Jails and FAMP server

[objecttothis]

Hi again. OK, I've made great progress. I *think* the FAMP server is up and running, although I'm a bit concerned about permissions and such. Here's why. I've tested Apache, MySQL and PHP and all appear to be working, however after successfully installing phpMyAdmin, I think there may be something wrong with the configuration, or the default of the jail is that nothing is accessible except by root since the default group:owner given is root:wheel. When I attempt to go to http://server-ip/phpmyadmin/setup to run the setup script I get a server 403 error from apache. phpMyAdmin is located at /usr/local/www/phpMyadmin/ and I've added the following to the httpd.conf for apache:

Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin"

<Directory "/usr/local/www/phpMyAdmin">
Options None
AllowOverride None
Require all granted
#Require host .example.com
</Directory>

I've tried to set the owner:group of the phpMyAdmin folder to www:www, which is the owner:group that apache has in the httpd.conf and my document root is set as. 1: I don't want to create security vulnerabilities with ownership and permissions and 2: I'm not sure what's wrong with permissions that is causing apache to puke when I attempt to access the phpmyadmin folder. I created an info.php file and that is displaying just fine.

 

[objecttothis]

So, I checked the httpd-error.log and here is what I found:
client denied by server configuration: /usr/local/www/phpMyAdminindex.php
client denied by server configuration: /usr/local/www/phpMyAdminindex.html

so, two things:
1- I noticed no slash between phpMyAdmin and index....
2- The log's reason for the 403 is server configuration.

The phpMyAdmin folder has the same user and group as apache.

 

[danb35]

I'm no apache wizard, but the first thing that jumps out at me is the fact that you've aliased /phpmyadmin/ (with a trailing slash) to /usr/local/www/phpMyAdmin (without a trailing slash). That would seem to explain the lack of the slash. That would probably also result in apache not processing the <Directory> directive you mention.

 

[objecttothis]

I was just logging back in to post the solution. Dan, your suggestion was indeed the problem. The "cookie-cutter" code that I was instructed to paste in had the error. I found it around the same time you posted your message. On to my configuration! Thanks again.

 

[nello]

Code:

# pkg upgrade
# pkg install apache24 mysql56-server php55

There is a newer version php (php56); is there some reason for not using this later version?

UPDATE 5-Mar-2015
Removed erroneous mention of apache 26

 

[danb35]

I wasn't aware of Apache 2.6, and didn't think of PHP 5.6. If both are available as FreeBSD packages, and they're supported by whatever apps you want to run on the server, I don't know of any reason not to use them.

 

[nello]

Perhaps this would be a good starting point for a tutorial on creating a FAMP:

http://www.garron.me/en/linux/apache-event-php-fpm-mariadb-freebsd.html

This is also good:

https://forums.freenas.org/index.php?threads/zoneminder-on-freenas.14463/page-2#post-142981


Update 5-Mar-2015 Corrected duplicated link.

 

[danb35]

It looks like you've given the same link twice--was there a different one you intended to share? The link I see relies on the ports system, which isn't a bad thing at all, but seems to complicate things a bit compared to using binary packages. It does cover the basic installation and configuration in a good bit of detail, though.

 

[Jailer]

Well I've managed to get my FEMP stack up and running and software installed and running too. Now I'm trying to get phpmyadmin to run. I've got the pkg installed, I just can't get it configured so it will run.

Anybody care to offer some help?

 

[objecttothis]

I'm configuring mine too as well... it's quite an involved configuration. I'm not not stuck (still searching) but sort of stalled on where to place temp file folder and saved files folder. phpmyadmin wants it to not be world accessable and the standard temp folders are. If I come across a tutorial that details start-to-finish config on a FAMP server (since that's the OP's thrust) I will send it along and hopefully it will match a FEMP setup.

 

[Jailer]

There was a link to a complete guide for installing a FAMP stack in FreeBSD 10 on the first page of this thread.

https://www.digitalocean.com/commun...ache-mysql-and-php-famp-stack-on-freebsd-10-1

I found another article at the same place and followed that for installing a FEMP stack.

https://www.digitalocean.com/commun...ginx-mysql-and-php-femp-stack-on-freebsd-10-1

Now keep in mind this will get you up and running but it's up to you to get it configured. Basic configuration for basic function is shown but you'll still have to research on how to get it optimized for your usage scenario and get it hardened if you want to expose it to the outside world.

 

[EsTaF]

https://www.digitalocean.com/commun...ache-mysql-and-php-famp-stack-on-freebsd-10-1

"sudo pkg install apache24
..
sudo pkg install mod_php56 php56-mysql php56-mysqli
"
ok
After it, author is giving an advice to change (Open and not create!!!!) /usr/local/etc/apache24/Includes/php.conf file.
But!!!!!!!

Code:

ls -la /usr/local/etc/apache24/Includes
total 10
drwxr-xr-x  2 root  wheel   3 Sep 20 12:01 .
drwxr-xr-x  6 root  wheel  12 Sep 20 12:10 ..
-rw-r--r--  1 root  wheel  89 Sep 13 07:05 no-accf.conf

???

 

[frasernator]

I realize this is a fairly old thread but on my own I've managed to setup a FAMP jail without too much problems and can create web pages using vi within the Jail Shell but that is a really crappy way to code up web pages and want to use the tools I have available in on my Windows machine.

What I'm wanting to do is setup a new share on my regular FreeNAS to save the web page files and then mount that share back to the jail. When I do this, using the Shell I can see the files I mounted however I get permission issues telling me You don't have permission to access this resource when I attempt to access the Jail through my Web Browser. Remove the Mounting and then I can again access the web pages

With the folder mounted permissions on /usr/local/www/apache24/data is drwxrwx---+ however when I don't have it mounted the permission are drwxr-xr-x

I'm assuming the issue is the lack of read and execute permissions for other users but I can't figure out how to setup these permissions. I attempted to user chmod 755 data to force the permissions the way I want but I get chmod: data: Operation not permitted

I'm still learning my way around Linux and FreeNAS so I might be missing something obvious, but short of attempting to setup Samba within the FAMP jail I'm out of ideas on how to proceed.

Thank you

 

[danb35]

Your share is using Windows permissions, which is why chmod isn't working. The best thing to do is probably to change it to use Unix permissions. Failing that, learn to set the Windows permissions appropriately (IIRC, @m0nkey_ has a video on the subject which could be helpful).

 

[frasernator]

Your share is using Windows permissions, which is why chmod isn't working. The best thing to do is probably to change it to use Unix permissions. Failing that, learn to set the Windows permissions appropriately (IIRC, @m0nkey_ has a video on the subject which could be helpful).

I just tried removing the Windows (SMB) Shares and didn't set up any other share then remounted Storage Pool and got the same permissions still without the ability to use chmod

 

[frasernator]

I just tried removing the Windows (SMB) Shares and didn't set up any other share then remounted Storage Pool and got the same permissions still without the ability to use chmod

I've sort of figured, it out. It was not just the Windows (SMB) Share, not sure if that was what you were referring to or not but now I'm suspecting it was not. I instead went into the Pool permissions switched to Unix turned on the Other permissions as required. Saved then went back and turned on the Windows (SMB) Share and then it stated working as required.

This works as long as I don't reboot FreeNAS but after that I loose access to the web pages again and I have to go through these steps again.

I guess what I really need is to somehow set the Unix permissions but still allow the ability to access the share through Windows mapping and have the permissions stick even after a reboot.