06 Mar

Freebsd 11.0 – FEMP

FEMP

This is a basic setup of FEMP, it’s splitted in several parts. First you have to select either installing it from ports or building it all from source files, both works but the port install takes less time todo. After you have done the installation move forward to configuration and trying it out. This is by no mean a optimal guid, but a fast jump into installing FEMP.

Through Ports

###################################################################
#
# First i start off with Nginx since its the easy part of the install
#
###################################################################

# Enter the ports folder for nginx
cd /usr/ports/www/nginx

# Configure the build, Basic settings are fine for beginners
make config-recursive

# Install and clean up
make install clean

# Add nginx to startup upon boot of the os
echo 'nginx_enable="YES"' >> /etc/rc.conf

# Create a www data folder that is easy to access for the future. And change owner.
mkdir /home/www
mkdir /home/www/default
chown www:www /home/www


###################################################################
#
#  Next step is install the database, i prefer mariadb.
#
###################################################################

# Enter the ports folder for mariadb server 10.1
cd /usr/ports/databases/mariadb101-server/

# Configure the build, accept basic settings
make config-recursive

# Install and clean up, this will take a while.
make install clean

# Setup the password for mysql root account, default is none if asked for passwd.
# Set a strong password, and then default settings on the rest.
/usr/local/bin/mysql_secure_installation

# Add it to startup upon boot of os.
echo 'mysql_enable="YES"' >> /etc/rc.conf

###################################################################
#
# Now time for the last part install php.
#
###################################################################

# Enter the ports folder for mariadb server 10.1
cd /usr/ports/lang/php70

# Ensure that fpm is marked.
make config-recursive

# Install and clean-up
make install clean

# Add php to spawn upon boot
echo 'php_fpm_enable="YES"' >> /etc/rc.conf

# Copy the production file into php.ini
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

# install following extensions Json, session, mysqli, mbstring, 
# gd, openssl, zlib, zip, pdo_mysql
cd /usr/ports/lang/php70-extensions
make config-recursive
make install clean
Building from source
######################################
#  Fetch all the files
######################################
cd /tmp/
fetch ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
fetch http://www.cpan.org/src/5.0/perl-5.24.1.tar.gz
fetch http://nginx.org/download/nginx-1.11.9.tar.gz
fetch http://se2.php.net/get/php-7.1.1.tar.gz/from/this/mirror
fetch http://acc.dl.osdn.jp/php-i18n/52624/libmbfl-1.2.0.tar.gz
fetch http://www.zlib.net/zlib-1.2.11.tar.gz
fetch --no-verify-peer https://www.openssl.org/source/openssl-1.0.2k.tar.gz
fetch http://www.libarchive.org/downloads/libarchive-3.2.2.tar.gz
fetch --no-verify-peer https://curl.haxx.se/download/curl-7.52.1.tar.gz
fetch --no-verify-peer https://cmake.org/files/v3.7/cmake-3.7.2.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/m4/m4-1.4.18.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/bison/bison-3.0.4.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/bash/bash-4.4.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/bash/readline-5.1.tar.gz
fetch ftp://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz
fetch --no-verify-peer https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
fetch ftp://ftp.gnu.org/gnu/gss/gss-1.0.3.tar.gz
fetch http://ftp.ddg.lth.se/mariadb//mariadb-10.1.21/source/mariadb-10.1.21.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/automake/automake-1.15.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
fetch http://ftp.acc.umu.se/mirror/gnu.org/gnu/libtool/libtool-2.4.tar.gz
fetch ftp://xmlsoft.org/libxml2/libxml2-2.9.4.tar.gz
fetch http://downloads.webmproject.org/releases/webp/libwebp-0.6.0.tar.gz
fetch --no-verify-peer https://kent.dl.sourceforge.net/project/libpng/libpng16/1.6.28/libpng-1.6.28.tar.gz
fetch --no-verify-peer https://gmplib.org/download/gmp/gmp-6.1.2.tar.xz
fetch http://www.ijg.org/files/jpegsrc.v9b.tar.gz
fetch --no-verify-peer https://mirrors.netix.net/sourceforge/m/mc/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz



######################################
#  Un-tar everything in /tmp
######################################
tar -zxf pcre-8.40.tar.gz | tar -zxf nginx-1.11.9.tar.gz | tar -zxf mirror
tar -zxf mariadb-10.1.21.tar.gz  | tar -zxf perl-5.24.1.tar.gz | tar -zxf zlib-1.2.11.tar.gz
tar -zxf libmbfl-1.2.0.tar.gz | tar -zxf openssl-1.0.2k.tar.gz
tar -zxf libarchive-3.2.2.tar.gz | tar -zxf curl-7.52.1.tar.gz | tar -zxf cmake-3.7.2.tar.gz
tar -zxf m4-1.4.18.tar.gz | tar -zxf bison-3.0.4.tar.gz | tar -zxf bash-4.4.tar.gz
tar -zxf readline-5.1.tar.gz | tar -zxf libffi-3.2.1.tar.gz | tar -zxf Python-2.7.13.tgz
tar -zxf gss-1.0.3.tar.gz | tar -zxf mariadb-10.1.21.tar.gz | tar -zxf automake-1.15.tar.gz
tar -zxf autoconf-2.69.tar.gz | tar -zxf libtool-2.4.tar.gz | tar -zxf libmcrypt-2.5.8.tar.gz
tar -zxf libxml2-2.9.4.tar.gz | tar -zxf libwebp-0.6.0.tar.gz
tar -zxf libpng-1.6.28.tar.gz | tar -zxf gmp-6.1.2.tar.xz | tar -zxf jpegsrc.v9b.tar.gz


######################################
#
#  Required files/packages  before
#  install of php,nginx,mariadb
#
######################################
cd /tmp/perl-5.24.1
./configure.gnu
make
make install

cd /tmp/openssl-1.0.2k
./config -fPIC shared
make
make install

cd /tmp/libarchive-3.2.2
./configure
make
make install

cd /tmp/curl-7.52.1
./configure
make
make install

cd /tmp/cmake-3.7.2
./configure
make
make install

cd /tmp/m4-1.4.18
./configure
make
make install

cd /tmp/bison-3.0.4
./configure
make
make install

cd /tmp/bash-4.4
./configure
make
make install

cd /tmp/readline-5.1
./configure
make
make install

cd /tmp/libffi-3.2.1
./configure
make
make install

cd /tmp/Python-2.7.13
./configure --enable-shared --enable-optimizations
make
make install

cd /tmp/gss-1.0.3
./configure
make
make install

cd /tmp/pcre-8.40
./configure
make
make install

cd /tmp/autoconf-2.69
./configure
make
make install

cd /tmp/automake-1.15
./configure
make
make install

cd /tmp/libtool-2.4
./configure
make
make install

cd /tmp/libmbfl-1.2.0
chmod +x buildconf
./buildconf
./configure
make
make install

cd /tmp/libxml2-2.9.4
./configure
make
make install

cd /tmp/libwebp-0.6.0
./configure
make
make install

cd /tmp/libpng-1.6.28
./configure
make
make install

cd /tmp/gmp-6.1.2
./configure
make
make install

cd /tmp/jpeg-9b
./configure
make
make install

cd /tmp/libmcrypt-2.5.8
./configure --disable-posix-threads
make
make install

######################################
#  MARIADB
######################################
cd /tmp/mariadb-10.1.21
pw groupadd mysql
pw adduser mysql -g mysql -d /usr/local/mysql

# In the menu just press c for configure, takes a while.
# Write no on 'JEMALLOC_STATIC_LIBRARY' & 'WITH_JEMALLO',
# and last line to write no on 'PLUGIN_TOKUDB'
# press c and then g to save config & quit.
ccmake .

# Compiling using 4 threads.
make -j4

# Install everything
make install

# Add the run file
mkdir /usr/local/etc/
mkdir /usr/local/etc/rc.d
cd /usr/local/etc/rc.d
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/mysql-server
chmod +x /usr/local/etc/rc.d/mysql-server

# Add the default my.cnf (change this later on..)
mkdir /var/db/mysql
cd /var/db/mysql/
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/my.cnf

# Start sql server
/usr/local/etc/rc.d/mysql-server onestart

# Set password for root mysql user
/usr/local/mysql/bin/mysql_secure_installation


######################################
#  NGINX
######################################
cd /tmp/nginx-1.11.9
./configure --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --with-cc-opt="-I /usr/local/include" --with-ld-opt="-L /usr/local/lib" --with-http_stub_status_module
make
make install

# Add the run file
cd /usr/local/etc/rc.d
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/nginx
chmod +x /usr/local/etc/rc.d/nginx

mkdir /var/log/nginx/
mkdir /home/www
mkdir /home/www/default
chown www:www /home/www

######################################
#  PHP
######################################
cd /tmp/php-7.1.1

# Compiling php with the needed extensions.
./configure \
--enable-fpm \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-libxml \
--enable-zip \
--with-bz2=shared \
--with-curl=shared \
--with-gd \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--with-webp-dir=/usr \
--enable-gd-native-ttf \
--with-gmp=shared \
--enable-mbstring \
--enable-bcmath \
--with-mcrypt \
--with-mhash=shared \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-pdo-mysql \
--enable-sockets \
--with-zlib \
--enable-ftp \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--with-openssl

# Install
make -j4
make install

# Add the run file
cd /usr/local/etc/rc.d
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/php-fpm
chmod +x /usr/local/etc/rc.d/php-fpm

# Copy the production ini to the correct folder and so php loads the correct ini
cd /usr/local/etc/
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/php.ini
chmod 755 php.ini

cp /usr/local/etc/php-fpm.d/www.conf.default /usr/local/etc/php-fpm.d/www.conf
cp /usr/local/etc/php-fpm.conf.default /usr/local/etc/php-fpm.conf

# Change this line in /usr/local/etc/php-fpm.conf
include=NONE/etc/php-fpm.d/*.conf
# To
include=/usr/local/etc/php-fpm.d/*.conf

# And in php-fpm.conf uncomment and change
;pid = run/php-fpm.pid
# To
pid = /var/run/php-fpm.pid


######################################
#  Last part + cleanup
######################################
# Add programs to boot, nginx,php,mysql.
echo 'php_fpm_enable="YES"' >> /etc/rc.conf
echo 'mysql_enable="YES"' >> /etc/rc.conf
echo 'nginx_enable="YES"' >> /etc/rc.conf

# Remove all files in /tmp
rm -R /tmp/*
######################################
#  Now continue to configuration before trying out the services!
######################################


Configurations

There are a couple of basic configurations that need to be done. Lets start with configuring php-fpm, and continue with php.ini and then get nginx to work with php.

/usr/local/etc/php-fpm.d/www.conf

# Next we uncomment the user and group of the ownership
;listen.owner = www
;listen.group = www
;listen.mode = 0660

# To following 
listen.owner = www
listen.group = www
listen.mode = 0660

/usr/local/etc/php.ini

# Security option that needs to be uncommented and set to 0
# ;cgi.fix_pathinfo=1

# Change it to
cgi.fix_pathinfo=0

# If you plan to transfer large files, change this to preferred value
upload_max_filesize = 2M

# And if you have larger transfers make sure that the execution time is extended
max_execution_time = 30

/usr/local/etc/nginx/nginx.conf
First delete the old nginx.conf and replace it with the one bellow.

# Set the worker process to auto, or the amount of cpus/core you have
worker_processes  auto;
# Store errors in logs/error.log and log even warnings
error_log /var/log/nginx/error.log warn;
# Create and store pid in logs/pid
pid /var/run/nginx.pid;

events {
    worker_connections  1024;
    multi_accept on;
    use kqueue;
}


http {
    # Define the mime.types
    include       mime.types;
    default_type  application/octet-stream;

    # How logs are structured
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    # Store access logs in logs/access.log
    access_log  /var/log/nginx/access.log  main;

    # Optimising nginx, when serving static content.
    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay    on;
    # Set keepalive time out to 15 sec
    keepalive_timeout  15;

    # Enable gzip compression
    gzip  on;
    
    # Disable gzip on old crap iexplorer
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    # Include site configurations from the sites/ folder.
    include  /usr/local/etc/nginx/sites/*;
}

/usr/local/etc/nginx/sites/default.site

server {
    listen 80;
    server_name localhost;
    root /home/www/default;

    location / {
        index  index.php index.html index.htm;
    }

    location = /50x.html {
        root   html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    location ~ /\.ht$ {
         deny  all;
    }
}
/usr/local/etc/my.cnf

If you want to change some settings to mariadb, the settings are located in /usr/local/share/mysql/ with filnames such my-small.cnf, my-medium.cnf, my-larg.cnf, my-huge.cnf open the preferred size, configure it and save it as /usr/local/etc/my.cnf

And we are done! Good luck optimising!

Testing the build

Basic test could be done by running a phpinfo() call in the index file just to make sure it works
/home/www/default/index.php

< ?php
phpinfo();
? >

Or we could do a quick test to see if php, mariadb and nginx works together, by first trying to install and use phpmyadmin & wordpress.

Install Phpmyadmin

# Enter the tmp folder
cd /tmp

# Fetch the phpmyadmin
fetch --no-verify-peer https://files.phpmyadmin.net/phpMyAdmin/4.6.5.2/phpMyAdmin-4.6.5.2-all-languages.tar.gz

# Untar the file
tar -zxf phpMyAdmin-4.6.5.2-all-languages.tar.gz

# Make directory phpmyadmin in webfolder
mkdir /home/www/default/phpmyadmin

# Copy the files to the webfolder
cp -R /tmp/phpMyAdmin-4.6.5.2-all-languages/* /home/www/default/phpmyadmin

#remove temp files
rm -R /tmp/phpMyAdmin-4.6.5.2-all-languages | rm phpMyAdmin-4.6.5.2-all-languages.tar.gz

Now you should be able to access phpmyadmin @ http://ip_to_server/phpmyadmin While trying it out, ensure that you make a database for the wordpress install.

Install WP

# Enter the tmp folder
cd /tmp

# Fetch the latest wordpress file
fetch --no-verify-peer https://wordpress.org/latest.tar.gz

# Untar the file
tar -zxf latest.tar.gz

# Copy wordpress file into default www folder 
cp -R /tmp/wordpress/* /home/www/default/

# Remove temp files
rm -R /tmp/wordpress | rm latest.tar.gz 

# Done

After adding the wordpress files to the www-folder you have to enter http://ip_to_server/ and follow the installation guide, if everything is setup correctly the setup should work flawlessly. Remember to set the right folder permissions to get it to work, correct permissions can be found at: https://codex.wordpress.org/Changing_File_Permissions

There are alot of improvements that could be done to this setup. For example adding caching features, or adding/removing extensions, and solving the snmp issue if the service provider blocks it and so on.

Leave a Reply

Your email address will not be published. Required fields are marked *