Recent Posts

Pages: [1] 2 3 ... 8
1
 Nice Post Mentor, Thank you so much for this...
Hope you can create a thread also for how to generate a report on bandwidth usage per IP.  :) :) :D :D :D :D

2
Linux and BSD / [How-To] Install OwnCloud on FreeBSD FAMP
« Last post by Edd Noman on March 29, 2018, 03:23:13 PM »
[How-To] Install OwnCloud on FreeBSD FAMP

In this tutorial or guide I will show you how to setup and install the needed components for running your own private cloud server based on FreeBSD and OwnCloud, I will also attach the session log output of my own install at the bottom so you can read the proper output of the server install in full.

This guide is based on personal experience whit the different components and are also based on OwnClouds own documentation found at: https://doc.owncloud.org/server/latest/admin_manual/contents.html

One thing to note before beginning, this write up was done by request by a user, and while working on this project OwnCloud had several updates, and in the latest version decided to drop official support for FreeBSD installs, so if that is an issue for you then I suggest using a Linux flavor, you can still follow this guide for setting it up but you need to adjust some of the commands and folder loactions to mach your Linux system.

What is OwnCloud
OwnCloud is a PHP and MySQL based free and open source file sharing application platform which allows us to create our very own cloud storage platform. The OwnCloud server which is a free edition is released under GNU AGPLv3 license whereas the Enterprise edition is under OwnCloud Commercial license. It is a client-server architectural software in which, the files are stored on the server whereas the clients are used to access and share the files. The client for OwnCloud is available for every platform making it easy to manage and access the files from every devices.

Why FreeBSD
FreeBSD is a free and open source Unix-like operating system based on BSD systems. Unlike Linux, FreeBSD is developed as an entire operating system from kernel, device drivers to the userland utilities whereas Linux is a kernel with device drivers.

Currently while writing this article, the latest release of OwnCloud is 10.0.7 so, we'll be performing its setup on our freshly installed FreeBSD 11 server. I will only cover the minimal settings for getting OwnCloud up and running on FreeBSD with the basic configuration of FAMP stack

Some useful environment information:
Server Hostname: server
Server IP: 192.168.55.30
Server Netmask \ CIDR: 255.255.255.0 /24
Web address: http://server.it-monkey.lan/owncloud/

Routing and DNS information is handled by the pfSense network server where DNS Resolver is set whit Host Override for domain it-monkey.lan and server.it-monkey.lan pointing to IP 192.168.55.30 and this IP address is set to be staticly assign to the MAC Addr of the FreeBSD server through DHCP Static mapping.

I suggest you check if your router support this as it will make your access to the server much easier and cleaner

All configuration is done remotely over SSH connection using Putty from a Windows 7 client, as this is a headless server build from random parts I had available to use for this project, and to make it as common for most people that want to try something new.

Installing FAMP Stack
FAMP Stack is the combination of Apache web server, MySQL/MariaDB database server and PHP modules running on a FreeBSD server. FAMP is one of the widely used stack for hosting websites and web applications on servers. Here, we be installing FAMP stack in order to run our PHP based OwnCloud server.

This processes is pretty easy, you install the server OS (not covered in this guide), latest version of Apache web server, PHP and mySQL or MariaDB, we will be working whit the following versions:

FreeBSD 11.1
OwnCloud 10.0.7
Apache 2.4.29
PHP 7.1.15
mySQL 5.7.21

Preparing FreeBSD 11.1
Check current version: uname -a
Show current system info: neofetch (not installed by default)




Before installing any applications we need to make sure we have access to all the latest applications, versions and software available for the platform
Update package repository information:
sudo pkg update

Upgrade package repository information:
sudo pkg upgrade

When the repository is updated, we need to install the tools used in this guide
sudo pkg install curl wget vim nano gnupg

Apache:
The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. This project is part of the Apache Software Foundation. In addition, hundreds of users have contributed ideas, code, and documentation to the project. This file is intended to briefly describe the history of the Apache HTTP Server and recognize the many contributors.

Documentation: https://httpd.apache.org/docs/2.4/

Important files and locations:
Apache configuration file is: httpd.conf located at /usr/local/etc/apache24/httpd.conf
Default website folder: /usr/local/www/apache24/data
Apache logs: /var/log
Add-on modules are located in: /usr/local/etc/apache24/Includes/

Installing Apache:
sudo pkg install apache24

Now we need to set Apache to start automatically on boots:
sudo sysrc apache24_enable=YES

Now we have to set the default production configuration for the Apache web server: sudo cp /usr/local/etc/apache24/httpd.conf.sample /usr/local/etc/apache24/httpd.conf

Now we can start the web server:
sudo service apache24 start

When starting the Apache web server it is going to do a sanitycheck of its configuration, and since there is no static IP or DNS configuration on the server it is going to complain and warn you about this, this message can be ignored for now.

Test web server, open a web browser and test both IP and DNS access: http://192.168.55.30/ and http://server.it-monkey.lan/





PHP:
PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language. It was originally created by Rasmus Lerdorf in 1994, the PHP reference implementation is now produced by The PHP Group. PHP originally stood for Personal Home Page, but it now stands for the recursive acronym PHP: Hypertext Preprocessor

PHP code may be embedded into HTML code, or it can be used in combination with various web template systems, web content management systems, and web frameworks. PHP code is usually processed by a PHP interpreter implemented as a module in the web server or as a Common Gateway Interface (CGI) executable. The web server combines the results of the interpreted and executed PHP code, which may be any type of data, including images, with the generated web page. PHP code may also be executed with a command-line interface (CLI) and can be used to implement standalone graphical applications.

The standard PHP interpreter, powered by the Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be deployed on most web servers on almost every operating system and platform, free of charge.

Documentation: http://fi2.php.net/docs.php

Important PHP files:
PHP Apache module: /usr/local/etc/php.ini
PHP FastCGI Process Manager Global Directive: /usr/local/etc/php-fpm.conf
PHP FastCGI Process Manager Pool Directive: /usr/local/etc/phpfpm.d/www.conf

Install PHP, PHP Extension and needed modules:
sudo pkg install php71 php71-extensions mod_php71 php71-mysqli php71-gd php71-curl php71-zlib php71-zip php71-pdo_mysql php71-openssl php71-gmp php71-ldap php71-exif php71-fileinfo php71-mbstring php71-bcmath php71-bz2 php71-mcrypt php71-intl

Code tag for no line breaks:
Code: [Select]
sudo pkg install php71 php71-extensions mod_php71 php71-mysqli php71-gd php71-curl php71-zlib php71-zip php71-pdo_mysql php71-openssl php71-gmp php71-ldap php71-exif php71-fileinfo php71-mbstring php71-bcmath php71-bz2 php71-mcrypt php71-intl


Now we need to set the production environment instructions for PHP:
sudo cp /usr/local/etc/php.ini-production  /usr/local/etc/php.ini

We also need to configure PHP to listen on internal socket connections rather than IP and Ports that is done by editing the file  www.conf

In this file we need to check that it has the following valuses

listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0660

sudo nano /usr/local/etc/php-fpm.d/www.conf

Content of /usr/local/etc/php-fpm.d/www.conf
Code: [Select]

;/usr/local/etc/php-fpm.d/www.conf
;
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr/local) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = www
group = www

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
; listen = 127.0.0.1:9000
listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0660

; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = www
;listen.group = www
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1

; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
;       - The pool processes will inherit the master process priority
;         unless it specified otherwise
; Default Value: no set
; process.priority = -19

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives. With this process management, there will be
;             always at least 1 children.
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
;  ondemand - no children are created at startup. Children will be forked when
;             new requests will connect. The following parameter are used:
;             pm.max_children           - the maximum number of children that
;                                         can be alive at the same time.
;             pm.process_idle_timeout   - The number of seconds after which
;                                         an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
;   pool                 - the name of the pool;
;   process manager      - static, dynamic or ondemand;
;   start time           - the date and time FPM has started;
;   start since          - number of seconds since FPM has started;
;   accepted conn        - the number of request accepted by the pool;
;   listen queue         - the number of request in the queue of pending
;                          connections (see backlog in listen(2));
;   max listen queue     - the maximum number of requests in the queue
;                          of pending connections since FPM has started;
;   listen queue len     - the size of the socket queue of pending connections;
;   idle processes       - the number of idle processes;
;   active processes     - the number of active processes;
;   total processes      - the number of idle + active processes;
;   max active processes - the maximum number of active processes since FPM
;                          has started;
;   max children reached - number of times, the process limit has been reached,
;                          when pm tries to start more children (works only for
;                          pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
;   pool:                 www
;   process manager:      static
;   start time:           01/Jul/2011:17:53:49 +0200
;   start since:          62636
;   accepted conn:        190460
;   listen queue:         0
;   max listen queue:     1
;   listen queue len:     42
;   idle processes:       4
;   active processes:     11
;   total processes:      15
;   max active processes: 12
;   max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
;   http://www.foo.bar/status
;   http://www.foo.bar/status?json
;   http://www.foo.bar/status?html
;   http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
;   http://www.foo.bar/status?full
;   http://www.foo.bar/status?json&full
;   http://www.foo.bar/status?html&full
;   http://www.foo.bar/status?xml&full
; The Full status returns for each process:
;   pid                  - the PID of the process;
;   state                - the state of the process (Idle, Running, ...);
;   start time           - the date and time the process has started;
;   start since          - the number of seconds since the process has started;
;   requests             - the number of requests the process has served;
;   request duration     - the duration in µs of the requests;
;   request method       - the request method (GET, POST, ...);
;   request URI          - the request URI with the query string;
;   content length       - the content length of the request (only with POST);
;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
;   script               - the main script called (or '-' if not set);
;   last request cpu     - the %cpu the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because CPU calculation is done when the request
;                          processing has terminated;
;   last request memory  - the max amount of memory the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because memory calculation is done when the request
;                          processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
;   ************************
;   pid:                  31330
;   state:                Running
;   start time:           01/Jul/2011:17:53:49 +0200
;   start since:          63087
;   requests:             12808
;   request duration:     1250261
;   request method:       GET
;   request URI:          /test_mem.php?N=10000
;   content length:       0
;   user:                 -
;   script:               /home/fat/web/docs/php/test_mem.php
;   last request cpu:     0.00
;   last request memory:  0
;
; Note: There is a real-time FPM status monitoring sample web page available
;       It's available in: /usr/local/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong

; The access log file
; Default: not set
;access.log = log/$pool.access.log

; The access log format.
; The following syntax is allowed
;  %%: the '%' character
;  %C: %CPU used by the request
;      it can accept the following format:
;      - %{user}C for user CPU only
;      - %{system}C for system CPU only
;      - %{total}C  for user + system CPU (default)
;  %d: time taken to serve the request
;      it can accept the following format:
;      - %{seconds}d (default)
;      - %{miliseconds}d
;      - %{mili}d
;      - %{microseconds}d
;      - %{micro}d
;  %e: an environment variable (same as $_ENV or $_SERVER)
;      it must be associated with embraces to specify the name of the env
;      variable. Some exemples:
;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
;  %f: script filename
;  %l: content-length of the request (for POST request only)
;  %m: request method
;  %M: peak of memory allocated by PHP
;      it can accept the following format:
;      - %{bytes}M (default)
;      - %{kilobytes}M
;      - %{kilo}M
;      - %{megabytes}M
;      - %{mega}M
;  %n: pool name
;  %o: output header
;      it must be associated with embraces to specify the name of the header:
;      - %{Content-Type}o
;      - %{X-Powered-By}o
;      - %{Transfert-Encoding}o
;      - ....
;  %p: PID of the child that serviced the request
;  %P: PID of the parent of the child that serviced the request
;  %q: the query string
;  %Q: the '?' character if query string exists
;  %r: the request URI (without the query string, see %q and %Q)
;  %R: remote IP address
;  %s: status (response code)
;  %t: server time the request was received
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %T: time the log has been written (the request has finished)
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =

; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes

; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'.
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr/local)

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M


Set PHP to run at bootup:
sudo sysrc php_fpm_enable=YES

Start PHP:
sudo service php-fpm start

Set the PHP Configuration for Apache webserver:
sudo nano /usr/local/etc/apache24/Includes/php.conf

Here you are creating a new config file, and need to add the following code:

Content of /usr/local/etc/apache24/Includes/php.conf
Code: [Select]
<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>

Now we need to enable the PHP modules in Apache web server:
sudo nano /usr/local/etc/apache24/httpd.conf

Here we need to enable SSL and PHP modules and add the following code:
php7_module:
<IfModule php7_module>
        AddType application/x-httpd-php .php
</IfModule>

dir_module:
<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

Content of /usr/local/etc/apache24/httpd.conf
Code: [Select]

# /usr/local/etc/apache24/httpd.conf
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned. 
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/usr/local"

#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/var/run

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
#LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
#LoadModule cache_module libexec/apache24/mod_cache.so
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
#LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
#LoadModule macro_module libexec/apache24/mod_macro.so
#LoadModule dbd_module libexec/apache24/mod_dbd.so
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
#LoadModule buffer_module libexec/apache24/mod_buffer.so
#LoadModule data_module libexec/apache24/mod_data.so
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
#LoadModule request_module libexec/apache24/mod_request.so
#LoadModule include_module libexec/apache24/mod_include.so
LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule reflector_module libexec/apache24/mod_reflector.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so
#LoadModule logio_module libexec/apache24/mod_logio.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
#LoadModule proxy_module libexec/apache24/mod_proxy.so
#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
#LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
#LoadModule session_module libexec/apache24/mod_session.so
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
#LoadModule dialup_module libexec/apache24/mod_dialup.so
#LoadModule http2_module libexec/apache24/mod_http2.so
#LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so
#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so
#LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
#LoadModule asis_module libexec/apache24/mod_asis.so
#LoadModule info_module libexec/apache24/mod_info.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
#LoadModule negotiation_module libexec/apache24/mod_negotiation.so
LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule speling_module libexec/apache24/mod_speling.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
#LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule php7_module        libexec/apache24/libphp7.so

<IfModule php7_module>
        AddType application/x-httpd-php .php
</IfModule>

# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
 
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch. 
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www
Group www

</IfModule>

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
ServerAdmin you@example.com

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
    Require all denied
</Files>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd-error.log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "/var/log/httpd-access.log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "/var/log/httpd-access.log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    #Scriptsock cgisock
</IfModule>

#
# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/www/apache24/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA
    #
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig etc/apache24/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile etc/apache24/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited

#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on

# Supplemental configuration
#
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.

# Server-pool management (MPM specific)
#Include etc/apache24/extra/httpd-mpm.conf

# Multi-language error messages
#Include etc/apache24/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
#Include etc/apache24/extra/httpd-autoindex.conf

# Language settings
#Include etc/apache24/extra/httpd-languages.conf

# User home directories
#Include etc/apache24/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include etc/apache24/extra/httpd-info.conf

# Virtual hosts
#Include etc/apache24/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include etc/apache24/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include etc/apache24/extra/httpd-dav.conf

# Various default settings
#Include etc/apache24/extra/httpd-default.conf

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include etc/apache24/extra/proxy-html.conf
</IfModule>

# Secure (SSL/TLS) connections
#Include etc/apache24/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

Include etc/apache24/Includes/*.conf


Now we need to create a PHP Info \ Diagnostics page to check if all is working correctly:
sudo nano /usr/local/www/apache24/data/phpinfo.php

Content of /usr/local/www/apache24/data/phpinfo.php
Code: [Select]
<?php phpinfo();  ?>

Now we need to restart Apache web server since we have done alot of configuration changes that needs to be reloaded: sudo service apache24 restart

Test web server, open a web browser and test both IP and DNS access: http://192.168.55.30/phpinfo.php and http://server.it-monkey.lan/phpinfo.php






Now that you have checked that everything is working correctly whit Apache and PHP, it is time to install and configure the Database server mySQL v5.7

mySQL:
mySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, mySQL has become the leading database choice for web-based applications, used by high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more.

Oracle drives mySQL innovation, delivering new capabilities to power next generation web, cloud, mobile and embedded applications.

Documentation: https://dev.mysql.com/doc/refman/5.7/en/introduction.html

Install mySQL:
sudo pkg install mysql57-server

Set mySQL to automatically start at bootup:
sudo sysrc mysql_enable=YES

Start mySQL Server:
sudo service mysql-server start

Secure the Database SQL Server: sudo mysql_secure_installation
- Would you like to setup VALIDATE PASSWORD plugin?: yes
There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1
- Change the password for root ?: yes
New password: MySexyPassword123.
Re-enter new password: MySexyPassword123.

- Do you wish to continue with the password provided?: yes
- Remove anonymous users?: yes
- Disallow root login remotely?: yes
- Remove test database and access to it?: yes
- Remove test database and access to it?: yes
- Reload privilege tables now?: yes

Open mySQL Server to create the needed Databases and access that is required by OwnCloud: sudo mysql -u root -p

Now there is a bug in the SQL secure installation process that make us to reset the password for root user before creating the databases and access:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MySexyPassword123.';

Then we can create the database: ownclouddb, and the admin user: ocadmin

CREATE DATABASE ownclouddb;
CREATE USER ocadmin@localhost IDENTIFIED BY 'MySexyPassword123.';
GRANT ALL PRIVILEGES ON ownclouddb.* TO 'ocadmin'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Now we have done the minimum FAMP configuration for OwnCloud to run on FreeBSD, now we are just missing a few environment configurations before installing the OwnCloud package. We start by creating the SSL Certs so we can use HTTPS connection for accessing the server

In this guide we will be using the self signed SSL Cert, but the process for generating a self signed cert and a signed cert is identical as you need to generate a CSR and PEM file and a private and public key pair, if you follow this process and give the correct details, you can send the CSR file to a Certificate Authority and get it publicly signed and validated for your server

Make the SSL Cert directory:
sudo mkdir -p /usr/local/etc/ssl/self-cert/owncloud/

Move to the SSL Cert directory:
cd /usr/local/etc/ssl/self-cert/owncloud/

Generating CSR and PEM file:
sudo openssl req -config /etc/ssl/openssl.cnf -new -out /usr/local/etc/ssl/self-cert/owncloud/owncloud.csr -keyout /usr/local/etc/ssl/self-cert/owncloud/owncloud.pem

Enter PEM pass phrase: MySexyPassword123.
Verifying - Enter PEM pass phrase: MySexyPassword123.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but for some fields there will be a default value,
If you enter “ . “ the field will be left blank(not recommended).

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

My server is located in Drammen, Norway so the form will look like this for me, and you have to adjust this to your server or organisation locations, if you are a home user the important part here is Country, City, Common Name and Email are correct and you can leave the rest empty

Common Name needs to be the FQDN and or Public IP of the server if you are going to have it accessed for the Internet

Country Name (2 letter code) [AU]: NO
State or Province Name (full name) [Some-State]: Buskerud
Locality Name (eg, city) []: Drammen
Organization Name (eg, company) [Internet Widgits Pty Ltd]: IT-Monkey
Organizational Unit Name (eg, section) []: IT
Common Name (e.g. server FQDN or YOUR name) []: server.it-monkey.lan
Email Address []: admin@it-monkey.lan

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: MySexyPassword123.
An optional company name []: IT-Monkey

Generating RSA key:
sudo openssl rsa -in /usr/local/etc/ssl/self-cert/owncloud/owncloud.pem -out /usr/local/etc/ssl/self-cert/owncloud/owncloud.key

Enter pass phrase for /usr/local/etc/ssl/self-cert/owncloud/owncloud.pem: MySexyPassword123.

Sign the CRT and PEM file whit the RSA Key valid for 3 years:
sudo openssl x509 -in /usr/local/etc/ssl/self-cert/owncloud/owncloud.csr -out /usr/local/etc/ssl/self-cert/owncloud/owncloud.crt -req -signkey /usr/local/etc/ssl/self-cert/owncloud/owncloud.key -days 1095

Set the correct file permissions for the certificates:
sudo chmod 600 *

Finally we come to the process for getting OwnCloud on our system, we start by creating the folder that will hold the files for OwnCloud application

Creating the OwnCloud folder under Apache web server:
sudo mkdir -p /usr/local/www/apache24/data/owncloud/

Set the correct premission so Apache web server can read the files:
sudo chown -R www:www /usr/local/www/apache24/data/owncloud/
 
We can now download the OwnCloud software to our server, the current way to do that is to use wget or curl and point it at the URL holding the tar install file of OwnCloud, these URLs changes often so check OwnClouds website for the current version

We only need these files temporarily so we move to the system temp folder:
cd /tmp

Now we need to download the OwnCloud software to our server, the current way to do that is to use wget or curl and point it at the URL holding the tar install file of OwnCloud, these urls changes often so check OwnClouds website for the current version

Current files to be downloaded:
wget https://download.owncloud.org/community/owncloud-10.0.7.tar.bz2
wget https://download.owncloud.org/community/owncloud-10.0.7.tar.bz2.sha256
wget https://download.owncloud.org/community/owncloud-10.0.7.tar.bz2.asc
wget https://owncloud.org/owncloud.asc

Verifying the downloaded files:
sudo gpg --import owncloud.asc
sudo sha256 -c owncloud-10.0.7.tar.bz2.sha256 -s owncloud-10.0.7.tar.bz2
sudo gpg --verify owncloud-10.0.7.tar.bz2.sha256 owncloud-10.0.7.tar.bz2

After you have verified the files, you need to extract them from the tar archive
sudo tar -xjf owncloud-10.0.7.tar.bz2

Now we want to move the files to the directory we created for it under Apache web server
sudo cp -r owncloud/* /usr/local/www/apache24/data/owncloud/

Last thing to do is to restart the Apache web server:
sudo service apache24 restart

Now everything should be installed and working and when you open your web browser and navigate to http://192.168.55.30/owncloud/ or http://server.it-monkey.lan/owncloud/ you should see the OwnCloud setup page






Server output
Code: [Select]


=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2018.03.28 11:10:04 =~=~=~=~=~=~=~=~=~=~=~=
login as: edd
Using keyboard-interactive authentication.
Password for edd@server:
Last login: Mon Mar 26 10:37:58 2018 from 192.168.55.150

FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories: https://www.FreeBSD.org/security/
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
FreeBSD FAQ: https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums: https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
In order to make fetch (the FreeBSD downloading tool) ask for
username/password when it encounters a password-protected web page, you can set
the environment variable HTTP_AUTH to 'basic:*'.

$ uname  -a
FreeBSD server 11.1-RELEASE FreeBSD 11.1-RELEASE #0 r321309: Fri Jul 21 02:08:28 UTC 2017     root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

$ neofetch
   ```                        `    edd@server
  ` `.....---.......--.```   -/    ----------
  +o   .--`         /y:`      +.   OS: FreeBSD 11.1-RELEASE amd64
   yo`:.            :o      `+-    Uptime: 1 day, 18 hours, 50 mins
    y/               -/`   -o/     Packages: 126
   .-                  ::/sy+:.    Shell: sh
   /                     `--  /    Terminal: /dev/pts/0
  `:                          :`   CPU: Intel i7-4770 (4) @ 3.392GHz
  `:                          :`   GPU: SVGA II Adapter
   /                          /    Memory: 1641MiB / 2012MiB
   .-                        -.
    --                      -.
     `:`                  `:`
       .--             `--.
          .---.....----.
$

  Updating the package repositories
$ sudo pkg update
Updating FreeBSD repository catalogue...
Fetching meta.txz:   0%
Fetching meta.txz: 100%    944 B   0.9kB/s    00:01   
Fetching packagesite.txz:   0%
Fetching packagesite.txz:   6%  392 KiB 401.4kB/s    00:14 ETA
Fetching packagesite.txz:  54%    3 MiB   2.9MB/s    00:01 ETA
Fetching packagesite.txz: 100%    6 MiB   3.1MB/s    00:02   
Processing entries:   0%
.
.
Processing entries: 100%
FreeBSD repository update completed. 28605 packages processed.
All repositories are up to date.

$ sudo pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format:   0%
Updating database digests format: 100%
Checking for upgrades (10 candidates):   0%
Checking for upgrades (10 candidates): 100%
Processing candidates (10 candidates):   0%
Processing candidates (10 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.

  Installing the needed tools
$ sudo pkg install curl wget vim nano gnupg
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 21 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
curl: 7.58.0
wget: 1.19.2
vim: 8.0.1427
nano: 2.9.1
gnupg: 2.2.4
libnghttp2: 1.29.0
libedit: 3.1.20170329_2,1
libXpm: 3.5.12
ruby: 2.4.3,1
libyaml: 0.1.6_2
desktop-file-utils: 0.23
ctags: 5.8
cscope: 15.8b
pinentry: 1.0.0_3
pinentry-tty: 1.0.0
libgpg-error: 1.27
libassuan: 2.5.1
libksba: 1.3.5
libgcrypt: 1.8.2
npth: 1.5
sqlite3: 3.22.0_1

Number of packages to be installed: 21

The process will require 104 MiB more space.
22 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/21] Fetching curl-7.58.0.txz:   0%
[1/21] Fetching curl-7.58.0.txz:  31%  376 KiB 385.0kB/s    00:02 ETA
[1/21] Fetching curl-7.58.0.txz: 100%    1 MiB   1.2MB/s    00:01   
[2/21] Fetching wget-1.19.2.txz:   0%
[2/21] Fetching wget-1.19.2.txz:  25%  160 KiB 163.8kB/s    00:02 ETA
[2/21] Fetching wget-1.19.2.txz: 100%  624 KiB 639.1kB/s    00:01   
[3/21] Fetching vim-8.0.1427.txz:   0%
[3/21] Fetching vim-8.0.1427.txz:   1%  128 KiB 131.1kB/s    00:51 ETA
[3/21] Fetching vim-8.0.1427.txz:  18%    1 MiB   1.2MB/s    00:07 ETA
[3/21] Fetching vim-8.0.1427.txz:  71%    5 MiB   3.6MB/s    00:00 ETA
[3/21] Fetching vim-8.0.1427.txz: 100%    7 MiB   2.3MB/s    00:03   
[4/21] Fetching nano-2.9.1.txz:   0%
[4/21] Fetching nano-2.9.1.txz:  65%  312 KiB 319.5kB/s    00:00 ETA
[4/21] Fetching nano-2.9.1.txz: 100%  476 KiB 487.8kB/s    00:01   
[5/21] Fetching gnupg-2.2.4.txz:   0%
[5/21] Fetching gnupg-2.2.4.txz:  20%  408 KiB 417.8kB/s    00:03 ETA
[5/21] Fetching gnupg-2.2.4.txz: 100%    2 MiB   2.0MB/s    00:01   
[6/21] Fetching libnghttp2-1.29.0.txz:   0%
[6/21] Fetching libnghttp2-1.29.0.txz: 100%  108 KiB 110.4kB/s    00:01   
[7/21] Fetching libedit-3.1.20170329_2,1.txz:   0%
[7/21] Fetching libedit-3.1.20170329_2,1.txz: 100%  125 KiB 128.5kB/s    00:01   
[8/21] Fetching libXpm-3.5.12.txz:   0%
[8/21] Fetching libXpm-3.5.12.txz: 100%   71 KiB  72.2kB/s    00:01   
[9/21] Fetching ruby-2.4.3,1.txz:   0%
[9/21] Fetching ruby-2.4.3,1.txz:   6%  568 KiB 581.6kB/s    00:14 ETA
[9/21] Fetching ruby-2.4.3,1.txz:  35%    3 MiB   2.6MB/s    00:03 ETA
[9/21] Fetching ruby-2.4.3,1.txz:  98%    8 MiB   5.7MB/s    00:00 ETA
[9/21] Fetching ruby-2.4.3,1.txz: 100%    9 MiB   3.0MB/s    00:03   
[10/21] Fetching libyaml-0.1.6_2.txz:   0%
[10/21] Fetching libyaml-0.1.6_2.txz: 100%   64 KiB  65.3kB/s    00:01   
[11/21] Fetching desktop-file-utils-0.23.txz:   0%
[11/21] Fetching desktop-file-utils-0.23.txz: 100%   37 KiB  37.4kB/s    00:01   
[12/21] Fetching ctags-5.8.txz:   0%
[12/21] Fetching ctags-5.8.txz: 100%  121 KiB 124.0kB/s    00:01   
[13/21] Fetching cscope-15.8b.txz:   0%
[13/21] Fetching cscope-15.8b.txz: 100%  127 KiB 130.1kB/s    00:01   
[14/21] Fetching pinentry-1.0.0_3.txz:   0%
[14/21] Fetching pinentry-1.0.0_3.txz: 100%   16 KiB  16.6kB/s    00:01   
[15/21] Fetching pinentry-tty-1.0.0.txz:   0%
[15/21] Fetching pinentry-tty-1.0.0.txz: 100%   27 KiB  27.6kB/s    00:01   
[16/21] Fetching libgpg-error-1.27.txz:   0%
[16/21] Fetching libgpg-error-1.27.txz: 100%  183 KiB 187.2kB/s    00:01   
[17/21] Fetching libassuan-2.5.1.txz:   0%
[17/21] Fetching libassuan-2.5.1.txz: 100%   77 KiB  78.7kB/s    00:01   
[18/21] Fetching libksba-1.3.5.txz:   0%
[18/21] Fetching libksba-1.3.5.txz: 100%  158 KiB 161.3kB/s    00:01   
[19/21] Fetching libgcrypt-1.8.2.txz:   0%
[19/21] Fetching libgcrypt-1.8.2.txz:  26%  192 KiB 196.6kB/s    00:02 ETA
[19/21] Fetching libgcrypt-1.8.2.txz: 100%  716 KiB 733.5kB/s    00:01   
[20/21] Fetching npth-1.5.txz:   0%
[20/21] Fetching npth-1.5.txz: 100%   20 KiB  20.9kB/s    00:01   
[21/21] Fetching sqlite3-3.22.0_1.txz:   0%
[21/21] Fetching sqlite3-3.22.0_1.txz:   6%   72 KiB  73.7kB/s    00:15 ETA
[21/21] Fetching sqlite3-3.22.0_1.txz: 100%    1 MiB   1.2MB/s    00:01   
Checking integrity... done (0 conflicting)
[1/21] Installing libgpg-error-1.27...
[1/21] Extracting libgpg-error-1.27:   0%
[1/21] Extracting libgpg-error-1.27: 100%
[2/21] Installing libassuan-2.5.1...
[2/21] Extracting libassuan-2.5.1:   0%
[2/21] Extracting libassuan-2.5.1: 100%
[3/21] Installing libedit-3.1.20170329_2,1...
[3/21] Extracting libedit-3.1.20170329_2,1:   0%
[3/21] Extracting libedit-3.1.20170329_2,1: 100%
[4/21] Installing libyaml-0.1.6_2...
[4/21] Extracting libyaml-0.1.6_2:   0%
[4/21] Extracting libyaml-0.1.6_2: 100%
[5/21] Installing pinentry-tty-1.0.0...
[5/21] Extracting pinentry-tty-1.0.0:   0%
[5/21] Extracting pinentry-tty-1.0.0: 100%
[6/21] Installing libnghttp2-1.29.0...
[6/21] Extracting libnghttp2-1.29.0:   0%
[6/21] Extracting libnghttp2-1.29.0: 100%
[7/21] Installing libXpm-3.5.12...
[7/21] Extracting libXpm-3.5.12:   0%
[7/21] Extracting libXpm-3.5.12: 100%
[8/21] Installing ruby-2.4.3,1...
[8/21] Extracting ruby-2.4.3,1:   0%
[8/21] Extracting ruby-2.4.3,1: 100%
[9/21] Installing desktop-file-utils-0.23...
[9/21] Extracting desktop-file-utils-0.23:   0%
[9/21] Extracting desktop-file-utils-0.23: 100%
[10/21] Installing ctags-5.8...
[10/21] Extracting ctags-5.8:   0%
[10/21] Extracting ctags-5.8: 100%
[11/21] Installing cscope-15.8b...
[11/21] Extracting cscope-15.8b:   0%
[11/21] Extracting cscope-15.8b: 100%
[12/21] Installing pinentry-1.0.0_3...
[12/21] Extracting pinentry-1.0.0_3:   0%
[12/21] Extracting pinentry-1.0.0_3: 100%
[13/21] Installing libksba-1.3.5...
[13/21] Extracting libksba-1.3.5:   0%
[13/21] Extracting libksba-1.3.5: 100%
[14/21] Installing libgcrypt-1.8.2...
[14/21] Extracting libgcrypt-1.8.2:   0%
[14/21] Extracting libgcrypt-1.8.2: 100%
[15/21] Installing npth-1.5...
[15/21] Extracting npth-1.5:   0%
[15/21] Extracting npth-1.5: 100%
[16/21] Installing sqlite3-3.22.0_1...
[16/21] Extracting sqlite3-3.22.0_1:   0%
[16/21] Extracting sqlite3-3.22.0_1: 100%
[17/21] Installing curl-7.58.0...
[17/21] Extracting curl-7.58.0:   0%
[17/21] Extracting curl-7.58.0: 100%
[18/21] Installing wget-1.19.2...
[18/21] Extracting wget-1.19.2:   0%
[18/21] Extracting wget-1.19.2: 100%
[19/21] Installing vim-8.0.1427...
[19/21] Extracting vim-8.0.1427:   0%
[19/21] Extracting vim-8.0.1427: 100%
[20/21] Installing nano-2.9.1...
[20/21] Extracting nano-2.9.1:   0%
[20/21] Extracting nano-2.9.1: 100%
[21/21] Installing gnupg-2.2.4...
Extracting gnupg-2.2.4:   0%
Extracting gnupg-2.2.4: 100%
Message from ruby-2.4.3,1:

====
Some of the standard commands are provided as separate ports for ease
of upgrading:

devel/ruby-gems: gem - RubyGems package manager
devel/rubygem-rake: rake - Ruby Make

And some of the standard libraries are provided as separate ports
since they require extra dependencies:

databases/ruby-gdbm: GDBM module

Install them as occasion demands.
====
Message from ctags-5.8:

**************************************************************************
The executable for Exuberant CTAGS is installed as /usr/local/bin/exctags
**************************************************************************

  Installation of the tools is now compleeted, now we install the Webserver Apache v2.4
$ sudo pkg install apache24
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
apache24: 2.4.29
apr: 1.6.3.1.6.1
db5: 5.3.28_6

Number of packages to be installed: 3

The process will require 76 MiB more space.
17 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/3] Fetching apache24-2.4.29.txz:   0%
[1/3] Fetching apache24-2.4.29.txz:  15%  752 KiB 770.1kB/s    00:05 ETA
[1/3] Fetching apache24-2.4.29.txz:  79%    4 MiB   3.3MB/s    00:00 ETA
[1/3] Fetching apache24-2.4.29.txz:  99%    5 MiB   1.0MB/s    00:00 ETA
[1/3] Fetching apache24-2.4.29.txz: 100%    5 MiB   1.7MB/s    00:03   
[2/3] Fetching apr-1.6.3.1.6.1.txz:   0%
[2/3] Fetching apr-1.6.3.1.6.1.txz: 100%  453 KiB 464.2kB/s    00:01   
[3/3] Fetching db5-5.3.28_6.txz:   0%
[3/3] Fetching db5-5.3.28_6.txz:   5%  640 KiB 655.4kB/s    00:18 ETA
[3/3] Fetching db5-5.3.28_6.txz:  22%    3 MiB   2.2MB/s    00:06 ETA
[3/3] Fetching db5-5.3.28_6.txz:  48%    6 MiB   3.3MB/s    00:02 ETA
[3/3] Fetching db5-5.3.28_6.txz:  74%    9 MiB   3.4MB/s    00:01 ETA
[3/3] Fetching db5-5.3.28_6.txz: 100%   12 MiB   3.2MB/s    00:04   
Checking integrity... done (0 conflicting)
[1/3] Installing db5-5.3.28_6...
[1/3] Extracting db5-5.3.28_6:   0%
[1/3] Extracting db5-5.3.28_6: 100%
[2/3] Installing apr-1.6.3.1.6.1...
[2/3] Extracting apr-1.6.3.1.6.1:   0%
[2/3] Extracting apr-1.6.3.1.6.1: 100%
[3/3] Installing apache24-2.4.29...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
Extracting apache24-2.4.29:   0%
Extracting apache24-2.4.29: 100%
Message from apr-1.6.3.1.6.1:

/!\ ================================================================== /!\

The Apache Portable Runtime project removed support for FreeTDS with
version 1.6. Users requiring MS-SQL connectivity must migrate
configurations to use the added ODBC driver and FreeTDS' ODBC features.

/!\ ================================================================== /!\
Message from apache24-2.4.29:

To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  Now we need to set Apache to start automatically on reboots
$ sudo sysrc apache24_enable=YES
apache24_enable:  -> YES

 Now we have to set the default production configuration for the Apache web server
$ sudo cp /usr/local/etc/apache24/httpd.conf.sample /usr/local/etc/apache24/httpd.conf

 Now we can start the web server
$ sudo service apache24 start
Performing sanity check on apache24 configuration:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Starting apache24.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message

 This is a common error since we have not configured DNS or Domain of the FreeBSD Server as this is handled by an external system you do not need to do this for this guide and can be ignored for now

 Now we need to install PHP and PHP Extension modules
$ sudo pkg install php71 php71-extensions mod_php71 php71-mysqli php71-gd php71-curl php71-zlib php71-zip php71-pdo_mysql php71-openssl php71-gmp php71-ldap php71-exif php71-fileinfo php71-mbstring php71-bcmath php71-bz2 php71-mcrypt php71-intl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 43 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
php71: 7.1.15
php71-extensions: 1.0
mod_php71: 7.1.15
php71-mysqli: 7.1.15
php71-gd: 7.1.15
php71-curl: 7.1.15
php71-zlib: 7.1.15
php71-zip: 7.1.15
php71-pdo_mysql: 7.1.15
php71-openssl: 7.1.15
php71-gmp: 7.1.15
php71-ldap: 7.1.15
php71-exif: 7.1.15
php71-fileinfo: 7.1.15
php71-mbstring: 7.1.15
php71-bcmath: 7.1.15
php71-bz2: 7.1.15
php71-mcrypt: 7.1.15
php71-intl: 7.1.15
php71-session: 7.1.15
php71-opcache: 7.1.15
php71-xmlwriter: 7.1.15
php71-xmlreader: 7.1.15
php71-dom: 7.1.15
php71-xml: 7.1.15
php71-simplexml: 7.1.15
php71-ctype: 7.1.15
php71-posix: 7.1.15
php71-hash: 7.1.15
php71-filter: 7.1.15
php71-tokenizer: 7.1.15
php71-json: 7.1.15
php71-sqlite3: 7.1.15
php71-pdo_sqlite: 7.1.15
php71-pdo: 7.1.15
php71-iconv: 7.1.15
php71-phar: 7.1.15
libzip: 1.3.2
openldap-client: 2.4.45
oniguruma6: 6.6.1
libmcrypt: 2.5.8_3
libltdl: 2.4.6
icu: 60.2_1,1

Number of packages to be installed: 43

The process will require 91 MiB more space.
17 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/43] Fetching php71-7.1.15.txz:   0%
[1/43] Fetching php71-7.1.15.txz:   1%   64 KiB  65.5kB/s    00:49 ETA
[1/43] Fetching php71-7.1.15.txz:  60%    2 MiB   1.9MB/s    00:01 ETA
[1/43] Fetching php71-7.1.15.txz: 100%    3 MiB   1.7MB/s    00:02   
[2/43] Fetching php71-extensions-1.0.txz:   0%
[2/43] Fetching php71-extensions-1.0.txz: 100%    1 KiB   1.1kB/s    00:01   
[3/43] Fetching mod_php71-7.1.15.txz:   0%
[3/43] Fetching mod_php71-7.1.15.txz:  13%  160 KiB 163.8kB/s    00:06 ETA
[3/43] Fetching mod_php71-7.1.15.txz: 100%    1 MiB   1.2MB/s    00:01   
[4/43] Fetching php71-mysqli-7.1.15.txz:   0%
[4/43] Fetching php71-mysqli-7.1.15.txz:  40%   16 KiB  16.4kB/s    00:01 ETA
[4/43] Fetching php71-mysqli-7.1.15.txz: 100%   39 KiB  40.2kB/s    00:01   
[5/43] Fetching php71-gd-7.1.15.txz:   0%
[5/43] Fetching php71-gd-7.1.15.txz: 100%  128 KiB 131.1kB/s    00:01   
[6/43] Fetching php71-curl-7.1.15.txz:   0%
[6/43] Fetching php71-curl-7.1.15.txz: 100%   27 KiB  27.8kB/s    00:01   
[7/43] Fetching php71-zlib-7.1.15.txz:   0%
[7/43] Fetching php71-zlib-7.1.15.txz: 100%   17 KiB  17.6kB/s    00:01   
[8/43] Fetching php71-zip-7.1.15.txz:   0%
[8/43] Fetching php71-zip-7.1.15.txz: 100%   20 KiB  20.4kB/s    00:01   
[9/43] Fetching php71-pdo_mysql-7.1.15.txz:   0%
[9/43] Fetching php71-pdo_mysql-7.1.15.txz: 100%   16 KiB  16.3kB/s    00:01   
[10/43] Fetching php71-openssl-7.1.15.txz:   0%
[10/43] Fetching php71-openssl-7.1.15.txz: 100%   53 KiB  54.0kB/s    00:01   
[11/43] Fetching php71-gmp-7.1.15.txz:   0%
[11/43] Fetching php71-gmp-7.1.15.txz: 100%   18 KiB  18.2kB/s    00:01   
[12/43] Fetching php71-ldap-7.1.15.txz:   0%
[12/43] Fetching php71-ldap-7.1.15.txz: 100%   20 KiB  20.7kB/s    00:01   
[13/43] Fetching php71-exif-7.1.15.txz:   0%
[13/43] Fetching php71-exif-7.1.15.txz: 100%   24 KiB  24.9kB/s    00:01   
[14/43] Fetching php71-fileinfo-7.1.15.txz:   0%
[14/43] Fetching php71-fileinfo-7.1.15.txz: 100%  203 KiB 208.1kB/s    00:01   
[15/43] Fetching php71-mbstring-7.1.15.txz:   0%
[15/43] Fetching php71-mbstring-7.1.15.txz:  10%   72 KiB  73.7kB/s    00:08 ETA
[15/43] Fetching php71-mbstring-7.1.15.txz: 100%  715 KiB 732.6kB/s    00:01   
[16/43] Fetching php71-bcmath-7.1.15.txz:   0%
[16/43] Fetching php71-bcmath-7.1.15.txz: 100%   20 KiB  20.3kB/s    00:01   
[17/43] Fetching php71-bz2-7.1.15.txz:   0%
[17/43] Fetching php71-bz2-7.1.15.txz: 100%   11 KiB  10.9kB/s    00:01   
[18/43] Fetching php71-mcrypt-7.1.15.txz:   0%
[18/43] Fetching php71-mcrypt-7.1.15.txz: 100%   15 KiB  14.9kB/s    00:01   
[19/43] Fetching php71-intl-7.1.15.txz:   0%
[19/43] Fetching php71-intl-7.1.15.txz: 100%  118 KiB 120.7kB/s    00:01   
[20/43] Fetching php71-session-7.1.15.txz:   0%
[20/43] Fetching php71-session-7.1.15.txz: 100%   32 KiB  32.8kB/s    00:01   
[21/43] Fetching php71-opcache-7.1.15.txz:   0%
[21/43] Fetching php71-opcache-7.1.15.txz: 100%  144 KiB 147.2kB/s    00:01   
[22/43] Fetching php71-xmlwriter-7.1.15.txz:   0%
[22/43] Fetching php71-xmlwriter-7.1.15.txz: 100%   13 KiB  13.1kB/s    00:01   
[23/43] Fetching php71-xmlreader-7.1.15.txz:   0%
[23/43] Fetching php71-xmlreader-7.1.15.txz: 100%   13 KiB  12.9kB/s    00:01   
[24/43] Fetching php71-dom-7.1.15.txz:   0%
[24/43] Fetching php71-dom-7.1.15.txz: 100%   54 KiB  55.0kB/s    00:01   
[25/43] Fetching php71-xml-7.1.15.txz:   0%
[25/43] Fetching php71-xml-7.1.15.txz:  81%   16 KiB  16.4kB/s    00:00 ETA
[25/43] Fetching php71-xml-7.1.15.txz: 100%   20 KiB  20.2kB/s    00:01   
[26/43] Fetching php71-simplexml-7.1.15.txz:   0%
[26/43] Fetching php71-simplexml-7.1.15.txz: 100%   22 KiB  23.0kB/s    00:01   
[27/43] Fetching php71-ctype-7.1.15.txz:   0%
[27/43] Fetching php71-ctype-7.1.15.txz: 100%    6 KiB   6.5kB/s    00:01   
[28/43] Fetching php71-posix-7.1.15.txz:   0%
[28/43] Fetching php71-posix-7.1.15.txz: 100%   11 KiB  11.4kB/s    00:01   
[29/43] Fetching php71-hash-7.1.15.txz:   0%
[29/43] Fetching php71-hash-7.1.15.txz: 100%  118 KiB 121.2kB/s    00:01   
[30/43] Fetching php71-filter-7.1.15.txz:   0%
[30/43] Fetching php71-filter-7.1.15.txz:  85%   16 KiB  16.4kB/s    00:00 ETA
[30/43] Fetching php71-filter-7.1.15.txz: 100%   19 KiB  19.2kB/s    00:01   
[31/43] Fetching php71-tokenizer-7.1.15.txz:   0%
[31/43] Fetching php71-tokenizer-7.1.15.txz: 100%    9 KiB   8.8kB/s    00:01   
[32/43] Fetching php71-json-7.1.15.txz:   0%
[32/43] Fetching php71-json-7.1.15.txz: 100%   19 KiB  19.8kB/s    00:01   
[33/43] Fetching php71-sqlite3-7.1.15.txz:   0%
[33/43] Fetching php71-sqlite3-7.1.15.txz: 100%   18 KiB  18.0kB/s    00:01   
[34/43] Fetching php71-pdo_sqlite-7.1.15.txz:   0%
[34/43] Fetching php71-pdo_sqlite-7.1.15.txz: 100%   12 KiB  12.1kB/s    00:01   
[35/43] Fetching php71-pdo-7.1.15.txz:   0%
[35/43] Fetching php71-pdo-7.1.15.txz: 100%   43 KiB  44.5kB/s    00:01   
[36/43] Fetching php71-iconv-7.1.15.txz:   0%
[36/43] Fetching php71-iconv-7.1.15.txz:  90%   16 KiB  16.4kB/s    00:00 ETA
[36/43] Fetching php71-iconv-7.1.15.txz: 100%   18 KiB  18.2kB/s    00:01   
[37/43] Fetching php71-phar-7.1.15.txz:   0%
[37/43] Fetching php71-phar-7.1.15.txz: 100%  102 KiB 104.6kB/s    00:01   
[38/43] Fetching libzip-1.3.2.txz:   0%
[38/43] Fetching libzip-1.3.2.txz:  82%  192 KiB 196.6kB/s    00:00 ETA
[38/43] Fetching libzip-1.3.2.txz: 100%  232 KiB 238.0kB/s    00:01   
[39/43] Fetching openldap-client-2.4.45.txz:   0%
[39/43] Fetching openldap-client-2.4.45.txz:  52%  536 KiB 548.9kB/s    00:00 ETA
[39/43] Fetching openldap-client-2.4.45.txz: 100%    1 MiB   1.1MB/s    00:01   
[40/43] Fetching oniguruma6-6.6.1.txz:   0%
[40/43] Fetching oniguruma6-6.6.1.txz:  97%  232 KiB 237.6kB/s    00:00 ETA
[40/43] Fetching oniguruma6-6.6.1.txz: 100%  237 KiB 242.8kB/s    00:01   
[41/43] Fetching libmcrypt-2.5.8_3.txz:   0%
[41/43] Fetching libmcrypt-2.5.8_3.txz: 100%  115 KiB 118.0kB/s    00:01   
[42/43] Fetching libltdl-2.4.6.txz:   0%
[42/43] Fetching libltdl-2.4.6.txz: 100%   36 KiB  37.0kB/s    00:01   
[43/43] Fetching icu-60.2_1,1.txz:   0%
[43/43] Fetching icu-60.2_1,1.txz:   1%   96 KiB  98.3kB/s    01:38 ETA
[43/43] Fetching icu-60.2_1,1.txz:  13%    1 MiB   1.2MB/s    00:11 ETA
[43/43] Fetching icu-60.2_1,1.txz:  42%    4 MiB   2.9MB/s    00:02 ETA
[43/43] Fetching icu-60.2_1,1.txz:  76%    7 MiB   3.4MB/s    00:01 ETA
[43/43] Fetching icu-60.2_1,1.txz: 100%    9 MiB   2.5MB/s    00:04   
Checking integrity... done (0 conflicting)
[1/43] Installing php71-7.1.15...
[1/43] Extracting php71-7.1.15:   0%
[1/43] Extracting php71-7.1.15: 100%
[2/43] Installing php71-dom-7.1.15...
[2/43] Extracting php71-dom-7.1.15:   0%
[2/43] Extracting php71-dom-7.1.15: 100%
[3/43] Installing php71-hash-7.1.15...
[3/43] Extracting php71-hash-7.1.15:   0%
[3/43] Extracting php71-hash-7.1.15: 100%
[4/43] Installing php71-pdo-7.1.15...
[4/43] Extracting php71-pdo-7.1.15:   0%
[4/43] Extracting php71-pdo-7.1.15: 100%
[5/43] Installing php71-session-7.1.15...
[5/43] Extracting php71-session-7.1.15:   0%
[5/43] Extracting php71-session-7.1.15: 100%
[6/43] Installing php71-opcache-7.1.15...
[6/43] Extracting php71-opcache-7.1.15:   0%
[6/43] Extracting php71-opcache-7.1.15: 100%
[7/43] Installing php71-xmlwriter-7.1.15...
[7/43] Extracting php71-xmlwriter-7.1.15:   0%
[7/43] Extracting php71-xmlwriter-7.1.15: 100%
[8/43] Installing php71-xmlreader-7.1.15...
[8/43] Extracting php71-xmlreader-7.1.15:   0%
[8/43] Extracting php71-xmlreader-7.1.15: 100%
[9/43] Installing php71-xml-7.1.15...
[9/43] Extracting php71-xml-7.1.15:   0%
[9/43] Extracting php71-xml-7.1.15: 100%
[10/43] Installing php71-simplexml-7.1.15...
[10/43] Extracting php71-simplexml-7.1.15:   0%
[10/43] Extracting php71-simplexml-7.1.15: 100%
[11/43] Installing php71-ctype-7.1.15...
[11/43] Extracting php71-ctype-7.1.15:   0%
[11/43] Extracting php71-ctype-7.1.15: 100%
[12/43] Installing php71-posix-7.1.15...
[12/43] Extracting php71-posix-7.1.15:   0%
[12/43] Extracting php71-posix-7.1.15: 100%
[13/43] Installing php71-filter-7.1.15...
[13/43] Extracting php71-filter-7.1.15:   0%
[13/43] Extracting php71-filter-7.1.15: 100%
[14/43] Installing php71-tokenizer-7.1.15...
[14/43] Extracting php71-tokenizer-7.1.15:   0%
[14/43] Extracting php71-tokenizer-7.1.15: 100%
[15/43] Installing php71-json-7.1.15...
[15/43] Extracting php71-json-7.1.15:   0%
[15/43] Extracting php71-json-7.1.15: 100%
[16/43] Installing php71-sqlite3-7.1.15...
[16/43] Extracting php71-sqlite3-7.1.15:   0%
[16/43] Extracting php71-sqlite3-7.1.15: 100%
[17/43] Installing php71-pdo_sqlite-7.1.15...
[17/43] Extracting php71-pdo_sqlite-7.1.15:   0%
[17/43] Extracting php71-pdo_sqlite-7.1.15: 100%
[18/43] Installing php71-iconv-7.1.15...
[18/43] Extracting php71-iconv-7.1.15:   0%
[18/43] Extracting php71-iconv-7.1.15: 100%
[19/43] Installing php71-phar-7.1.15...
[19/43] Extracting php71-phar-7.1.15:   0%
[19/43] Extracting php71-phar-7.1.15: 100%
[20/43] Installing libzip-1.3.2...
[20/43] Extracting libzip-1.3.2:   0%
[20/43] Extracting libzip-1.3.2: 100%
[21/43] Installing openldap-client-2.4.45...
[21/43] Extracting openldap-client-2.4.45:   0%
[21/43] Extracting openldap-client-2.4.45: 100%
[22/43] Installing oniguruma6-6.6.1...
[22/43] Extracting oniguruma6-6.6.1:   0%
[22/43] Extracting oniguruma6-6.6.1: 100%
[23/43] Installing libmcrypt-2.5.8_3...
[23/43] Extracting libmcrypt-2.5.8_3:   0%
[23/43] Extracting libmcrypt-2.5.8_3: 100%
[24/43] Installing libltdl-2.4.6...
[24/43] Extracting libltdl-2.4.6:   0%
[24/43] Extracting libltdl-2.4.6: 100%
[25/43] Installing icu-60.2_1,1...
[25/43] Extracting icu-60.2_1,1:   0%
[25/43] Extracting icu-60.2_1,1: 100%
[26/43] Installing php71-extensions-1.0...
[27/43] Installing mod_php71-7.1.15...
[27/43] Extracting mod_php71-7.1.15:   0%
[27/43] Extracting mod_php71-7.1.15: 100%
[activating module `php7' in /usr/local/etc/apache24/httpd.conf]
[28/43] Installing php71-mysqli-7.1.15...
[28/43] Extracting php71-mysqli-7.1.15:   0%
[28/43] Extracting php71-mysqli-7.1.15: 100%
[29/43] Installing php71-gd-7.1.15...
[29/43] Extracting php71-gd-7.1.15:   0%
[29/43] Extracting php71-gd-7.1.15: 100%
[30/43] Installing php71-curl-7.1.15...
[30/43] Extracting php71-curl-7.1.15:   0%
[30/43] Extracting php71-curl-7.1.15: 100%
[31/43] Installing php71-zlib-7.1.15...
[31/43] Extracting php71-zlib-7.1.15:   0%
[31/43] Extracting php71-zlib-7.1.15: 100%
[32/43] Installing php71-zip-7.1.15...
[32/43] Extracting php71-zip-7.1.15:   0%
[32/43] Extracting php71-zip-7.1.15: 100%
[33/43] Installing php71-pdo_mysql-7.1.15...
[33/43] Extracting php71-pdo_mysql-7.1.15:   0%
[33/43] Extracting php71-pdo_mysql-7.1.15: 100%
[34/43] Installing php71-openssl-7.1.15...
[34/43] Extracting php71-openssl-7.1.15:   0%
[34/43] Extracting php71-openssl-7.1.15: 100%
[35/43] Installing php71-gmp-7.1.15...
[35/43] Extracting php71-gmp-7.1.15:   0%
[35/43] Extracting php71-gmp-7.1.15: 100%
[36/43] Installing php71-ldap-7.1.15...
[36/43] Extracting php71-ldap-7.1.15:   0%
[36/43] Extracting php71-ldap-7.1.15: 100%
[37/43] Installing php71-exif-7.1.15...
[37/43] Extracting php71-exif-7.1.15:   0%
[37/43] Extracting php71-exif-7.1.15: 100%
[38/43] Installing php71-fileinfo-7.1.15...
[38/43] Extracting php71-fileinfo-7.1.15:   0%
[38/43] Extracting php71-fileinfo-7.1.15: 100%
[39/43] Installing php71-mbstring-7.1.15...
[39/43] Extracting php71-mbstring-7.1.15:   0%
[39/43] Extracting php71-mbstring-7.1.15: 100%
[40/43] Installing php71-bcmath-7.1.15...
[40/43] Extracting php71-bcmath-7.1.15:   0%
[40/43] Extracting php71-bcmath-7.1.15: 100%
[41/43] Installing php71-bz2-7.1.15...
[41/43] Extracting php71-bz2-7.1.15:   0%
[41/43] Extracting php71-bz2-7.1.15: 100%
[42/43] Installing php71-mcrypt-7.1.15...
[42/43] Extracting php71-mcrypt-7.1.15:   0%
[42/43] Extracting php71-mcrypt-7.1.15: 100%
[43/43] Installing php71-intl-7.1.15...
Extracting php71-intl-7.1.15:   0%
Extracting php71-intl-7.1.15: 100%
Message from openldap-client-2.4.45:

************************************************************

The OpenLDAP client package has been successfully installed.

Edit
  /usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.

Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
  http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.

************************************************************
Message from libmcrypt-2.5.8_3:

===>   NOTICE:

The libmcrypt port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from mod_php71-7.1.15:

***************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

*********************************************************************

If you are building PHP-based ports in poudriere(8) with ZTS enabled,
add WITH_MPM=event to /etc/make.conf to prevent build failures.

*********************************************************************
 
 Now we need to configure the production configuration of PHP
$ sudo cp /usr/local/etc/php.ini-production  /usr/local/etc/php.ini
$ sudo nano /usr/local/etc/php-fpm.d/www.conf
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr/local) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = www
group = www

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
; listen = 127.0.0.1:9000
listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0660

; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = www
;listen.group = www
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1

; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
;       - The pool processes will inherit the master process priority
;         unless it specified otherwise
; Default Value: no set
; process.priority = -19

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives. With this process management, there will be
;             always at least 1 children.
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
;  ondemand - no children are created at startup. Children will be forked when
;             new requests will connect. The following parameter are used:
;             pm.max_children           - the maximum number of children that
;                                         can be alive at the same time.
;             pm.process_idle_timeout   - The number of seconds after which
;                                         an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
;   pool                 - the name of the pool;
;   process manager      - static, dynamic or ondemand;
;   start time           - the date and time FPM has started;
;   start since          - number of seconds since FPM has started;
;   accepted conn        - the number of request accepted by the pool;
;   listen queue         - the number of request in the queue of pending
;                          connections (see backlog in listen(2));
;   max listen queue     - the maximum number of requests in the queue
;                          of pending connections since FPM has started;
;   listen queue len     - the size of the socket queue of pending connections;
;   idle processes       - the number of idle processes;
;   active processes     - the number of active processes;
;   total processes      - the number of idle + active processes;
;   max active processes - the maximum number of active processes since FPM
;                          has started;
;   max children reached - number of times, the process limit has been reached,
;                          when pm tries to start more children (works only for
;                          pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
;   pool:                 www
;   process manager:      static
;   start time:           01/Jul/2011:17:53:49 +0200
;   start since:          62636
;   accepted conn:        190460
;   listen queue:         0
;   max listen queue:     1
;   listen queue len:     42
;   idle processes:       4
;   active processes:     11
;   total processes:      15
;   max active processes: 12
;   max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
;   http://www.foo.bar/status
;   http://www.foo.bar/status?json
;   http://www.foo.bar/status?html
;   http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
;   http://www.foo.bar/status?full
;   http://www.foo.bar/status?json&full
;   http://www.foo.bar/status?html&full
;   http://www.foo.bar/status?xml&full
; The Full status returns for each process:
;   pid                  - the PID of the process;
;   state                - the state of the process (Idle, Running, ...);
;   start time           - the date and time the process has started;
;   start since          - the number of seconds since the process has started;
;   requests             - the number of requests the process has served;
;   request duration     - the duration in µs of the requests;
;   request method       - the request method (GET, POST, ...);
;   request URI          - the request URI with the query string;
;   content length       - the content length of the request (only with POST);
;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
;   script               - the main script called (or '-' if not set);
;   last request cpu     - the %cpu the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because CPU calculation is done when the request
;                          processing has terminated;
;   last request memory  - the max amount of memory the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because memory calculation is done when the request
;                          processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
;   ************************
;   pid:                  31330
;   state:                Running
;   start time:           01/Jul/2011:17:53:49 +0200
;   start since:          63087
;   requests:             12808
;   request duration:     1250261
;   request method:       GET
;   request URI:          /test_mem.php?N=10000
;   content length:       0
;   user:                 -
;   script:               /home/fat/web/docs/php/test_mem.php
;   last request cpu:     0.00
;   last request memory:  0
;
; Note: There is a real-time FPM status monitoring sample web page available
;       It's available in: /usr/local/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong

; The access log file
; Default: not set
;access.log = log/$pool.access.log

; The access log format.
; The following syntax is allowed
;  %%: the '%' character
;  %C: %CPU used by the request
;      it can accept the following format:
;      - %{user}C for user CPU only
;      - %{system}C for system CPU only
;      - %{total}C  for user + system CPU (default)
;  %d: time taken to serve the request
;      it can accept the following format:
;      - %{seconds}d (default)
;      - %{miliseconds}d
;      - %{mili}d
;      - %{microseconds}d
;      - %{micro}d
;  %e: an environment variable (same as $_ENV or $_SERVER)
;      it must be associated with embraces to specify the name of the env
;      variable. Some exemples:
;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
;  %f: script filename
;  %l: content-length of the request (for POST request only)
;  %m: request method
;  %M: peak of memory allocated by PHP
;      it can accept the following format:
;      - %{bytes}M (default)
;      - %{kilobytes}M
;      - %{kilo}M
;      - %{megabytes}M
;      - %{mega}M
;  %n: pool name
;  %o: output header
;      it must be associated with embraces to specify the name of the header:
;      - %{Content-Type}o
;      - %{X-Powered-By}o
;      - %{Transfert-Encoding}o
;      - ....
;  %p: PID of the child that serviced the request
;  %P: PID of the parent of the child that serviced the request
;  %q: the query string
;  %Q: the '?' character if query string exists
;  %r: the request URI (without the query string, see %q and %Q)
;  %R: remote IP address
;  %s: status (response code)
;  %t: server time the request was received
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %T: time the log has been written (the request has finished)
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =

; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes

; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'.
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr/local)

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M


 Set PHP to run at bootup
$ sudo sysrc php_fpm_enable=YES
php_fpm_enable:  -> YES

 Start PHP
$ sudo service php-fpm start
Performing sanity check on php-fpm configuration:
[28-Mar-2018 12:37:47] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

Starting php_fpm.

 Set the PHP Configuration for Apache webserver
$ sudo nano /usr/local/etc/apache24/Includes/php.conf
<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>


 Now we need to enable the PHP modules in Apache webserver
$ sudo nano /usr/local/etc/apache24/httpd.conf
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned. 
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/usr/local"

#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/var/run

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
#LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
#LoadModule cache_module libexec/apache24/mod_cache.so
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
#LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
#LoadModule macro_module libexec/apache24/mod_macro.so
#LoadModule dbd_module libexec/apache24/mod_dbd.so
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
#LoadModule buffer_module libexec/apache24/mod_buffer.so
#LoadModule data_module libexec/apache24/mod_data.so
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
#LoadModule request_module libexec/apache24/mod_request.so
#LoadModule include_module libexec/apache24/mod_include.so
LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule reflector_module libexec/apache24/mod_reflector.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so
#LoadModule logio_module libexec/apache24/mod_logio.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
#LoadModule proxy_module libexec/apache24/mod_proxy.so
#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
#LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
#LoadModule session_module libexec/apache24/mod_session.so
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
#LoadModule dialup_module libexec/apache24/mod_dialup.so
#LoadModule http2_module libexec/apache24/mod_http2.so
#LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so
#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so
#LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
#LoadModule asis_module libexec/apache24/mod_asis.so
#LoadModule info_module libexec/apache24/mod_info.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
#LoadModule negotiation_module libexec/apache24/mod_negotiation.so
LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule speling_module libexec/apache24/mod_speling.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
#LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule php7_module        libexec/apache24/libphp7.so

<IfModule php7_module>
        AddType application/x-httpd-php .php
</IfModule>

# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
 
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch. 
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www
Group www

</IfModule>

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
ServerAdmin you@example.com

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
    Require all denied
</Files>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd-error.log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "/var/log/httpd-access.log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "/var/log/httpd-access.log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    #Scriptsock cgisock
</IfModule>

#
# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/www/apache24/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA
    #
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig etc/apache24/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile etc/apache24/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited

#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on

# Supplemental configuration
#
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.

# Server-pool management (MPM specific)
#Include etc/apache24/extra/httpd-mpm.conf

# Multi-language error messages
#Include etc/apache24/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
#Include etc/apache24/extra/httpd-autoindex.conf

# Language settings
#Include etc/apache24/extra/httpd-languages.conf

# User home directories
#Include etc/apache24/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include etc/apache24/extra/httpd-info.conf

# Virtual hosts
#Include etc/apache24/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include etc/apache24/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include etc/apache24/extra/httpd-dav.conf

# Various default settings
#Include etc/apache24/extra/httpd-default.conf

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include etc/apache24/extra/proxy-html.conf
</IfModule>

# Secure (SSL/TLS) connections
#Include etc/apache24/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

Include etc/apache24/Includes/*.conf



 Now we need to create a PHP Info \ Diagnostics page to check if all is working correctly
$ sudo nano /usr/local/www/apache24/data/phpinfo.php
<?php phpinfo();  ?>


 Now we need to restart Apache Web server since we have done alot of configuration changes that needs to be reloaded
$ sudo service apache24 restart
Performing sanity check on apache24 configuration:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Stopping apache24.
Waiting for PIDS: 5585.
Performing sanity check on apache24 configuration:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Starting apache24.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message
 
 Test web server, open a web browser and test both IP and DNS access: http://192.168.55.30/phpinfo.php and http://server.it-monkey.lan/phpinfo.php
 Now that you have checked that everything is working correctly whit Apache and PHP, it is time to install and configure the Database server mySQL v5.7

 $ sudo pkg install mysql57-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
mysql57-server: 5.7.21
cyrus-sasl: 2.1.26_12
protobuf: 3.5.1
libevent: 2.1.8_1
mysql57-client: 5.7.21
liblz4: 1.8.0,1

Number of packages to be installed: 6

The process will require 211 MiB more space.
19 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/6] Fetching mysql57-server-5.7.21.txz:   0%
[1/6] Fetching mysql57-server-5.7.21.txz:   7%    1 MiB   1.1MB/s    00:12 ETA
[1/6] Fetching mysql57-server-5.7.21.txz:  29%    4 MiB   3.1MB/s    00:04 ETA
[1/6] Fetching mysql57-server-5.7.21.txz:  53%    7 MiB   3.4MB/s    00:02 ETA
[1/6] Fetching mysql57-server-5.7.21.txz:  77%   11 MiB   3.5MB/s    00:01 ETA
[1/6] Fetching mysql57-server-5.7.21.txz: 100%   14 MiB   3.6MB/s    00:04   
[2/6] Fetching cyrus-sasl-2.1.26_12.txz:   0%
[2/6] Fetching cyrus-sasl-2.1.26_12.txz: 100%  474 KiB 485.2kB/s    00:01   
[3/6] Fetching protobuf-3.5.1.txz:   0%
[3/6] Fetching protobuf-3.5.1.txz:  31%  752 KiB 770.1kB/s    00:02 ETA
[3/6] Fetching protobuf-3.5.1.txz: 100%    2 MiB   2.5MB/s    00:01   
[4/6] Fetching libevent-2.1.8_1.txz:   0%
[4/6] Fetching libevent-2.1.8_1.txz:  10%   32 KiB  32.8kB/s    00:08 ETA
[4/6] Fetching libevent-2.1.8_1.txz: 100%  305 KiB 311.9kB/s    00:01   
[5/6] Fetching mysql57-client-5.7.21.txz:   0%
[5/6] Fetching mysql57-client-5.7.21.txz:  10%  192 KiB 196.6kB/s    00:08 ETA
[5/6] Fetching mysql57-client-5.7.21.txz:  96%    2 MiB   1.7MB/s    00:00 ETA
[5/6] Fetching mysql57-client-5.7.21.txz: 100%    2 MiB 963.5kB/s    00:02   
[6/6] Fetching liblz4-1.8.0,1.txz:   0%
[6/6] Fetching liblz4-1.8.0,1.txz: 100%   98 KiB 100.8kB/s    00:01   
Checking integrity... done (0 conflicting)
[1/6] Installing cyrus-sasl-2.1.26_12...
*** Added group `cyrus' (id 60)
*** Added user `cyrus' (id 60)
[1/6] Extracting cyrus-sasl-2.1.26_12:   0%
[1/6] Extracting cyrus-sasl-2.1.26_12: 100%
[2/6] Installing protobuf-3.5.1...
[2/6] Extracting protobuf-3.5.1:   0%
[2/6] Extracting protobuf-3.5.1: 100%
[3/6] Installing libevent-2.1.8_1...
[3/6] Extracting libevent-2.1.8_1:   0%
[3/6] Extracting libevent-2.1.8_1: 100%
[4/6] Installing liblz4-1.8.0,1...
[4/6] Extracting liblz4-1.8.0,1:   0%
[4/6] Extracting liblz4-1.8.0,1: 100%
[5/6] Installing mysql57-client-5.7.21...
[5/6] Extracting mysql57-client-5.7.21:   0%
[5/6] Extracting mysql57-client-5.7.21: 100%
[6/6] Installing mysql57-server-5.7.21...
===> Creating groups.
Creating group 'mysql' with gid '88'.
===> Creating users
Creating user 'mysql' with uid '88'.
Extracting mysql57-server-5.7.21:   0%
Extracting mysql57-server-5.7.21: 100%
Message from cyrus-sasl-2.1.26_12:

You can use sasldb2 for authentication, to add users use:

saslpasswd2 -c username

If you want to enable SMTP AUTH with the system Sendmail, read
Sendmail.README

NOTE: This port has been compiled with a default pwcheck_method of
      auxprop.  If you want to authenticate your user by /etc/passwd,
      PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and
      set sasl_pwcheck_method to saslauthd after installing the
      Cyrus-IMAPd 2.X port.  You should also check the
      /usr/local/lib/sasl2/*.conf files for the correct
      pwcheck_method.
      If you want to use GSSAPI mechanism, install
      ports/security/cyrus-sasl2-gssapi.
      If you want to use SRP mechanism, install
      ports/security/cyrus-sasl2-srp.
      If you want to use LDAP auxprop plugin, install
      ports/security/cyrus-sasl2-ldapdb.
Message from mysql57-client-5.7.21:

* * * * * * * * * * * * * * * * * * * * * * * *

This is the mysql CLIENT without the server.
for complete server and client, please install databases/mysql57-server

* * * * * * * * * * * * * * * * * * * * * * * *
Message from mysql57-server-5.7.21:

*****************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

*****************************************************************************
 Set mySQL to automaticly start at Bootup

 $ sudo sysrc mysql_enable=YES
mysql_enable:  -> YES

Start mySQL Server

 $ sudo service mysql-server start
Starting mysql.

 Secure the Database SQL Server
$ sudo mysql_secure_installation
mysql_secure_installation: [ERROR] unknown variable 'prompt=\u@\h [\d]>\_'

Securing the MySQL server deployment.

Connecting to MySQL server using password in '/root/.mysql_secret'

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y

New password: MySexyPassword123.

Re-enter new password: MySexyPassword123.

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Open mySQL Server to create the needed Databases and access that is required by OwnCloud

 $ sudo mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.21-log

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'MySexyPassword123.';
Query OK, 0 rows affected (0.01 sec)

root@localhost [(none)]> CREATE DATABASE ownclouddb;
Query OK, 1 row affected (0.01 sec)

root@localhost [(none)]> CREATE USER ocadmin@localhost IDENTIFIED BY 'MySexyPassword123.';
Query OK, 0 rows affected (0.00 sec)

root@localhost [(none)]> GRANT ALL PRIVILEGES ON ownclouddb.* TO 'ocadmin'@'localhost';
Query OK, 0 rows affected (0.00 sec)

root@localhost [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)

root@localhost [(none)]> EXIT;
Bye

 Now we have done the minimum FAMP configuration for OwnCloud to run on FreeBSD,now we are just missing a few enviornment configuratuions before installing the OwnCloud package. We start by creating the SSL Certs so we can use HTTPS connection for accessing the server
$ sudo mkdir -p /usr/local/etc/ssl/self-cert/owncloud/
$ cd /usr/local/etc/ssl/self-cert/owncloud/
$ sudo openssl req -config /etc/ssl/openssl.cnf -new -out /usr/local/etc/ssl/self-cert/owncloud/owncloud.csr -keyout /usr/local/etc/ssl/self-cert/owncloud/owncloud.pem
Generating a 2048 bit RSA private key
.+++
...+++
writing new private key to '/usr/local/etc/ssl/self-cert/owncloud/owncloud.pem'
Enter PEM pass phrase: MySexyPassword123.
Verifying - Enter PEM pass phrase: MySexyPassword123.
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:NO
State or Province Name (full name) [Some-State]:Buskerud
Locality Name (eg, city) []:Drammen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT-Monkey
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:server.it-monkey.lan
Email Address []:admin@it-monkey.lan

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:MySexyPassword123.
An optional company name []:IT-Monkey

$ sudo openssl rsa -in /usr/local/etc/ssl/self-cert/owncloud/owncloud.pem -out /usr/local/etc/ssl/self-cert/owncloud/owncloud.key
Enter pass phrase for /usr/local/etc/ssl/self-cert/owncloud/owncloud.pem:
writing RSA key

$ sudo openssl x509 -in /usr/local/etc/ssl/self-cert/owncloud/owncloud.csr -out /usr/local/etc/ssl/self-cert/owncloud/owncloud.crt -req -signkey /usr/local/etc/ssl/self-cert/owncloud/owncloud.key -days 1095
Signature ok
subject=/C=NO/ST=Buskerud/L=Drammen/O=IT-Monkey/OU=IT/CN=server.it-monkey.lan/emailAddress=admin@it-monkey.lan
Getting Private key

$ sudo chmod 600 *
$ cd /tmp
 
 Now we need to download the OwnCloud software to our server, the current way to do that is to use wget or curl and point it at the url holding the tar install file of OwnCloud, these urls changes often so check OwnClouds website for the current version

$ wget https://download.owncloud.org/community/owncloud-10.0.7.tar.bz2
$ wget https://download.owncloud.org/community/owncloud-10.0.7.tar.bz2.sha256
$ wget https://download.owncloud.org/community/owncloud-10.0.7.tar.bz2.asc
$ wget https://owncloud.org/owncloud.asc

$ sudo gpg --import owncloud.asc
$ sudo sha256 -c owncloud-10.0.7.tar.bz2.sha256 -s owncloud-10.0.7.tar.bz2
$ sudo gpg --verify owncloud-10.0.7.tar.bz2.sha256 owncloud-10.0.7.tar.bz2

 Now we need to unpack and extract the files from the downloaded tar package and move it to a location the web server can read the files
$ sudo tar -xjf owncloud-10.0.7.tar.bz2
$ sudo cp -r owncloud/* /usr/local/www/apache24/data/owncloud/
cp: /usr/local/www/apache24/data/owncloud is not a directory
$ sudo mkdir -p /usr/local/www/apache24/data/owncloud/
$ sudo chown -R www:www /usr/local/www/apache24/data/owncloud/

 Restart Apache web server
$ sudo service apache24 restart
Performing sanity check on apache24 configuration:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Stopping apache24.
Waiting for PIDS: 5585.
Performing sanity check on apache24 configuration:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Starting apache24.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.55.30. Set the 'ServerName' directive globally to suppress this message

 Now everything should be installed and working and when you open your web browser and navigate to http://192.168.55.30/owncloud/ or http://server.it-monkey.lan/owncloud/ you should see the OwnCloud setup page



3
Networking / What You Need to Know about VPN
« Last post by kek on March 21, 2018, 02:28:49 PM »
What You Need to Know about VPN

In this post I will try to share what you should know about VPN, I will try to explain the theory behind what a VPN is, how it works, why one should use a VPN connection and some of the common mistakes I have encountered in the field.

This will be all explanations and theory, it will not be any specific How-To instructions in this post.

What is a VPN?
VPN is short for Virtual Private Network, as the name suggests it is used to create and or extends a private network across a public network, by doing this it enables users and services to send and receive data across shared or public networks as if their computer or network-devices were directly connected to the private network.
Why would I need a VPN?
There are several reasons for why you would need or want to use a VPN, a VPN on its own are just a way to bolster your internet security and access to resources on a different network you are not physically connected to. What you choose to do with a VPN is a different matter.

The first and foremost reason for using a VPN is security, as it is the only secure way of connecting remote devices or networks together, being your laptop connecting to your Home, School or Office network while you are out or you want to bypass silly country filters on services like Netflix, Hulu and Spotify for getting access to content that is not yet available in your aria without anyone able to see the traffic.

Second biggest reason for why you would need or want to use VPN is for privacy, some countries have silly rules that allows ISPs or other company to harvest your personal data and internet usage and then selling it to the highest bidder, whit a VPN the ISPs would be unable to see your personal data and internet usage as it is encrypted they will only see that you are connected to the VPN Server but not what type of date and usage is passed between the VPN Server and VPN Client.
There are a bunch more reasons for why you need or want to get a VPN, but these are the top two reasons that sticks out and covers everything you commonly would use a VPN.

Are there different types of VPN?
Yes there are several and very different types of VPNs, but unless you work in the field of Telecom, Networking or general IT and have a very specific need you are only going to see the two most common types of VPN is Remote Access based and Site to Site based connections and terminations.
What are the difference between Site to Site and Remote Access VPN?
Many users do not know the difference between Site to Site VPN and Remote Access VPN. While both are classified as VPN and uses basically the same computing infrastructure, there is a line that separates the two from each other and have different use cases.

Site to Site VPN:
A Site to Site VPN makes it possible for users in different fixed locations to establish a secure connection with each other over the internet, allowing a user in one location to access resources from another location. This means that if user A connects to a network where users B and C are connected, user A will be able to access resources that are in users B and C locations, and vice versa.

There are two types of Site to Site VPNs. The first one is intranet-based, where users create an intranet VPN with the intent of connecting multiple local-access networks (LANs) to a single wide-access network (WAN). The other one is extranet-based, where two separate intranets can connect to a secure shared network environment while still preventing access to each other’s intranets.

Remote Access VPN:
Remote Access VPN is different from Site to Site VPN in that it provides functionalities for multiple users, while the former tend to be more on the personal side. In a Remote Access VPN, individual users connect to a network in a remote location, through a secure and encrypted tunnel that allows them to access all resources in that network as if they are directly connected to the servers in that network.

In a Remote Access VPN, users connect to a Remote Access Server via the internet, using a dedicated VPN software. The VPN software establishes and maintains a secure tunnel to that Remote Access Server, allowing users to use a VPN through their devices over a safe connection.

Site to Site VPN is more for networks consisting of multiple users e.g. employees and departments within a company. Site to Site VPN allows each user to connect to a network where multiple users are also connected, allowing for resource sharing between the users within that VPN network. 

Remote Access VPN, on the other hand, is more focused on the personal user experience, providing users a number of benefits including a private and encrypted transfer of data and information, as well as access to the remote networks resources as if they are directly connected to that network. 

If you frequently use the internet for browsing and content consumption, then you will get more out of a Remote Access VPN than you would from a Site to Site VPN.

Are there different VPN Protocols?
Yes, there is as many different VPN Protocols, as there is types of VPNs. It seems as each type of VPN, has developed their own standards and protocols. However today there are only two protocols being used and recommended as the others are considered old, outdated and insecure on the modern internet, those two are IPSec and OpenVPN and both of these support Remote Access and Site to Site configuration and deployments.

List of common VPN Protocols you might see mentioned on the internet and in different guides are:
PPTP – Point to Point Tunnelling Protocol
L2TP – Layer 2 Tunnelling Protocol
OpenVPN – OpenVPN
IPSec IKEv1 – Internet Key Exchange (version 1)
IPSec IKEv2 – Internet Key Exchange (version 2)

PPTP – Point to Point Tunnelling Protocol
Point-to-Point Tunnelling Protocol is the most common VPN protocol. It is widely supported for Windows users, as it was created by Microsoft. It is available as standard on just about every VPN platform, making it easy to set up. It also requires a low computational overhead to implement, which means (for you VPN novices) that it is also quick to set up.
However, the PPTP was developed using 128-bit encryption keys which has since become considered quite weak in our quickly advancing digital world. Since there have been some security vulnerabilities with this protocol, most of today’s VPNs use a 256-bit security encryption.

L2TP – Layer 2 Tunnelling Protocol
Layer 2 Tunnelling Protocol does not provide encryption and relies on PPP (Point-to-Point protocol) to encrypt. The difference between PPTP and L2TP is that L2TP provides data confidentiality and data integrity. L2TP was built by Microsoft with Cisco as a foundation of PPTP and L2F (Layer 2 Forwarding) combined.
This VPN protocol is built to function with all modern operating systems and VPN devices. It’s also effortless to set up. While there are problems that may arise, this technology uses UDP port 500, which can be blocked by NAT firewalls.
L2TP encapsulates data twice, and that can compromise speed, but as encryption/decryption happens in the kernel and L2TP/IPsec, it enables multi-threading (OpenVPN does not), and as a result, it is faster.

OpenVPN – OpenVPN
OpenVPN is a somewhat new VPN protocol technology, and one big advantage is that it’s highly configurable and can easily bypass firewalls. It runs best on a UDP port and can be set to operate on any port. It uses 128-bit block size rather than Blowfish’s 64-bit block size, so it is able to handle larger files better.
The performance speed does depend on the level of encryption employed. Furthermore, it has become the default VPN connection type, even though it requires third-party software support. It’s also little hard to set up which can be frustrating for the new VPN user.

IPSec IKEv1 – Internet Key Exchange (version 1)
Outdated, no good reason to use this, use the updated IKEv2 protocol

IPSec IKEv2 – Internet Key Exchange (version 2)
Internet Key Exchange (version 2) is an IPSec based tunnelling protocol that was developed by Microsoft and Cisco. IKEv2 is good at re-establishing a VPN connection when users temporarily lose their internet connections. Mobile users benefit from using IKEv2 VPN protocol because of it support for the Mobility and Multi-homing(MOBIKE) protocol, which is useful if you want to connect your phones to a Wi-Fi network while at home but switch to mobile data use when out and about. IKEv2 is faster than PPTP and L2TP, as it does not use the overhead associated with Point to Point protocols (PPP). Stable and secure, easy to set up, and fully supportive of iOS, macOS, and Windows mobile devices, IKEv2 is available for Android devices but requires a connection with a third-party app.

Improvements with IKEv2
Fewer RFCs: The specifications for IKE were covered in at least three RFCs, more if one takes into account NAT traversal and other extensions that are in common use. IKEv2 combines these in one RFC as well as making improvements to support for NAT traversal and firewall traversal in general.
Standard Mobility support: There is a standard extension for IKEv2 (named MOBIKE) used to support mobility and multihoming for it and ESP. By use of this extension IKEv2 and IPsec can be used by mobile and multihomed users.

NAT traversal: The encapsulation of IKE and ESP in UDP port 4500 enables these protocols to pass through a device or firewall performing NAT.[14]
SCTP support: IKEv2 allows for the SCTP protocol as used in Internet telephony protocol VoIP.
Simple message exchange: IKEv2 has one four-message initial exchange mechanism where IKE provided eight distinctly different initial exchange mechanisms, each one of which had slight advantages and disadvantages.

Fewer cryptographic mechanisms: IKEv2 uses cryptographic mechanisms to protect its packets that are very similar to what IPsec Encapsulating Security Payload (ESP) uses to protect the IPsec packets. This led to simpler implementations and certifications for Common Criteria and FIPS 140-2, which require each cryptographic implementation to be separately validated.
Reliability and State management: IKEv2 uses sequence numbers and acknowledgments to provide reliability and mandates some error processing logistics and shared state management. IKE could end up in a dead state due to the lack of such reliability measures, where both parties were expecting the other to initiate an action - which never eventuated. Workarounds (such as Dead-Peer-Detection) were developed but not standardized. This meant that different implementations of workarounds were not always compatible.

Denial of Service (DoS) attack resilience: IKEv2 does not perform much processing until it determines if the requester actually exists. This addressed some of the DoS problems suffered by IKE which would perform a lot of expensive cryptographic processing from spoofed locations.
Supposing HostA has an SPI of A and HostB has an SPI of B.

What about speed and bandwidth over VPN?
Now that we have covered types and protocols, you might wonder about what speeds that you can expect, and the cold hard fact here is that you will never get a faster connection then the slowest link in the connection given from the ISP to ether side.

However there have been cases where one have gotten more speed over the VPN as the ISP have had a poor implementation of bandwidth limiting on their part and have not been able to detect the VPN traffic and given it a full connection, but these cases are few and far between and are not the norm.
When using a VPN it is expected to have a loss of about 25 – 30% on speed due to the overhead of encrypting \ decriypting the traffic before it is sent or received.

Common mistakes:
The biggest or most common mistakes people do when they try to connect or configure a VPN is that they do not think about the IPs and Subnets involved in the configuration as those can not overlap when creating the Transport or Tunnel network as it will then think the destination is the same as the sender,

Example:
Site A has LAN of 192.168.1.0 – 255. /24 – 255.255.255.0
Site B has LAN of 192.168.1.0 – 255. /24 – 255.255.255.0
Tunnel Network 10.10.10.0

For the VPN this would look like this:
Sender 192.168.1.0 – 255 ? 10.10.10.0 ? 192.168.1.0 – 255 Receiver

As you see here both site has exactly the same LAN network so when they try to connect to each other the network is going to be confused as they have the same information for sender and receiver.

Example:
Site A has LAN of 192.168.1.0 – 255. /24 – 255.255.255.0
Site B has LAN of 192.168.2.0 – 255. /24 – 255.255.255.0
Tunnel Network 10.10.10.0

For the VPN this would look like this:
Sender 192.168.1.0 – 255 ? 10.10.10.0 ? 192.168.2.0 – 255 Receiver
This example would work as there is a clear understanding of the source and destination of the traffic

Transport or Tunnel Network is the Private Network shared between the devices on the VPN Connection.

If you want a deeper technical explanation of how VPN works I can recommend watcing Eli The Computer Guy’s video on VPS https://www.elithecomputerguy.com/network/vpn-virtual-private-networking
4
Lets talk about FANs, especially Noctua fans, many may not be aware of that there are different fans for different configurations and deployments aside form case fans and cpu fans, at the base level any fan is better than no fan at all, unless you are custom building a fan less appliance.

Knowing what fan to use in the different cases makes all the differens in stability of the system as it get the correct amount of cooling, noise reduction as you use the right fan you need less of them and by that you also reduce noise production

The main difference between the fan models are that some are designed for Air Flow and others for Static Pressure

Air Flow fans are commonly used where there is little to no obstacles to push the air around it in a specific direction these fans usually have larger space between the blades and run at lower RPM

Static Pressure fans on the other hand is uses to push as much air through tight spaces such as radiators and cooling tower heatsinks and in some tower cases as intake fans as they have obstetrical like drive cages inches away from the intake vents

Now you should ask your self which Noctua fan is right for my setup?

Here is an overview of the different 120mm models form Noctua

NF-S12A: The NF-S12A has been optimized for “low impedance” applications that don’t require high static pressure and thus combines moderate pressure with outstanding airflow and superb quietness of operation. Choose the NF-S12A for case ventilation, applications with little or no obstruction to airflow as well as all other applications where minimum noise emission has first priority.

NF-P12: The NF-P12 has been designed with more pressure demanding “high impedance” applications in mind. It provides an even balance of high static pressure, high airflow and excellent quietness, which has made it a standard choice for low noise CPU cooling, cases with tight fan grills and other low noise cooling applications with mid- to high airflow resistance.

NF-F12: The NF-F12’s unique Focused Flow™ system produces extremely high static pressure and focuses the airflow in order to achieve even better results on air cooling heatsinks and water cooling radiators. With a top speed of 1500rpm, it also offers more performance headroom for less noise-sensitive applications. Choose the NF-F12 if you’re looking for the best possible performance on heatsinks and radiators.

This information is based on: https://noctua.at/en/which_fan_is_right_for_me
5
Linux and BSD / [How-To] - Enable Serial Com Port in CentOS 7
« Last post by kek on November 29, 2017, 11:19:37 PM »
[How-To] - Enable Serial Com Port in CentOS 7

In this post I want to share how you enable the serial console to work at boot and have the server send the login screen both to the regular monitor and to the serial com connection in CentOS 7. If you need to know more about what it is or why you should use a serial connection for your servers see my other post: What is a Serial Console, and why would we use it?, but in short is goes something like this:

you connect to your headless server using SSH or WebGUI over IP \ DNS but you messed up some configurations and you are no longer able to access your server over the network, and now you have to find a keyboard and monitor to access it and restore it. and that in it self can be a hassle and if you had serial connection enabled on a rs-232 com port you would only need to connect a console cable to it and do the troubleshooting needed, not to say most of the networking gear like routers and switches you see in business and enterprise environment need to be configured over console connection before they are deployed and you can use SSH or WebGUI over IP \ DNS.

Before I begin the configurations I will make two assumptions:
1. You have a clean and fresh install of CentOS 7 using LVM partitioning.
2. That your server have a working RS-232 Console Port installed and are recognized by the kernel and the drivers are installed.

To make the serial console available at boot we need to adjust the boot loader of the system to send the output to both the console port and the monitor, and to do this you need to login to the system whit a user that has sudo or root access.[/size]

Hardware Information:
Now that you are logged in to your system you want to first check that your Serial Comport is installed, to do this type the command: sudo dmesg | grep tty

Output should look like this example:
Code: [Select]

   [kek@centos7 ~]# sudo dmesg | grep tty
    [    0.000000] console [tty1] enabled
    [    0.000000] console [ttyS0] enabled
    [    1.891572] 00:05: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A


In this example I have one input \ output (I\O) console hardware port in the server and that is ttyS0 whit the full path of /dev/ttyS0, note this down as we need it later in the configuration

Now we need to check what LVM labels where given to the system if you used the easy installer option, in most cases it uses the hostname as labels, but since it can break the system if we do not get this part correct we better check as we do not want to do any unnessecary work or troubleshooting, to check LVM labels of your partitions run the command: sudo lvscan

Output should look similar to this:
Code: [Select]

   [kek@centos7 ~]# sudo lvscan
    ACTIVE      '/dev/cl_centos7/swap' [  2.00 GiB] inherit
    ACTIVE      '/dev/cl_centos7/root'  [<17.00 GiB] inherit


What we need to note from this command is the cl_centos7/root and cl_centos7/swap labeles as we need this later to get the device mapper string to point to the correct hard drive partitions for booting.

System Configuration:
Now that we have all the needed hardware information we are ready to configure the serial console and the boot loader, to do this you need to edit the following configuration file: /etc/sysconfig/grub to do this use your favourite text editor like vim or nano (not installed by default), command is: sudo vi /etc/sysconfig/grub

The file should look similar to this before editing:
Code: [Select]

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos7/root rd.lvm.lv=centos7/swap crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"


You would need to make some changes to this file, as you can see it contains no information about the serial connection or the terminal settings to use, in my setup I use the following configuration:

Code: [Select]

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl_centos7/root rd.lvm.lv=cl_centos7/swap rhgb quiet"
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200"
GRUB_DISABLE_RECOVERY="true"


The settings in here should be self explainatory and should be generic egnouh to cover 90% of all serial adapters, but the general descripton of them are:
GRUB_TERMINAL is set to both Console and Serial enabling it for both on screen monitor and serial output.
GRUB_SERIAL_COMMAND sets the value of what speed it should run and how it should communicate whit the remote device these settings needs to match at both sides to make a connection.
GRUB_CMDLINE_LINUX specifies where the swap and root partition is stored for the LVM so the system can boot, this is why we looked up the disk information.
GRUB_CMDLINE_LINUX_DEFAULT tells the boot loader to where it should send the information where tty1 is the monitor and ttyS0 is the Serial port.

At this point you are nearly done, just a few commands left to run as the majority of the configuration is the get the grub config correct, now we just need to enable our Serial connection using the command:
 stty -F /dev/ttyS0 ispeed 115200

You may get an error saying it could not run all of the settings, but do not worry about that for now, next up would be to generate a new bootloader file for grub whit the settings we just saved in
/etc/sysconfig/grub we do that by running the following command: grub2-mkconfig -o /boot/grub2/grub.cfg

Now you are ready to connect the serial console cable and connect from your workstation or laptop using something like screen or putty depending on OS you are using, the console will at this point connect to a black screen as it has not active console running at the moment, and if you are at a blank window whit no errors then you can run the command: sudo /sbin/reboot on your CentOS 7 server and you should see the grub and boot process both on the monitor and the serial terminal window.

Thanks
KEK
6
Hardware / What is a Serial Console, and why would we use it?
« Last post by kek on November 29, 2017, 05:22:29 PM »
What is a Serial Console, and why would we use it?

In this post I would like to take the time to tell you a little about Serial Consoles and COM ports, and why we still uses it

What is Serial Console?
The serial console is a connection over the RS-232 or serial port connection that allows a person access to a computer or network device console. Typically, a console is accessed over an SSH connection. However, with software, hardware, or other access problems, it may only be possible to access the machine or device (e.g. routers and switches) over a serial connection. Older computers and headless computer (computers or devices without monitors) also use the serial console as the main way to access the console.

The system console, computer console, root console, operator's console, or simply console is the text entry and display device for system administration messages, particularly those from the BIOS or boot loader, the kernel, from the init system and from the system logger. It is a physical device consisting of a keyboard and a screen, and traditionally is a text terminal, but may also be a graphical terminal. System consoles are generalized to computer terminals, which are abstracted respectively by virtual consoles and terminal emulators. Today communication with system consoles is generally done abstractly, via the standard streams (stdin, stdout, and stderr), but there may be system-specific interfaces, for example those used by the system kernel.

The console is the text output device for system administration messages. These messages come from the kernel, from the init system and from the system logger. On modern small computers the console is usually the computer's attached monitor and keyboard. On many older computers the console is an RS-232 link to a terminal such as a DEC VT100. This terminal is in a locked room and is continually observed by the minicomputer's operators. Large systems from Sun, Hewlett-Packard and IBM still use serial consoles. It is usually possible to login from the console. A login session from the console is treated by many parts of the operating system as being more trustworthy than a login session from other sources. Logging in as the root super-user from the console is the Command Line of Last Resort when faced with a misbehaving system.


Why should we use a serial console?
For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English. A new terminal can be more expensive than an old PC.

There are some scenarios where serial consoles are useful. These are:

 - Systems administration of remote computers
 - High density racks of computers
 - Recording console messages
 - Embedded software development

Systems administration of remote computers
Linux is a good operating system for deployment at unstaffed sites. Linux is also good for hosting critical network infrastructure such as DNS and DHCP services. These services are generally installed at every site of an organisation including sites which may be too small or too remote to have information technology staff. System administration of these remote computers is usually done using SSH, but there are times when access to the console is the only way to diagnose and correct software failures. Major upgrades to the installed distribution may also require console access. In these cases the serial console is attached to a modem. Access to the console is gained from a remote computer by dialing into the modem. This allows the console to be reached from any telephone socket.

High density racks of computers
Clusters of personal computers can outperform mainframe computers and form competitive supercomputers for some applications. See the Cluster-HOWTO for more information on clustering. These clusters are typically assembled into 19 inch telecommunications equipment racks and the system unit of each computer is typically one rack unit (or 1.75 inches) tall. It is not desirable to put a keyboard and monitor on each computer, as a small cathode ray tube monitor would consume the space used by sixteen rack units. A first glance it seems that a monitor and keyboard switch is the best solution. However the VGA signal to the monitor is small, so even with the switch the monitor cannot be placed very far away from the rack of computers. It is desirable to allow the consoles to be monitored in the operators' room of the computer center, rather than in the very expensive space of the machine room. Although monitor switches with remote control and fiber optical extensions are available, this solution can be expensive. A standard RS-232 cable can be 15 meters in length. Longer distances are easily possible. The cabling is cheap. Terminal servers can be used to allow one terminal to access up to 90 serial consoles.

Recording console messages
This is useful in two very different cases.

Kernel programmers are often faced with a kernel error message that is displayed a split second before the computer reboots. A serial console can be used to record that message. Another Linux machine can be used as the serial terminal. Some secure installations require all security events to be unalterably logged. One way to meet this requirement is to print all console messages. Connecting the serial console to a serial printer can achieve this.

Embedded software development
Linux is increasingly being used as an operating system for embedded applications. These computers do not have keyboards or screens. A serial port is a cheap way to allow software developers to directly access the embedded computer. This is invaluable for debugging. Most chip sets designed for embedded computers have a serial port precisely for this purpose. The shipping product need not present the RS-232 port on an external connector. Alternatively the RS-232 port is often used for downloading software updates.

7
News from the Admin team / Deleted accounts during maintinace
« Last post by kek on November 29, 2017, 04:21:34 PM »
Hello folks, there as been a few inactive accounts on this forum that was never registered online and as activated accounts, these was today (2017-11-29) deleted from the system if some of these where real and active accounts, please contact one of our admin or moderators staff and we will be looking at restoring your profile back

thanks,
KEK
8
Hardware / IT-Monkey Lab Hardware - end of 2017
« Last post by Edd Noman on November 25, 2017, 11:54:37 AM »
I decided to create this topic about what hardware we use in our test lab her at IT-Monkey, after quite a few comments from people we have been in contact whit that they have no access to brand new hardware and that hardware is so expensive that they can not afford systems and lab equipment like what we have here. This is why I decided to share this list of what our lab hardware is and what our servers are made out of, and to showcase that you do not need the lates and greatest in a home-lab or test-lab at least not when you are starting out and want to learn as it was the goal for my home-lab when I first started out in 2010.


Physical Servers:
At this point in time we at IT-Monkey have 3 different DIY server in our lab-rack, these are:

1. Storage server, running FreeNAS 9.10.2-U6 This system was purpose build as a central storage server for my home office, home-lab and business, it is the only system that I have bought everything brand new from the retailer that sits in my server-rack.
2. Lab1-Server, hypervisor running VMWare ESXi 5.5
3. Lab2-Server, currently have no storage and OS, going to be used as a hypervisor standalone or cluster depending on software and pricing..
these are just generic names and not the actual names of the servers, for security reasons,

FreeNAS-Server Hardware:
Code: [Select]
Chenbro RM23212 2U rackmount whit rails, 12-hotswap hdd bays
Motherboard: Supermicro X11SSL-F (MicroATX, Socket 1151. C232 Chipset and DDR4)
Processor: Intel Xenon E3-1245v5 4 Cores at 3.5Ghz
Memory: Crucial DDR4 ECC unreg 64Gb 2133Mhz KIT
Powersupply: SeaSonic 400w 80-Plus Bronze
CPU Cooler: Noctua NH-L9x56
Raid Controller: LSI MegaRAID 9211-8 (Flashed to IT 20 Firmware)
NIC: Intel PRO 1000 PT (EXPI9404PT) 4-port
OS Drive: SanDisk Cruszer 32Gb
HDD 01: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 02: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 03: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 04: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 05: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 06: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 07: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 08: Seagate Ironwolf ST4000VN008 64MB 4TB
HDD 09: Western Digital Red WD40EFRX 64MB 4TB
HDD 10: Western Digital Red WD40EFRX 64MB 4TB
HDD 11: Western Digital Red WD40EFRX 64MB 4TB
HDD 12: Western Digital Red WD40EFRX 64MB 4TB
Fan 1: GELID Silent PRO 8 PWM
Fan 2: GELID Silent PRO 8 PWM
Fan 3: GELID Silent PRO 8 PWM

Note; This system was purpose build as a central storage server for my home office, home-lab and business, it is the only system that I have bought everything brand new from the retailer that sits in my server-rack.

Lab1-Server Hardware:
Code: [Select]
Case: X-Case X255F 2U rackmount whit rails
Motherboard: MSI Z77A-G45 LGA1155
Processor: Intel i7-3770 4-cors 3.40 GHz
Memory: Corsair Vengeance DDR3 1600mhz 32Gb KIT
Powersupply: Corsair CX500M, 500w 80-Plus Bronze
CPU Cooler: Noctua NH-L9x56
Raid Controller: LSI MegaRAID 9211-8 (Flashed to IT 20 Firmware)
NIC: Intel PRO 1000 PT (EXPI9404PT) 4-port
OS Drive: SanDisk Cruszer Fit 8Gb
Internal HDD 1: Intel 335 240Gb
Internal HDD 2: Intel 335 240Gb
Internal HDD 3: Western Digital Red WD30EFRX 64MB 3TB
Internal HDD 4: --
Fan 1: GELID Silent PRO 8 PWM
Fan 2: GELID Silent PRO 8 PWM
Fan 3: GELID Silent PRO 8 PWM

Note; Currently running VMWare ESXi 5.5 and a Windows 2012r2 DC network, thinking about changing hypervisor to something else

Lab2-Server Hardware:
Code: [Select]
Case: X-Case X255F 2U rackmount whit rails
Motherboard: Gigabyte GA-Z68XP-UD3 LGA1155
Processor: Intel i7-3770 4-cors 3.40 GHz
Memory 1: Corsair Vengeance DDR3 1600mhz 16Gb KIT
Memory 2: Corsair Vengeance DDR3 1600mhz 8Gb KIT
Powersupply: Andersson Mission SG GGP 550w 80-Plus
CPU Cooler: Noctua NH-L9x56
Raid Controller: LSI MegaRAID 9211-8 (Flashed to IT 20 Firmware)
NIC: Intel PRO 1000 PT (EXPI9404PT) 4-port
OS Drive: SanDisk Cruszer Fit 8Gb
Internal HDD 1: --
Internal HDD 2: --
Internal HDD 3: --
Internal HDD 4: --
Fan 1: GELID Silent PRO 8 PWM
Fan 2: GELID Silent PRO 8 PWM
Fan 3: GELID Silent PRO 8 PWM

Note; Server has no storage, server is currently being used as a bench testing server, has support for mSATA SSD, thinking about a hypervisor cluster, not sure what OS to use

As you can see both Lab1 and Lab2 server is built out of old consumer grade hardware and have prior to us getting them been used as gaming machines, where we simply refurbished the motherboard and CPU's moved it to a rack-mount case and added appropriate sized coolers and some other spare parts that we had laying around and most of those are not needed to run a basic test-lab.

Network:
As for our network we do not have very much hardware at all and you really do not need much besides a good Managed Switch whit enough ports to connect it together

For our lab we currently have the following networking equipment:
1. ISP Modem
2. SG-4860 pfSense Firewall
3. Cisco SB SG200-26p Switch

As you know there is no internet connectivity whiteout the ISP and their Modem, then there is the pfSense SG-4860 appliance we use this to separate home network, lab network and office network, then it is the Cisco Switch not much to it plug it in and connect devices to it.

As I am writing this post I am about to redo some of my lab setup so if there is intrest for it I can make a post about setting up your own home-lab from scratch whit more detailed information on how everything is interconnected whit each other
9
Virtualization / bhyve
« Last post by melloa on September 21, 2017, 01:23:07 PM »
After iX burning the coral and problems with 11 upgrade, I've decided to move strait to FBD. Next logical step: bhyve.

Although bhyve still in development I was able to move all my VMs (I don't use windows, but created one just for the same of it) to bhyve. Found out a very good tool: vm-bhyve, that make the vm creation pretty easy.

I'd recommend you guys testing it.
10
Thank you so much, i helps me a lot sir TS :)  ;D ;D ;D
Pages: [1] 2 3 ... 8