|
Written by Rik Bignell
|
|
Wednesday, 07 May 2008 |
FREEBSD 6.2 Guide (with Exim, Apache, etc)
Step 1. Installing FreeBSD.
I use Freebsd 6.2 (Lastest release 7.0). I followed the handbook for the basic installation paying special attention to chapter 14 on security. I only allow ssh access so have disabled password auth in the /etc/ssh/sshd_config. Read up on chapter 3.10 if you are unsure on how to open a config file for editing. http://www.freebsd.org/doc/en/books/handbook/openssh.html Next setup bash, and sudo. If you don’t know what these programs are used for you can find the manuals in google by searching “man bash” for example. The freebsd handbook has a handy section on shells in 3.9 http://unixhelp.ed.ac.uk/CGI/man-cgi?bash To install programs like this you can use ports. Read up on ports in chapter 4 of the handbook: http://www.freebsd.org/doc/en/books/handbook/ports.html You will need to do a find at first as you may not have the locate command with a basic install of Freebsd. So one way is to change directory to ports and list available programs.
cd /usr/ports/
Then ls to show port category folders.
cd /shells for example
ls to show all available ports under this dir
cd /bash2 for example
pwd will show your current directory if you get lost. Then to install: sudo make install clean (if you don’t have sudo installed yet you need to change to the user root and try the command without sudo) Type su to change to root and type your root password. Another way to find a file or directory (http://unixhelp.ed.ac.uk/CGI/man-cgi?find)
find /usr/ports -name bash
…for example will search the ports directory for all files/folders named locate. Or a third slightly faster way is:
whereis bash2 Be careful to select the /etc/ports folder when looking for a program to install as whereis will also find installed programs of the same name.
Step 2. Installing and Configuring Apache / Mysql / Php
Once you have all the basic programs installed you can move on to something a little more interesting. My advice is to read through the whole 27.7 chapter of the handbook BEFORE installing apache. Also read these guides BEFORE installing:
http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php
http://www.freebsdmadeeasy.com/tutorials/web-server/configure-apache-web-server-on-freebsd.php I recommend following the freebsdmadeeasy guide over the handbook due to the fact it includes ssl/php/mysql and explains commands clearly (it’s the guide I used when I was learning). As this is an old guide make sure you substitute the version number for the most uptodate one. For example I’m now using mysql51-server and client compared with suggested mysql41. Heres a snip of my apache conf:
NameVirtualHost *
<VirtualHost *>
ServerName www.richardbignell.co.uk
DocumentRoot /usr/local/www/joomla
<Directory "/usr/local/www/joomla">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
See below for joomla installation. One thing I don’t think it mentions which is really handy if things don’t exactly work once you’re finished is the http-error.log. My advice is to tail this log file which testing apache for the first time. It will also help later if you go on to set up a CMS like Joomla.
tail -f /var/log/httpd-error.log
The –f means actively monitor/update the file while you test apache (http://unixhelp.ed.ac.uk/CGI/man-cgi?tail) I think my problems while setting up apache where incorrect document paths (check the httpd.conf) and permissions on these folders (folders need to be readable by http deamon user e.g. www:www). Next I highly recommend Joomla as your CMS. Make sure you have a link in your /usr/local/etc/apache22/httpd.conf to your Joomla directory (see above virtual host example) I think ports should allow you to install Joomla (I use 1.013 but 1.5 is also just as good). This guide may help with the setup of the MySQL part:
http://help.joomla.org/content/category/15/99/132/
Step 3. Installing and configuring Exim with Mysql Virtual hosts / Dovecot / SpamAssassin / ClamAV / Squirrelmail
There are obviously alternatives to many of the programs I’ve listed here, so it can sometimes be really difficult finding a guide that lists all these for your chosen O/S. I originally used a guide for Exim / Courier-IMAP / Procmail / ClamAV and Spamassassin, but later changed to Dovecot when I added mysql virtual hosts. Using the first guide for the basic setup and the second guide for the courier integration: http://freebsd.munk.me.uk/archives/212-Installing-Exim,-SASLAuthd,-ClamAV-and-SpamAssassin-on-FreeBSD-6.2.html http://www.penguin-soft.com/penguin/man/1/maildirmake.courier.html See here for a copy of my original exim conf: Recently I used the following guides to upgrade my Exim to use MySQL Virtual Users and Dovecot. This meant getting rid of Procmail and using Spamassassin directly through Exim with individual spam thresholds. http://struction.de/projects/HOWTO_VirtualMail_Exim-MySQL-Spamassassin-ClamAV-Dovecot/ This guide is not specifically designed for FreeBSD, but using ports you will easily be able to follow this guide. Points to note: Pay special attention to the ‘users’ section of the guide for Exim, Dovecott and Spamassassin. They all have specific folders and conf files they need access to. All on the included conf files from the above guide will be setup to user /etc/clamd.conf for example. All references to /etc/ will most likely be /usr/local/etc on FreeBSD. I had various issues the Dovecott; Note that the Dovecott user’s UID and GID is specified in the conf, so will not work unless you set these correctly.
See your /etc/passwd and /etc/master.passwd files for UID and GID under dovecot user.
Username presented from the client must be the full email address.
Dovecott strips of each part and checks them both agains your MYSQL db.
Both Dovecott and Exim will need user profile with separate passwords within MySQL.
See here for basic MqSQL commands:
http://www.pantz.org/software/mysql/mysqlcommands.html
Make sure your ssl certs have the correct permissions for both dovecot and exim to read them.To hup these processes find the restart scripts in /usr/local/etc/rc.d/ . For example to restart each process in freebsd use the following:
/usr/local/etc/rc.d/dovecot restart/usr/local/etc/rc.d/apache22 restart/usr/local/etc/rc.d/clamav-clamd restart/usr/local/etc/rc.d/clamav-freshclam restart/usr/local/etc/rc.d/mysql-server restart/usr/local/etc/rc.d/exim restart/usr/local/etc/rc.d/sa-spamd restart
Below are all my conf files setup to work on FreeBSD (Please do not use without reading them first. there may be references to my domain-name in them and I don't want to read your mail!)
I have substituted my passwords for PASSWORD. Replace where necessary:
ClamAV:
Dovecot:
Exim:
RC (You need these entries to allow the processes to start automatically if your box is rebooted)
Spamassassin ( I left all the other Spamassassin conf files as default)
Finally Squirrelmail is pretty easy as I seem to remember ports will add the required conf to apache for you. See http://www.squirrelmail.org/docs/admin/admin-3.html
One thing I had to do was simlink to the squirrelmail dir:
ln –s /usr/local/www/squirrelmail-1.4.13 /usr/local/www/joomla/squirrelmail
Step 4. Maintaining all installed programs with Portsnap / Portupdate Appendix A.6 has a good section on Portsnap (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/portsnap.html) Pay special attention to the cron to email your root email address with packages that need upgrading: To add this cron type
sudo crontab -e
0 3 * * * /usr/sbin/portsnap -I cron update && /us
r/sbin/pkg_version -vIL= Note: I had to change the cron line to the above as the one in guide couldn’t find each program. Once you find out which ones need upgrading you can either; If you’re feeling brave upgrade the whole lot: portupgrade –ar Or upgrade a selection by just listing their names after portupgrade. For example portupgrade rtorrent sudo apache I recommend you install Screen to complete any portupgrades as it can take up to 30 mins per program, and you might not want to keep a session open watching the install, especially if you’re logged in remotely.
Read up on how to install and use screen here:
Its easy stuff, all you need to remember are the following basic commands: Ctrl + AC to create a new windowCtrl + AA to swap windowsCtrl + AD to detachCtrl + D to close screen What I also do to make things easy is to alias screen to the word re (for reconnect) The following command will either reattach to an open screen session or create a new one if one doesn’t exist:
screen -xRR
To append the alias command to your .bashrc. If you don’t have a .bashrc then create one using vi ~/.bashrc
echo “alias re='screen -xRR'” >> ~/.bashrc
exec bash
You will need to reboot once all your upgrades are complete:
sudo reboot system See http://www.freebsddiary.org/portupgrade.php for help on upgrades.
|
|
Last Updated ( Monday, 04 May 2009 )
|
