a document

Asparagus FreeBSD Setup Notes

This is where you'd want to start. It will take you from a plain FreeBSD installation to a platform that is ready for Berylium and much, much more.

Serial Console Install

Pretty simple (once you learn that the cu command on Red Hat is provided by the uucp package). To enable serial console access in the future, configure TTYs from the main sysinstall menu, and make sure the console looks like:

console "/usr/libexec/getty Pc"         cons25  on  secure

This is insecure for a remote installation, but perfect for now. Reboot, reconnect, and everything should just work. If not, mess with it till it does. :-/

One final step-- if you didn't add a regular user during install, you may want to permit root access via ssh:

# ee /etc/ssh/sshd_config

Uncomment the "permit root logins" line and change it to yes. Restart sshd or reboot. Make sure you can connect via both the console (serial cable) and ssh.

Finally, you'll need to edit /etc/make.conf in order to set up a proper build environment for your software. (use asparagus/templates/make.conf as a base)

Update, Update, Update

Before you install anything else, get cvsup working and update both your /usr/src directory and the ports collection. Oh boy, it's fun because you'll be rebuilding the kernel and everything. See: Updating FreeBSD Using cvsup and Keeping Installed Packages Up to Date.

1. Install cvsup-without-gui from ports:
   

   cd /usr/ports/net/cvsup-without-gui
   make install
   

2. Copy the cvsup recipes to /usr/local/etc:
   

   cp /usr/share/examples/cvsup/stable-supfile \
      /usr/local/etc/stable-supfile
   cp /usr/share/examples/cvsup/ports-supfile \
      /usr/local/etc/ports-supfile

3. Edit the cvsup recipes for both stable and ports -- you just need to specify the server to use, see the list of cvsup mirrors:
   

   ee /usr/local/etc/stable-supfile
   ee /usr/local/etc/ports-supfile

4. Update your sources:
   

   cvsup -g /usr/local/etc/stable-supfile
   cvsup -g /usr/local/etc/ports-supfile
   

5. Follow the instructions in Updating FreeBSD Using cvsup to make world and build a custom kernel
   .
6. On reboot, install portupgrade and update all previously installed ports:
   

   cd /usr/ports/sysutils/portupgrade
   make install
   portsdb -Uu
   portupgrade -aiRr
   

7. Go have a beer / smoke / coffee / etc

Build Up Your Software Collection

Once FreeBSD is installed and up to date, you will need to add a bunch of software and further configure the system:

1. Install bash2 from ports: /usr/ports/shells/bash2
   
2. Create a symbolic link to the updatedb script for locate:
   

   cd /sbin
   ln -s /usr/libexec/locate.updatedb updatedb
   updatedb

3. (get .bashrc into /root)
4. (make changes to make.conf)
   
5. Install your editor of choice from ports: /usr/ports/editors
   I recommend nano, a pico clone- simple and straightforward.
   Those with previous Unix experience may prefer vi or emacs.
6. mm: Shared memory allocation library for pre-forked process models
   /usr/ports/devel/mm
   
7. proftpd: Highly configurable ftp daemon
   /usr/ports/ftp/proftpd
   

   nano -w /usr/local/etc/proftpd.conf
   -- add the following to the default config:
   

   DeferWelcome                    on
   DisplayLogin                    /etc/motd
   IdentLookups                    off
   UseReverseDNS                   on
   RequireValidShell               off
   ScoreboardFile                  /var/run/proftpd.scoreboard
   DefaultRoot ~
   PassivePorts			3300 3400
   

   /usr/local/libexec/proftpd
   test it!
   

8. add mysql user (and/or create /home/mysql)
   remember not to give it a shell or even a password (to prevent logins)
   
9. mysql: Multithreaded SQL database
   /usr/ports/databases/mysql40-server
   

   -- after installing the port, you may need to...
   cd work/mysql-4.0.14/scripts
   ./mysql_install_db
   cd /home/mysql/data
   chown -R mysql.mysql mysql test
   
   -- start the server
   mysqld_safe --user=mysql --datadir=/home/mysql/data --skip-networking &
   
   -- set a root password
   mysqladmin -u root password new_password
   
   -- make all access localhost
   mysql -u root -p mysql
   delete from user where Host!='localhost';
   

10. postfix: A secure alternative to widely-used Sendmail
    /usr/ports/mail/postfix
    
    follow additional recommendations re: disabling sendmail
    be sure to alias root to your address
    
    
11. UW-IMAP: University of Washington IMAP4rev1/POP2/POP3 mail servers
    install from source (ignore the port, it won't work with php)
    

    cd /tmp
    wget 
    cd /usr/local/src
    tar xzvf /tmp/imap-2002d.tar.Z
    cd imap-2002d
    echo "SSLDIR=/usr SSLINCLUDE=/usr/include/openssl SSLLIB=/usr/lib" > SPECIALS
    nano -w Makefile
    -- edit the makefile, setting the following two options in their respective locations:
    

    EXTRACFLAGS='-DSSL_CERT_DIRECTORY=/usr/local/certs'
    SPECIALS='SSLDIR=/usr SSLINCLUDE=/usr/include/openssl SSLLIB=/usr/lib'
    

    make bsf
    cp -v imapd/imapd /usr/local/libexec
    cp -v ipopd/ipop3d /usr/local/libexec
    chmod 700 /usr/local/libexec/imapd
    chmod 700 /usr/local/libexec/ipop3d
    cd c-client
    cp -v c-client.a /usr/local/lib/libc-client.a
    cp -v c-client.h imap4r1.h rfc822.h mail.h linkage.h env.h \
      env_unix.h fs.h ftl.h misc.h nntp.h nl.h osdep.h smtp.h \
      tcp.h  /usr/local/include/
    nano -w /etc/pam.conf
    -- comment out existing imap and pop3 lines, add: 
    

    imap    auth    required        pam_unix.so
    imap    account required        pam_unix.so
    imap    session required        pam_unix.so

    pop3    auth    required        pam_unix.so
    pop3    account required        pam_unix.so
    pop3    session required        pam_unix.so

    nano -w /etc/inetd.conf
    -- add:
    

    pop3    stream  tcp     nowait  root    /usr/local/libexec/ipop3d   ipop3d
    imaps   stream  tcp     nowait  root    /usr/local/libexec/imapd    imapd

    killall -HUP inetd
    make cert <-- not documented yet...
    

12. ImageMagick-noX11: Image processing tools
    /usr/ports/graphics/ImageMagick
13. wget: Retrieve files from the Net via HTTP and FTP
    /usr/ports/ftp/wget
14. aspell: Spelling checker
    /usr/ports/textproc/aspell
15. gd-nox11: A graphics library for fast creation of images
    /usr/ports/graphics/gd-nox11
16. bison: A parser generator from FSF (for compiling PHP)
    /usr/ports/devel/bison
17. Install Apache/mod_ssl/PHP from source -- see Apache_SSL_PHP_install.html
18. p5-Geo-IP: Gets country name by IP or hostname
    /usr/ports/net/p5-Geo-IP
19. awstats: Free real-time logfile analyzer to get advanced web statistics
    /usr/ports/www/awstats
20. Copy Apache icons to /usr/local/www/icons (so that all icons are in one place)
    

    cp -rv /usr/local/apache/icons/* /usr/local/www/icons/

21. procmail: A local mail delivery agent
    /usr/ports/mail/procmail
22. libmcrypt: Multi-cipher cryptographic library
    /usr/ports/security/libmcrypt
    

Asparagus Custom Configuration Files

Custom configuration files are suggested (aside from the small mods indicated above) in only four cases: make.conf, httpd.conf, php.ini, and awstats's domain configurations.
Need to hook into mergemaster somehow in order to deploy these.

Startup Scripts
Creating Jails

By Chris Snyder on September 5, 2003 at 3:41pm

View or add comments

«FreeBSD: Keeping Installed Ports Up to Date - Up to Asparagus Server - Apache/SSL/PHP shared object install»