Once the system is updated proceed to install MySQL server. Install MySQL Server. To install MySQL run the following command. Pkg install mysql57-server mysql57-client. This command will install version 5.7 on to the the server. Enable the server to run at startup with. Sysrc mysqlenable='yes' And finally, start the server. It is assumed that a FreeNAS jail has been setup as per Issue #329 and root access has been obtained. Update the ports tree: portsnap fetch extract Once that is done, build mariadb55-server from the ports tree, the uninstall mariadb55-server. This is to resolve the source dependencies for recompiling the MariaDB server later on with wsrep. Step One — Install Apache. The Apache web server is currently the most popular web server in the world, which makes it a great choice for hosting a website. We can install Apache easily using FreeBSD’s package manager, pkg. A package manager allows us to install most software pain-free from a repository maintained by FreeBSD. Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un.x-like operating systems. It only takes a minute to sign up.
Learn how to install GitWeb to browse the repositories on your server. Build the Git package from the Ports collection to install GitWeb on an Apache server. Optionally, configure access over HTTPS and LDAP authentication.
Note: I recently moved my Git server to Gitea. To learn how to install Gitea,see Installing a Gitea server on FreeBSD.
The following screenshot shows GitWeb displaying tworepositories:
Preparing the jail
The instructions in this post host the app server in a jail on FreeBSD. To learnwhy we use jails for this purpose, check theApplication server section ofour self-hosted architecture post.
In this section, you’ll perform the following tasks:
Freenas Create Jail
- Create a jail.
- Configure networking on the jail.
- Install the prerequisite packages.
Run the commands from a session in your FreeBSD host.
To create a jail:
- Fetch or update the release version of FreeBSD for jail usage:
- Create a jail named
To configure networking on the jail:
- Configure the IP address. The following example sets the IP address to
192.168.1.123 using a subnet maskof
24 bits on the
em0 interface. The command uses theCIDR notation.
- Configure the default router. The following example sets the default routerto
Start the jail and open a session to complete the rest of the tasks in thissection:
Install the following packages:
Installing GitWeb from Ports
GitWeb is not included by default in the Git package. To get the GitWebbinaries, you need to install Git from the Ports collection.
- Download and extract the Ports Collection:
- Build and install the Git package the GitWeb binaries:
The build system shows the configuration prompts for the Git package and itsdependencies, but the GitWeb option is preselected. Accepting the defaultoptions work well for most installations.
Install Apache In Freenas Jail Host Command
Configuring the web service
- Copy the example GitWeb directory that is included with the Git package:
- In the
- Configure service start:
- Restart the web server:
Create the common root directory
The repositories must be stored in a common root directory, which by default islocated in the
/pub/git directory. To create the
If you followed our post about installing a Git server on FreeNAS and chose theoption to store the repositories on a ZFS dataset, then you can just mountthe dataset on
/pub/git by running the following command from aFreeNAS shell.
Otherwise, create a repository to test the installation:
- Create a repository:
- Create a commit in the repository:
Open a browser and go to http://192.168.1.123 to checkthe GitWeb interface.
Configure access over HTTPS
To configure access over HTTPS, you need an SSL certificate, such as the onesprovided by Let’s Encrypt.
- Copy the
key files of your certificate to a folder in thejail.
- By default, any
.conf file in the
Includes folder is added to the Apacheconfiguration. Create the
/usr/local/etc/apache24/Includes/my-conf.conffile with the following contents:
- Restart the web server:
Configure LDAP authentication
You can configure Apache to validate the users against an LDAP directory, suchas OpenLDAP. If you configure authentication using this method, make sure toenable HTTPS because the credentialsare transmitted over the network in plain text.
This section assumes you already have a working LDAP server. For moreinformation, check the Installing an OpenLDAP server tutorial.
Apache doesn’t include the modules required for LDAP authentication by default.To get the modules, you need to install Apache from the Ports collection. Toinstall Apache from the Ports collection:
- Remove the apache24 package:
- Install the apr1 package. Make sure to select the LDAP option from thefirst dialog:
- Install the apache24 package. Make sure to select the AUTHNZ_LDAP andLDAP options from the first dialog:
Install Drivers Freenas
/usr/local/etc/apache24/httpd.conf, configure the web server to use theLDAP modules and provide your LDAP server parameters:
Freenas Jail Upgrade
- To enable the LDAP modules, add the following
- Replace the
Directory element added in the Configuring the webservice section with the following:
- Restart the web server:
Let’s review the new parameters in this configuration:
AuthType: Selects that method that is used to authenticate the user.The
BasicAuth method sends the credentials through the network in plaintext. This is the reason why you must configure HTTPS before enabling LDAPauthentication.
AuthBasicProvider: Selects the provider to use with basic authentication.In this case, LDAP.
AuthLDAPURL: This parameter configures several options:
- Protocol: Depending on your LDAP service, you can select
- LDAP URL: The URL of your LDAP server. In the example,
- Container where to look for users. In this case,
- Attribute to match with the username entered in the login field. In thiscase,
uid. It’s advised to use a field that is unique in the LDAPdirectory, using an attribute that can be shared in multiple accounts,such as
cn can lead to authentication issues.
- Connection type. In this example,
STARTTLS, which establishes a secureconnection on the default LDAP port (389). You can establish an unsecureconnection on the default LDAP port using the
AuthLDAPBindDN: The account used to bind to and query the LDAP directory.
AuthLDAPBindPassword: The password of the account used to bind to the LDAP directory.
Require: Provides the authorization part of the process. In this case,
valid-user accepts any user in the LDAP directory.