PHP Applications - NGINX + PHP-FPM (+MySQL) - Jail Install and Setup

[Joshua Parker Ruehlig]

I thought it would be good to have a single place to link setup guides for popular PHP applications.
If anyone has an application setup guide please post it and I'll link it here.
Also, if you want to edit my install guide below I'm open to suggestions.

Do all of the command in your Plugins Jail's userland, you can enter it from the FreeNAS userland with..

Code:

jls # find you jail's id number
jexec ID csh # replace 'ID' with your jail's id number

NGINX INSTALL

Code:

pkg_add -r nginx

/usr/local/etc/nginx/nginx.conf

Code:

worker_processes  2; #Your number of threads
events {
worker_connections  1024;
}
http {
include		mime.types;
default_type	application/octet-stream;
	sendfile	off; #Disable for files served from zfs
	gzip		on;
	include	domain.conf; #This is where I will put my server block(s)
}

PHP-FPM INSTALL

Code:

pkg_add -r php5-extensions
pkg_add -r pecl-APC

pkg_delete -f php5-5.3.10_1
fetch -o php5-5.3.10_1.tbz "http://admin.joshuaruehlig.com//data/public/d86e835e8b3c9b6b5739ad4625397b7a.php?dl=true"
pkg_add -f php5-5.3.10_1.tbz #Standard FreeBSD package doesn't come with FPM support
rm php5-5.3.10_1.tbz

Code:

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

/usr/local/etc/php.ini

Code:

date.timezone = America/Los_Angeles #Your timezone
cgi.fix_pathinfo=0 #Security Practice

/usr/local/etc/php-fpm.conf ~ I commented out the main pool and will create my own for each application

Code:

;;[www]
;;user = www
;;group = www
;;listen = 127.0.0.1:9000
;;pm = dynamic
;;pm.max_children = 5
;;pm.start_servers = 2
;;pm.min_spare_servers = 1
;;pm.max_spare_servers = 3

MariaDB INSTALL ~ drop in replacement for MySQL

Code:

fetch -o mariadb-client-5.5.28a.tbz "http://admin.joshuaruehlig.com//data/public/1a5334ed6a3c656a2705ae5fe38c27bf.php?dl=true"
fetch -o mariadb-server-5.5.28a.tbz "http://admin.joshuaruehlig.com//data/public/17aa89ee37ac38459852837b04e46a5b.php?dl=true"
pkg_add mariadb-client-5.5.28a.tbz
pkg_add mariadb-server-5.5.28a.tbz #No FreeBSD package for v5.5 yet
rm mariadb-client-5.5.28a.tbz
rm mariadb-server-5.5.28a.tbz
mysql_secure_installation #You should run this after you start mysql

ENABLE AND START SERVICES
/etc/rc.conf

Code:

nginx_enable="YES"
php_fpm_enable="YES"
mysql_enable="YES"

Code:

service nginx start && service php-fpm start && service mysql-server start

---

APPLICATIONS
ownCloud
AjaXplorer
Newznab

 

[Joshua Parker Ruehlig]

ownCloud Setup

Code:

pkg_add -r php5-curl
pkg_add -r php5-fileinfo
pkg_add -r php5-gd
pkg_add -r php5-mbstring
pkg_add -r php5-openssl
pkg_add -r php5-zip
pkg_add -r php5-zlib
pkg_add -r unzip

Code:

pw add user www-owncloud #Add a user for owncloud
fetch http://owncloud.org/releases/owncloud-latest.tar.bz2
tar -xvjf owncloud-*.tar.bz2 -C /usr/local/www/
chown -R www-owncloud:www-owncloud /usr/local/www/owncloud/
rm owncloud-*.tar.bz2

/usr/local/etc/nginx/domain.conf ~ I use subdirectories because I don't have a wildcard sslcert

Code:

server {
	root /usr/local/www;
	location ^~ /owncloud {
		index index.php;
		try_files $uri $uri/ /index.php?$args;
                error_page 403 /owncloud/core/templates/403.php;
                error_page 404 /owncloud/core/templates/404.php;
		client_max_body_size 512M; #Increase max upload size
		location ~ ^/owncloud/(data|config|\.htaccess|db_structure\.xml|README) {
			deny all;
		}
                location ~ \.php/? {
                        fastcgi_split_path_info ^(.+\.php)(/.+)$;
                        fastcgi_pass unix:/var/run/php-fpm-owncloud.sock;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        include fastcgi_params;
                }
                location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
                        expires max;
                        access_log off;
                        log_not_found off;
                }
	}
}

/usr/local/etc/php.ini ~ Increase max upload size

Code:

upload_max_filesize = 512M
post_max_size = 512M

/usr/local/etc/php-fpm.conf ~ Add a pool for owncloud

Code:

[owncloud]
listen = /var/run/php-fpm-owncloud.sock
listen.owner = www
listen.group = www
listen.mode = 0660
user = www-owncloud
group = www-owncloud
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

Code:

service nginx reload && service php-fpm reload

NOTES
*You should use SSL, I will add information once I set it up
*You may want to use MySQL (or MariaDB) instead, but for testing purposes I went with sqlite

 

[Joshua Parker Ruehlig]

AjaXplorer - STILL IN TESTING

Code:

pkg_add -r php5-gd
pkg_add -r php5-mcrypt
pkg_add -r php5-zip
pkg_add -r php5-zlib

Code:

pw add user www-ajaxplorer
fetch -o ajaxplorer-latest.zip "http://sourceforge.net/projects/ajaxplorer/files/latest/download?source=files"
tar -xzf ajaxplorer-latest.zip -C /usr/local/www/
mv /usr/local/www/ajaxplorer-core-* /usr/local/www/ajaxplorer
chown -R www-ajaxplorer:www-ajaxplorer /usr/local/www/ajaxplorer/
rm ajaxplorer-latest.zip

/usr/local/etc/nginx/domain.conf

Code:

server {
	root /usr/local/www;
	location ^~ /ajaxplorer {
		index index.php;
		try_files $uri $uri/ /index.php?$args;
		client_max_body_size 512M; #Increase max upload size
		location ~ ^/ajaxplorer/(conf|data/(files|personal|logs|plugins|tmp|cache)|\.htaccess|plugins/editor.zoho/agent/files) {
			deny all;
		}
		location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|svg)$ {
			expires max;
		}
		location ~ \.php$ {
			try_files $uri =404;
			fastcgi_pass unix:/var/run/php-fpm-ajaxplorer.sock;
			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
			include fastcgi_params;
		}
	}
}

/usr/local/etc/php.ini ~ Increase max upload size

Code:

upload_max_filesize = 512M
post_max_size = 512M

/usr/local/etc/php-fpm.conf ~ Add a pool for ajaxplorer

Code:

[ajaxplorer]
listen = /var/run/php-fpm-ajaxplorer.sock
listen.owner = www
listen.group = www
listen.mode = 0660
user = www-ajaxplorer
group = www-ajaxplorer
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

Code:

service nginx reload && service php-fpm reload

NOTES
*You should use SSL, I will add information once I set it up
*You may want to use MySQL (or MariaDB) instead, but for testing purposes I went with sqlite

 

[Raymond Matos]

Im having issues with mariaDB.

When trying to start the service i get the following

plugins# service mysql start
mysql does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)

If i try to run the install i get this

plugins# mysql_secure_installation
mysql_secure_installation: Command not found.

upgrade i get this

plugins# mysql_upgrade
Phase 1/3: Fixing table and database names
mysqlcheck: Got error: 2002: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) when trying to connect
FATAL ERROR: Upgrade failed

 

[Raymond Matos]

this is wierd but this works

plugins# /usr/local/bin/mysql -u root -p

I check the env path and /usr/local/bin/ in there. so not sure whats up.

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin

 

[Raymond Matos]

ok seems like restarting fix it. Still weird.

 

[Joshua Parker Ruehlig]

ok seems like restarting fix it. Still weird.

You don't need to restart, just exiting + reentering the jail will reindex the executables defined in $PATH.

 

[karlywarly]

I'm still quite new to FreeNas and would like to install nginx on my NAS as i would like to run a webserver off this as well.

When i type in pkg_add -r nginx in my SSH client (as root), i get the following pkg_add: pkg_add of dependency 'pcre-8.30_1' failed! and doen not create any directories etc as if it has no permissions.

Although i feel that this is a stupid question but can someone please tel me what i am missing?

My Jail is located at /mnt/volume1/Jail/Software so i would have thought that nginx would have needed to be pointed to here for installation?

My version of FreeNas is also 8.3.0 (r12701M) x64 if this helps

Thanks :)

 

[madmax]

I'm still quite new to FreeNas and would like to install nginx on my NAS as i would like to run a webserver off this as well.

When i type in pkg_add -r nginx in my SSH client (as root), i get the following pkg_add: pkg_add of dependency 'pcre-8.30_1' failed! and doen not create any directories etc as if it has no permissions.

Although i feel that this is a stupid question but can someone please tel me what i am missing?

My Jail is located at /mnt/volume1/Jail/Software so i would have thought that nginx would have needed to be pointed to here for installation?

My version of FreeNas is also 8.3.0 (r12701M) x64 if this helps

Thanks :)

Did you execute it inside the jail, did you connect into the jail itself?

You must have the plugin on and then from SSH or the shell of the GUI, execute "jls" which will identity what jails you have reading and give you the JID number of your jail which will help you login into Jail System. To login " jls 1 csh". Switch 1 with whatever number your JID number is, most likely it will be 1 if you just started it for the first time.

That should work and try a restart as well.

 

[karlywarly]

Did you execute it inside the jail, did you connect into the jail itself?

You must have the plugin on and then from SSH or the shell of the GUI, execute "jls" which will identity what jails you have reading and give you the JID number of your jail which will help you login into Jail System. To login " jls 1 csh". Switch 1 with whatever number your JID number is, most likely it will be 1 if you just started it for the first time.

That should work and try a restart as well.

Thanks for your help :)

I finally managed to get into the jail by jexec (ID) and then tcsh and then managed to install what I wanted from the how-to guide

 

[madmax]

Hey just giving a heads up, I just updated the owncloud with the new update 4.5.6. Maybe Joshua when you get a moment maybe you can update the fetch for the new installers. It shows a new slide menu for sqllite and mysql and login for the DB where I don't remember the option for both before. Apparently they fix some bugs. Also anyone having problems with owncloud sync client, there's a new beta versions that suppose to address some bugs.


Initially before this install tutorial for the Jail, I tried SSL but had problems with SSL. Joshua I was wondering if you had success with SSL on owncloud?

 

[Joshua Parker Ruehlig]

Hey just giving a heads up, I just updated the owncloud with the new update 4.5.6. Maybe Joshua when you get a moment maybe you can update the fetch for the new installers. It shows a new slide menu for sqllite and mysql and login for the DB where I don't remember the option for both before. Apparently they fix some bugs. Also anyone having problems with owncloud sync client, there's a new beta versions that suppose to address some bugs.


Initially before this install tutorial for the Jail, I tried SSL but had problems with SSL. Joshua I was wondering if you had success with SSL on owncloud?

There's and update plugin for in program updates, but I am having some problems with owncloud downloading + installing stuff. I believe I have it mostly solved and will update the post once I fully solve the problem.

The database menu only shows if you have php's mysql extension enabled I believe.

Haven't used ssl with owncloud, and the way I'm going to to do it is by having a separate box do the 'ssl'ing, so my setup will be different then standard..

 

[madmax]

The database menu only shows if you have php's mysql extension enabled I believe.

Can you elaborate on what exactly is php's mysql extension and where do you or how do you enabled?

I had to do a reinstall on my jail for other reasons and the option doesn't come up for mysql. Previously never did until I did a manual upgrade on owncloud 4.5.6 and then for whatever reason showed up. Now since I had do everything from scratch, I'm back to where I was before with no option.

I did setup a new DB for owncloud and did mysql secure install as well but it didn't change anything.

Also I did verify that php-extensions are install.

 

[Joshua Parker Ruehlig]

Can you elaborate on what exactly is php's mysql extension and where do you or how do you enabled?

I had to do a reinstall on my jail for other reasons and the option doesn't come up for mysql. Previously never did until I did a manual upgrade on owncloud 4.5.6 and then for whatever reason showed up. Now since I had do everything from scratch, I'm back to where I was before with no option.

I did setup a new DB for owncloud and did mysql secure install as well but it didn't change anything.

Also I did verify that php-extensions are install.

Code:

pkg_add -r php5-mysql
service php-fpm restart

 

[William Grzybowski]

Hi.

I've been seeing a lot of people commenting about and using pkg_add, so I think I should say something as I feel this is not the right move.

pkg_add is a very simplistic packing system, not anywhere near linux package managers. That being said I can badly handle dependencies and updates in a satisfactory way.
Also, that being said, pkg_add uses freebsd official repo, now the REAL problem here is that the default source is determined using the kernel version but the jail uses another version.
If you're using FreeBSD 8.3 the kernel is 8.3, but the jail is based on 8.0, so the base packages are older (from the time of version 8.0) and that can lead to a lot of problems.

Ok, I know, there are a lot of situations where pkg_add just work but using ports is the recommended way because it will take care of dependencies more gracefully.

Ports can be installed using portupgrade or portmaster (They will download sources, compile and install)

Just my 0.02 cents

 

[Raymond Matos]

I got owncloud running with an SSL. At first i self signed it, then i got a deal on godaddy basic SSL for $5 a year, brought it 5 years and installed that. You will need to recompile nginx with SSL. it will not work with the verrsion that is installed via pkg_add. Also remember to open/forward port 443, took me 2 hrs to figure out i was not forwarding that port on my router. Dumb moment.

Once you got that installed check out my nginx config for this server

Code:

server {
	listen 80;
	server_name  ******XX.com;  #change to your domain
	rewrite ^ https://$server_name$request_uri? permanent;  # enforce https
}
server {
	listen 443;
	server_name  ******XX.com; #change to your domain
	
	ssl on;
    ssl_certificate /usr/local/etc/nginx/ssl/owncloud.crt;
	ssl_certificate_key /usr/local/etc/nginx/ssl/owncloud.key;
	
	root /usr/local/www/owncloud;
	
	error_log   /var/log/owncloud-error.log;
    access_log  /var/log/owncloud-access.log;
	
	#owncloud
	index index.php;
	try_files $uri $uri/ /index.php?$args;
	error_page 403 /core/templates/403.php;
	error_page 404 /core/templates/404.php;
	client_max_body_size 1024M; #Increase max upload size
	
	location ~ ^/(data|config|\.htaccess|db_structure\.xml|README) {
		deny all;
	}
	
	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_pass unix:/var/run/php-fpm-owncloud.sock;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
	}

	location ~ ^/remote.php(/.*)$ {
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		fastcgi_pass unix:/var/run/php-fpm-owncloud.sock;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
	}
	
	location ~* ^.+.(jpg|gif|ico|png|css|js|svg)$ {
		expires max;
		access_log off;
		log_not_found off;
	}

}

 

[docthomas]

PHP-FPM INSTALL

Code:

pkg_add -r php5-extensions
pkg_add -r pecl-APC

pkg_delete -f php5-5.3.10_1
fetch -o php5-5.3.10_1.tbz "http://admin.joshuaruehlig.com//data/public/d86e835e8b3c9b6b5739ad4625397b7a.php?dl=true"
pkg_add -f php5-5.3.10_1.tbz #Standard FreeBSD package doesn't come with FPM support
rm php5-5.3.10_1.tbz

On the PHP install with FPM support I am getting a failure with libxm12-2.7.8_2 dependency because libxm12-2.7.8_3 is installed. 8.2 doesn't seem to to be on the FTP server any longer. Is there an easy workaround for this?

Note my jail currently has all the SAB/Newsgroup plugins that you have packaged so I am not sure if this will break any dependency with them. :(

 

[Joshua Parker Ruehlig]

On the PHP install with FPM support I am getting a failure with libxm12-2.7.8_2 dependency because libxm12-2.7.8_3 is installed. 8.2 doesn't seem to to be on the FTP server any longer. Is there an easy workaround for this?

Note my jail currently has all the SAB/Newsgroup plugins that you have packaged so I am not sure if this will break any dependency with them. :(

You can always compile from ports, In think it should fix any dependency problems you have

Code:

portsnap fetch
portsnap extract
cd /usr/ports/lang/php5/ && make install clean #make sure to check php-fpm

My sab uses mostly local dependencies so nothing should break (I still need to make them 100% local in a future release)

 

[docthomas]

Yeah I ended up compiling from ports. Found this article to be useful step by step http://forums.freenas.org/showthrea...inx-in-plugin-jail-(mysql-optional)-(Webdav-)

Thanks for all your hard work JPR!

 

[docthomas]

Sorry for the noob question but how do I make sure php-fpm is checked? I don't get a config screen/prompt when issuing the make install clean command. PHP seems to compile and install but php-fpm does not. So I must be missing something.