ntpd startup, even if offset is high
ntpd_flags=""			# Additional flags to ntpd
ntp_src_leapfile="/etc/ntp/leap-seconds"
				# Initial source for ntpd leapfile
ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list https://data.iana.org/time-zones/tzdb/leap-seconds.list"
ntp_leapfile_fetch_opts="-mq"	# Options to use for ntp leapfile fetch,
ntp_leapfile_expiry_days=30	# Check for new leapfile 30 days prior to
ntp_leapfile_fetch_verbose="NO"	# Be verbose during NTP leapfile fetch
user@freebsdsrv:~ $

Enable start server boot

Enable start and set flags of the ntpd utility at boot time with:

user@freebsdsrv:~ $ sudo sysrc ntpd_enable="YES" ntpd_sync_on_start="YES" ntp_leapfile_fetch_verbose="YES" [enter]
ntpd_enable: YES -> YES
ntpd_sync_on_start: NO -> YES
ntp_leapfile_fetch_verbose: NO -> YES
user@freebsdsrv:~ $

Configure NTPd

The /etc/ntp.conf configuration file is read at initial startup by the ntpd(8) daemon in order to specify the synchronization sources, modes and other related information.
Update file /etc/ntp.conf to use the Swedish public NTP server with:

user@freebsdsrv:~ $ sudo sh -c "sed -i -e 's/0.freebsd.pool.ntp.org/0.se.pool.ntp.org/' /etc/ntp.conf" ; sudo sh -c "sed -i -e 's/2.freebsd.pool.ntp.org/1.se.pool.ntp.org/' /etc/ntp.conf" ; cat /etc/ntp.conf | grep se.pool.ntp.org [enter]
pool 0.se.pool.ntp.org iburst
pool 1.se.pool.ntp.org iburst
user@freebsdsrv:~ $

The drift file is by default /var/db/ntp/ntpd.drift.
Create an empty file, /var/db/ntp/ntpd.drift, with:

user@freebsdsrv:~ $ sudo touch /var/db/ntp/ntpd.drift; sudo chown ntpd:ntpd /var/db/ntp/ntpd.drift ; ls -l /var/db/ntp/ntpd.drift [enter]
-rw-r--r--  1 ntpd ntpd 9 Jan 27 16:22 /var/db/ntp/ntpd.drift
user@freebsdsrv:~ $

Download the current leap-seconds.list file with:

user@freebsdsrv:~ $ sudo rm /var/db/ntpd.leap-seconds.list ; sudo service ntpd fetch [enter]
ntp_src_leapfile version is 3929093563 expires 3960057600
ntp_db_leapfile version is 0 expires 0
replacing /var/db/ntpd.leap-seconds.list with /etc/ntp/leap-seconds
user@freebsdsrv:~ $

Manually start NTPd

Start the Network Time Protocol (NTP) daemon, with this command:

user@freebsdsrv:~ $ sudo service ntpd start [enter]
Starting ntpd.
user@freebsdsrv:~ $

Verify the NTPd setup with:

user@freebsdsrv:~ $ cat /var/log/messages | grep ntpd [enter]
...
Jan 27 16:27:29 freebsdsrv ntpd[11450]: ----------------------------------------------------
Jan 27 16:27:29 freebsdsrv ntpd[11450]: ntp-4 is maintained by Network Time Foundation,
Jan 27 16:27:29 freebsdsrv ntpd[11450]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Jan 27 16:27:29 freebsdsrv ntpd[11450]: corporation.  Support and training for ntp-4 are
Jan 27 16:27:29 freebsdsrv ntpd[11450]: available at https://www.nwtime.org/support
Jan 27 16:27:29 freebsdsrv ntpd[11450]: ----------------------------------------------------
Jan 27 16:27:29 freebsdsrv ntpd[11451]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
Jan 27 16:27:29 freebsdsrv ntpd[11451]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2025-06-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
user@freebsdsrv:~ $

NTP is a very cautious standard. It will report its stratum to 16 (the worst possible) until it’s certain it’s in sync. This can take a few minutes to a few hours.

ntpq – standard NTP query program

The ntpq utility program is used to query NTP servers to monitor NTP operations and performance, requesting information about the current state and/or changes in that state.

Print a list of the peers known to the server as well as a summary of their state:

user@freebsdsrv:~ $ ntpq --peers localhost [enter]
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.se.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.se.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
-sth2.ntp.netnod .PPS.            1 u   50   64  377   14.003   +0.642   0.117
+h-85-24-226-221 194.58.204.20    2 u   46   64  377    2.633   +0.659   0.144
*time100.stupi.s .PPS.            1 u   47   64  377   14.014   +0.466   0.107
+svl1.ntp.netnod .PPS.            1 u   44   64  377   18.632   +0.450   0.099
-h-98-128-175-45 194.58.200.20    2 u   40   64  377    2.168   +0.517   0.177
user@freebsdsrv:~ $

N.B.: Waiting for “st” to drop to 2 (since those should be stratum 2 servers) before the server is used for time sync of local computers.

ntpq Help

user@freebsdsrv:~ $ ntpq -? [enter]
ntpq - standard NTP query program - Ver. 4.2.8p17
Usage:  ntpq [ - [] | --[{=| }] ]... [ host ...]
  Flg Arg Option-Name    Description
   -4 no  ipv4           Force IPv4 name resolution
				- prohibits the option 'ipv6'
   -6 no  ipv6           Force IPv6 name resolution
				- prohibits the option 'ipv4'
   -c Str command        run a command and exit
				- may appear multiple times
   -d no  debug-level    Increase debug verbosity level
				- may appear multiple times
   -D Num set-debug-level Set the debug verbosity level
				- may appear multiple times
   -i no  interactive    Force ntpq to operate in interactive mode
				- prohibits these options:
				command
				peers
   -n no  numeric        numeric host addresses
      no  old-rv         Always output status line with readvar
   -p no  peers          Print a list of the peers
				- prohibits the option 'interactive'
   -r KWd refid          Set default display type for S2+ refids
   -u no  unconnected    Use unconnected UDP to communicate with ntpd (default on Windows)
   -w no  wide           Display the full 'remote' value
      opt version        output version information and exit
   -? no  help           display extended usage information and exit
   -! no  more-help      extended usage information passed thru pager
   -> opt save-opts      save the option state to a config file
   -< Str load-opts      load options from a config file
				- disabled as '--no-load-opts'
				- may appear multiple times

Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.

The following option preset mechanisms are supported:
 - reading file $HOME/.ntprc
 - reading file ./.ntprc
 - examining environment variables named NTPQ_*

The valid "refid" option keywords are:
  hash ipv4
  or an integer from 0 through 1

Please send bug reports to:  <https://bugs.ntp.org, bugs@ntp.org>
user@freebsdsrv:~ $

Documentation

Documentation in HTML format for the NTP server can be found in: /usr/share/doc/ntp/.

Optional: ntpstat

ntpstat is a script which prints a brief summary of the system clock’s synchronisation status when the ntpd or chronyd daemon is running. It prints the time source (NTP server or reference clock) to which the system clock is currently synchronised, its stratum, how often is the server polled, and the maximum estimated error of the clock. The script uses the ntpq or chronyc program to obtain the information from the daemon.

user@freebsdsrv:~ $ sudo pkg install -y ntpstat [enter]
Updating FreeBSD repository catalogue...
Fetching data.pkg: 100%   10 MiB  10.5MB/s    00:01    
Processing entries: 100%
FreeBSD repository update completed. 35863 packages processed.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gawk: 5.3.1
	ntpstat: 0.6_1

Number of packages to be installed: 2

The process will require 5 MiB more space.
1 MiB to be downloaded.
[1/2] Fetching ntpstat-0.6_1.pkg: 100%    4 KiB   4.3kB/s    00:01    
[2/2] Fetching gawk-5.3.1.pkg: 100%    1 MiB   1.2MB/s    00:01    
Checking integrity... done (0 conflicting)
[1/2] Installing gawk-5.3.1...
[1/2] Extracting gawk-5.3.1: 100%
[2/2] Installing ntpstat-0.6_1...
[2/2] Extracting ntpstat-0.6_1: 100%
user@freebsdsrv:~ $
How to use
user@freebsdsrv:~ $ ntpstat [enter]
synchronised to NTP server (194.58.205.20) at stratum 2
   time correct to within 39 ms
   polling server every 1024 s
user@freebsdsrv:~ $
OpenSSL – Cryptography And SSL/TLS Toolkit

OpenSSL – Cryptography And SSL/TLS Toolkit

By |

Description:

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1, v1.1, v1.2, v1.3) protocols with full-strength cryptography world-wide. The project is managed by a worldwide community of volunteers who use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes, subject to some simple license conditions.

WWW: http://www.openssl.org/.

How to use

The OpenSSL program is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for:

  • Creation and management of private keys, public keys, and parameters
  • Public key cryptographic operations
  • Creation of X.509 certificates, CSRs and CRLs
  • Calculation of Message Digests
  • Encryption and Decryption with Ciphers
  • SSL/TLS Client and Server Tests
  • Handling of S/MIME signed or encrypted mail
  • Time Stamp requests, generation, and verification

Display version information for includes a stable OpenSSL with:

user@freebsdsrv:~ $ openssl version [enter]
OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)
user@freebsdsrv:~ $

Display version information for the current package version(s) of OpenSSL with:

user@freebsdsrv:~ $ pkg search openssl | egrep '^openssl[0-9]+-[0-9]' [enter]
openssl111-1.1.1w_2            TLSv1.3 capable SSL and crypto library
openssl31-3.1.7_1              TLSv1.3 capable SSL and crypto library
openssl32-3.2.3_1              TLSv1.3 capable SSL and crypto library
openssl33-3.3.2_1              TLSv1.3 capable SSL and crypto library
openssl34-3.4.0                TLSv1.3 capable SSL and crypto library
user@freebsdsrv:~ $

Note: The latest stable version is the 3.4!
In this example, an update to the stable version of OpenSSL, version 3.4.0, will be performed!

Installation

Install openssl34 with:

user@freebsdsrv:~ $ sudo pkg install -y security/openssl34 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	openssl34: 3.4.0

Number of packages to be installed: 1

The process will require 27 MiB more space.
8 MiB to be downloaded.
[1/1] Fetching openssl34-3.4.0.pkg: 100%    8 MiB   8.1MB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing openssl34-3.4.0...
[1/1] Extracting openssl34-3.4.0: 100%
user@freebsdsrv:~ $

Configuration

Disable the use of the old version of OpenSSL in directory /usr/bin/ with:

user@freebsdsrv:~ $ sudo mv /usr/bin/openssl /usr/bin/openssl.default [enter]
user@freebsdsrv:~ $

Create a symbolic link to enable the use of the new version of OpenSSL with:

user@freebsdsrv:~ $ sudo ln -s /usr/local/bin/openssl /usr/bin/ ; ls -l /usr/bin/openssl [enter]
lrwxr-xr-x  1 root wheel 22 Dec  5 15:26 /usr/bin/openssl@ -> /usr/local/bin/openssl
user@freebsdsrv:~ $

Edit file /etc/ssl/openssl.cnf with:

user@freebsdsrv:~ $ sudo ee +168 /usr/local/openssl/openssl.cnf [enter]

This is an example:

...
[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = SE
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Vastra Gotaland

localityName                    = Locality Name (eg, city)
localityName_default            = Hisings Karra

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Polymathic

# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = World Wide Web Pty Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Support and Development

commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_default              = freebsdsrv.local.lan
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default            = admin@local.lan
emailAddress_max                = 64

# SET-ex3                       = SET extension number 3
...

Generate a key and certificate for 10 year usage with:

user@freebsdsrv:~ $ sudo sh -c 'openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/server.key -x509 -days 3650 -out /etc/ssl/server.crt' [enter]
.....+.+........+....+..+.........+.+...+..+.+...+..+...+......+..................+.+++++++++++++++++++++++++++++++++++++++*.....+..+.....................+....+.....+.+++++++++++++++++++++++++++++++++++++++*....+....+...+..+......+.+...+..++++++
.+.................+...+.+..+.........+...+.+..+..................+....+++++++++++++++++++++++++++++++++++++++*.....+.+..+.......+++++++++++++++++++++++++++++++++++++++*..+.+......+...+.....+....+...+..+......+.......+.................+...+....+.....+...+...+...............+...+.+.........+......+......+..+.+..+....+........+......+............+.............+.........+..+....+.....+.+......+...+............+..+............+......+....+.....+.+.........+...+...........+......+...+.+..+....+...+.....+...+...+................+...+.....+.......+........+.+..+...+....+...........+.......+...+..+...+................+...+..+....+.....+.......+............+..+.+........+.+.....+....+.....+.......+.....+...+.+...+.....................+..+.........+...+..........+......+......+...+..+...................+.....+....+..+...................++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [SE]: [enter]
State or Province Name (full name) [Vastra Gotaland]: [enter]
Locality Name (eg, city) [Hisings Karra]: [enter]
Organization Name (eg, company) [Polymathic]: [enter]
Organizational Unit Name (eg, section) [Support and Development]: [enter]
Common Name (e.g. server FQDN or YOUR name) [freebsdsrv.local.lan]: [enter]
Email Address [admin@local.lan]: [enter]
user@freebsdsrv:/usr/local/etc/ssl $

Review the certificate with:

user@freebsdsrv:~ $ sudo sh -c 'openssl x509 -text -noout -in /etc/ssl/server.crt' [enter]
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b3:69:65:0b:00:ec:5b:bf:55:2e:b3:58:10:e6:58:23:11:21:0b
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=SE, ST=Vastra Gotaland, L=Hisings Karra, O=Polymathic, OU=Support and Development, CN=freebsdsrv.local.lan, emailAddress=admin@local.lan
        Validity
            Not Before: Jan 27 16:26:04 2025 GMT
            Not After : Jan 25 16:26:04 2035 GMT
        Subject: C=SE, ST=Vastra Gotaland, L=Hisings Karra, O=Polymathic, OU=Support and Development, CN=freebsdsrv.local.lan, emailAddress=admin@local.lan
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:43:bb:19:32:7f:b8:4d:36:57:20:02:e3:
                    07:6a:8b:e1:7c:4a:59:c0:78:be:72:c2:b6:e7:10:
                    c8:c5:b7:d0:2b:c5:e6:f7:f1:a7:cf:39:21:98:d2:
                    98:5b:69:d0:e6:e2:00:49:b9:3a:c7:e2:d5:32:4c:
                    d2:3d:b5:d7:91:32:23:7e:8e:4d:82:75:4a:10:54:
                    86:cf:b7:49:44:d0:32:d8:cb:f1:4a:7f:65:68:9a:
                    0b:59:f2:0d:0f:1a:55:19:57:c1:ce:69:d8:36:b4:
                    77:1a:45:29:b0:d6:2d:93:26:4c:f9:10:a2:71:1d:
                    ac:8e:c0:1a:1d:be:98:34:4a:e8:23:bd:e8:87:af:
                    01:7c:30:4c:70:1f:84:80:de:33:4e:f8:19:ae:3c:
                    d5:d0:2b:42:cb:2d:1b:74:79:36:f9:33:20:9e:58:
                    08:99:03:61:f3:60:e3:75:d7:d0:0a:0a:68:0b:b0:
                    ba:51:83:11:6d:cd:b2:06:6d:56:7f:b2:e4:6d:72:
                    1b:b1:a0:2c:18:f0:0c:0f:17:82:0d:61:a1:b2:0f:
                    c2:6f:11:08:6d:74:b6:3d:eb:9d:f4:94:4f:e3:66:
                    ae:36:0d:d8:e9:c5:db:1a:f6:2c:27:ce:66:a3:75:
                    46:e9:98:9b:70:53:37:44:33:a4:f1:68:65:d3:03:
                    72:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D0:E3:3C:AA:67:16:7A:E0:4F:8B:66:16:49:15:E4:19:11:36:C7:23
            X509v3 Authority Key Identifier: 
                D0:E3:3C:AA:67:16:7A:E0:4F:8B:66:16:49:15:E4:19:11:36:C7:23
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        99:07:ac:20:4d:19:68:22:5b:0c:21:c0:9f:01:53:01:aa:a5:
        1b:2c:dd:64:7e:8f:33:4f:d3:58:cb:6e:7a:f6:38:00:85:c8:
        60:71:3a:51:94:da:ff:ed:f9:80:7e:c3:57:e8:c3:ea:88:be:
        5b:f1:ee:d9:fa:40:8a:ee:89:3a:9c:f9:ac:a5:68:ab:27:10:
        33:92:ef:2f:ee:1d:80:6e:90:e6:82:e1:ea:f1:f5:50:cc:6f:
        ce:db:78:00:94:6c:52:13:d5:71:e3:4a:4d:f2:b9:b6:7a:eb:
        41:cd:43:a5:86:ee:72:e0:3b:04:af:d2:a4:c5:47:d6:2b:86:
        82:96:21:a6:ab:47:61:54:0d:9a:70:62:e6:e9:7b:ae:b5:68:
        db:b9:49:dc:a0:55:55:45:64:a0:a0:fb:70:33:6b:8c:70:45:
        50:ef:13:e0:4e:53:d7:2f:16:63:55:16:61:ef:d3:f0:61:0b:
        ce:a5:04:3b:c2:91:e5:52:48:a3:60:b6:ab:ab:b7:2c:b1:65:
        1c:ac:c5:e8:f7:d8:3d:dc:56:cb:91:b4:27:56:ab:e2:0e:a6:
        fc:c1:72:b4:33:46:93:15:10:72:5c:34:01:09:af:43:65:90:
        bd:c6:bf:f0:89:b8:a2:b1:11:5a:1e:25:9d:3b:a0:5c:5c:b2:
        0f:44:5e:51
user@freebsdsrv:~ $

Display a list of files that have been created with:

user@freebsdsrv:~ $ ls -l /etc/ssl/ [enter]
total 49
drwxr-xr-x  2 root wheel   149 Nov 29 12:13 certs
-rw-r--r--  1 root wheel 12336 Nov 29 11:21 openssl.cnf
-rw-r--r--  1 root wheel  1554 Jan 27 17:26 server.crt
-rw-------  1 root wheel  1704 Jan 27 17:25 server.key
drwxr-xr-x  2 root wheel    54 Nov 29 12:12 untrusted
user@freebsdsrv:~ $
First To Do After FreeBSD OS Installation

First To Do After FreeBSD OS Installation

By |

Reboot the system after installation of FreeBSD base OS with:

root@:~ # reboot [enter]
Connection to 192.168.1.250 closed by remote host.
Connection to 192.168.1.250 closed.

N.B.: Remove the FreeBSD Installation USB Stick before the system restarts!
In this example, login is performed remotely via the Terminal application from an Apple Mac Mini to a system with the local LAN IP Address 192.168.1.50 as user user.

user@Mac-mini ~ % ssh user@192.168.1.50 [enter]
The authenticity of host '192.168.1.50 (192.168.1.50)' can't be established.
ED25519 key fingerprint is SHA256:uU1ln2+R7xOW1IaKvIsrsBU+t0KFbop75RS5BcBQ0B0.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.50' (ED25519) to the list of known hosts.
(user@192.168.1.50) Password for user@freebsdsrv:
FreeBSD 14.2-RELEASE (GENERIC) releng/14.2-n269506-c8918d6c7412

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List:        https://www.FreeBSD.org/lists/questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

To change this login announcement, see motd(5).
ZFS keeps a history of commands run against a specific pool using the
history subcommand to zpool:

zpool history

More details are available using the -i and -l parameters. Note that ZFS
will not keep the complete pool history forever and will remove older
events in favor of newer ones.
		-- Benedict Reuschling <bcr@FreeBSD.org>
user@freebsdsrv:~ $

SUDO – Execute Command As The Superuser

Description:

The best practice is to never log in as the root superuser interactively. If you do – you are doing it wrong!

sudo is a program that allows a permitted user to execute a command as the superuser or another user, as specified by the user’s security policy. Unlike the su utility, sudo authenticates the user against the user’s own password rather than that of the target user. Sudo allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. This allows the delegation of specific commands to specific users on specific systems without sharing passwords among the users.

Prerequisites

To follow along, make sure you have,

  • Root access to your FreeBSD server
  • The password of the root user
Installation

Installation and configuration of sudo require superuser privileges. This sudo installation will be the only and last interactive login as the root superuser you will ever need to perform on this system.

Substitute the user identity with the root superuser identity with:

user@freebsdsrv:~ $ su - [enter]
Password: <-- RootPassWord [enter]
root@freebsdsrv:~ #

Install sudo with:

root@freebsdsrv:~ # pkg install -y security/sudo [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.23
	indexinfo: 0.3.1
	sudo: 1.9.16p2

Number of packages to be installed: 3

The process will require 9 MiB more space.
2 MiB to be downloaded.
[1/3] Fetching indexinfo-0.3.1.pkg: 100%    6 KiB   5.9kB/s    00:01    
[2/3] Fetching sudo-1.9.16p2.pkg: 100%    2 MiB   1.9MB/s    00:01    
[3/3] Fetching gettext-runtime-0.23.pkg: 100%  235 KiB 241.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/3] Installing indexinfo-0.3.1...
[1/3] Extracting indexinfo-0.3.1: 100%
[2/3] Installing gettext-runtime-0.23...
[2/3] Extracting gettext-runtime-0.23: 100%
[3/3] Installing sudo-1.9.16p2...
[3/3] Extracting sudo-1.9.16p2: 100%
root@freebsdsrv:~ #

Configuration

A default sudo configuration file /usr/local/etc/sudoers was created as part of the installation process.

N.B.: /usr/local/etc/sudoers MUST be edited with the visudo command as root.

The use of visudo minimizes the risk of syntax or file permission errors that prevent sudo from running.

Start editing file /usr/local/etc/sudoers with:

root@freebsdsrv:~ # visudo [enter]
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
...

visudo use the famous vi editor commands. The following commands are needed for updating and saving or exiting without saving file /usr/local/etc/sudoers:

  1. Use the arrow keys to move the cursor or…
  2. Move the cursor up one line with key ‘K’, down one line with key ‘J’, left one character with key ‘H’ and right one character with key ‘L’
  3. Press key ‘I’ to start inserting charters before the current cursor location
  4. Press key ‘A’ to start inserting charters after the current cursor location
  5. Press key ‘esc’ to abort inserting charters
  6. Press key ‘X’ to delete the character under the cursor
  7. Press key ‘:’, then ‘W’ and ‘Q’ to save and exit
  8. Press key ‘:’, then ‘Q’ and ‘!’ to exit without saving

To delegate privileges to the example user user locate section User privilege specification in the file /usr/local/etc/sudoers.

Update settings as indicated in this example to allow members of the wheel group to substitute user identity without entering their password:

...
##
## User privilege specification
##
root ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL:ALL) ALL

## Same thing without a password
%wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) NOPASSWD: ALL
...

Save and exit visudo by pressing [ esc ], [ : ] and the [ W ] and finally [ Q ]
Exit as root with:

root@freebsdsrv:~ # exit [enter]
user@freebsdsrv:~ $

N.B.: User user in this example is configured to be a member of group wheel!
Display privileges for the current user with:

user@freebsdsrv:~ $ sudo -l [enter]
Matching Defaults entries for user on freebsdsrv:
   
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

Runas and Command-specific defaults for user:
    Defaults!/usr/local/sbin/visudo env_keep+="SUDO_EDITOR EDITOR VISUAL"

User user may run the following commands on freebsdsrv:
    (ALL : ALL) NOPASSWD: ALL
user@freebsdsrv:~ $