GitLab on FreeBSD 10

This tutorial by Charles Newey shows us how to install GitLab on FreeBSD 10.

Original post: https://blog.assemblyco.de/installing-gitlab-on-freebsd-10/

gitlab_0This is essentially a record of how I installed and configured GitLab 7.6 on my FreeBSD server. Mileage with this guide may vary of course; different configurations of FreeBSD on different hardware and with different packages may introduce other unexpected issues. To make full use of this guide, I suggest reading the official GitLab installation guide fully before attempting anything in here.

1. Update system

pkg update  
pkg upgrade  

2. Install dependencies

Install system packages:

pkg install sudo bash icu cmake pkgconf git nginx ruby ruby20-gems logrotate redis postgresql94-server postfix krb5  

Install bundler gem system-wide:

gem install bundler --no-ri --no-rdoc  

Add this to /etc/rc.conf:

# Core services
sshd_enable="YES"  
ntpd_enable="YES"  
ntpd_sync_on_start="YES"

# GitLab services
redis_enable="YES"  
postgresql_enable="YES"  
gitlab_enable="YES"

# Web server
nginx_enable="YES"

# Postfix/Sendmail
postfix_enable="YES"  
sendmail_enable="NO"  
sendmail_submit_enable="NO"  
sendmail_outbound_enable="NO"  
sendmail_msp_queue_enable="NO"  

3. Create git user for GitLab

[Read more…]

FreeBSD-SA-15:06.openssl – Multiple OpenSSL vulnerabilities

Original post: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:06.openssl.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-15:06.openssl Security Advisory
The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib
Module: openssl
Announced: 2015-03-19; Last revised on 2015-03-20.
Affects: All supported versions of FreeBSD.
Corrected: 2015-03-20 07:11:20 UTC (stable/10, 10.1-STABLE)
2015-03-20 07:12:02 UTC (releng/10.1, 10.1-RELEASE-p8)
2015-03-20 07:11:20 UTC (stable/9, 9.3-STABLE)
2015-03-20 07:12:02 UTC (releng/9.3, 9.3-RELEASE-p12)
2015-03-20 07:11:20 UTC (stable/8, 8.4-STABLE)
2015-03-20 07:12:02 UTC (releng/8.4, 8.4-RELEASE-p26)
CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,
CVE-2015-0289, CVE-2015-0293

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

0. Revision history

v1.0 2015-03-19 Initial release.
v1.1 2015-03-20 Reverted a portion of change that should not belong to the
advisory and did not end up in the final OpenSSL release.
The patch is also revised to include fixes for
CVE-2015-0209 and CVE-2015-0288.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

Abstract Syntax Notation One (ASN.1) is a standard and notation that
describes rules and structures for representing, encoding, transmitting,
and decoding data in telecommunications and computer networking, which
enables representation of objects that are independent of machine-specific
encoding technique.

II. Problem Description
 [Read more...]

Install Tomcat 8 In FreeBSD 10/10.1

In this tutorial, user M.el Khamlichi shows us how to set up Tomcat 8 on FreeBSD 10/10.1.

Original post: http://www.unixmen.com/install-tomcat-7-freebsd-9-3/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+unixmenhowtos+%28Unixmen+Howtos+%26+Tutorials%29

Tomcat

From Wikipedia,

Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation (ASF). Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a pure Java HTTP web server environment for Java code to run in. In the simplest config Tomcat runs in a single operating system process. The process runs a Java virtual machine (JVM). Every single HTTP request from a browser to Tomcat is processed in the Tomcat process in a separate thread.

My testbox details:

root@Freebsd-unixmen:~ # uname -a
FreeBSD Freebsd-unixmen 10.1-RELEASE-p6 FreeBSD 10.1-RELEASE-p6 #0: Tue Feb 24 19:00:21 UTC 2015 

root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
root@Freebsd-unixmen:~

This article has been edited from old article about install apache 7 on freebsd 9.3

Install Tomcat 8 In FreeBSD 10

I was trying to install from the ports (/usr/ports/www/tomcat7 ) then i got many issues, finally i stopped the installation and started with the pkg tool.

Now, lets start:

root@Freebsd-unixmen:~ # pkg   install tomcat8
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
Fetching packagesite.txz: 100%    5 MiB 486.0kB/s    00:11    
Processing entries: 100%
FreeBSD repository update completed. 24086 packages processed
The following 5 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        tomcat8: 8.0.18
        openjdk: 7.76.13_1,1
        java-zoneinfo: 2015.a
        javavmwrapper: 2.5
        jakarta-commons-daemon: 1.0.15

The process will require 165 MiB more space.
57 MiB to be downloaded.

Proceed with this action? [y/N]:

Configuration

[Read more…]

Running FreeBSD on the server: a sysadmin speaks

of iTWire interviews longtime FreeBSD user and sysadmin Allan Jude about the use of FreeBSD on  the server.

Original post: http://www.itwire.com/business-it-news/open-source/67420-running-freebsd-on-the-server-a-sysadmin-speaks

Running FreeBSD on the server: a sysadmin speaks

For years now, Linux has been all the rage. But in recent times, there have been murmurings among some veterans — long-time users — after the introduction of systemd, the init system that seems to overstep its boundaries.

And this talk is all about the old UNIX culture, the way one utility or application is used to do a job, do it well, and hand over the output to a second utility to process. Linux, in short, is becoming something like a Swiss army knife — complicated — and there has been talk of switching to an alternative. This is where FreeBSD comes in.Some time back, iTWire discussed the possibility of PC-BSD being used on the desktop instead of Linux. PC-BSD is more or less the same as FreeBSD; in the words of Kris Moore, it has “a vanilla FreeBSD kernel/world with some unique installation options and a slew of graphical or command-line utilities to make FreeBSD on the desktop ‘easy’.”

But Linux is more widely used on the server, where FreeBSD can be a more than adequate replacement. To get an idea of the strengths and weaknesses of this operating system, iTWire interviewed Allan Jude, the vice-president of operations at ScaleEngine, a global HTTP and video streaming content distribution network; he makes extensive use of the ZFS filesystem on FreeBSD.

Jude (pictured above) is also the host of the video podcasts BSD Now (with Moore) and TechSNAP on JupiterBroadcasting.com.A FreeBSD committer, Jude is focused on documenting ZFS and further improving the manageability of FreeBSD. He taught FreeBSD and NetBSD administration at Mohawk College in Hamilton, Canada from 2007-2010 and has 12 years of experience as a systems administrator of BSD UNIX systems.And above all, he communicates using language that any layman can understand.

iTWire: Why would you recommend FreeBSD over other server operating systems?

[Read more…]

CARP on FreeBSD 10

This tutorial by user weirdbricks shows us how to get CARP set up on FreeBSD 10.

Original post: http://lampros.chaidas.com/index.php/2015/03/22/carp-on-freebsd-10/

Some quick notes on setting up CARP on FreeBSD.

Most of this is based on the FreeBSD Handbook page

1. Add the carp kernel module – edit the file /boot/loader.conf and add the line

carp_load="YES"

^ Make sure that this is done on all hosts

To load the module without rebooting:

kldload carp

2. Then on the host you want to act as the master edit the /etc/rc.conf and add:

hostname="freebsd10-master"
ifconfig_em0="inet 192.168.2.21 netmask 255.255.255.0"
ifconfig_em0_alias0="inet 192.168.2.50/32 vhid 100 advskew 100 pass lampros"
defaultrouter="192.168.2.1"

In the above the 192.168.2.50 is going to be the “floating IP” address.

3. On the host you want to act as a backup:

[Read more…]

bsdtalk251 – Verisign and FreeBSD

Bsdtalk podcast discussing Verisign and FreeBSD.

bsdtalk-smA talk from vBSDCon in 2013 titled Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon

File info: 47Min, 22MB

Original post: http://bsdtalk.blogspot.com/2015/03/bsdtalk252-devious-with-brian-callahan.html

GhostBSD 10.1 Alpha 2 now available

The developers of GhostBSD have released their second alpha for version 10.1.

 ghostbsd_2I am pleased to announce the availability the second ALPHA build of the 10.1-RELEASE Release cycle which is available on SourceForge for the amd64 and i386 architectures.

Changes and fix between 10.1-ALPHA1 and 10.1-ALPHA2 include:

  • The PCDM theme file as been fixed which was creating blinking black screen.
  • Macro windows decoration has been fixed.
  • The installer GPT partition problem has been found and fixed in pc-sysintall.
  • Some installer text error has been fix.
  • The user shell selection has been fix from the last change to have csh by default since fish have a bug from the ports.

Where to download:

The image checksums, ISO images and USB images are available here:

http://www.ghostbsd.org/download-10.1

Important info

Please be aware that this release provides beta tester and developers with a system to test out new features for the upcoming release. This release may contain buggy code and features, so we encourage you to run it only on non-critical systems.

We encourage you to use our new issue system build with MantisBT http://issues.ghostbsd.org/main_page.php.

Note: Developers can’t fix problems that we are not aware and can’t reproduce; if you report a problem give us a detailed reports that we can reproduce the problem.

Thank you for using GhostBSD and have a lot of fun beta testing GhostBSD!

Eric Turgeon

Development’s News

Original link: http://ghostbsd.org/10.1-alpha2

Setting up FreeBSD and jails on Azure – part 1: networking

This tutorial by user Gianugo shows us how to set up FreeBSD jails on the Microsoft Azure platform.

Original post: http://www.boldlyopen.com/2015/03/17/setting-up-freebsd-and-jails-on-azure-part-1-networking/

azureI set up this blog on Azure as an excuse to play with the new FreeBSD VM Depot image, learn more about jails and write the occasional blog post about random stuff. I took extensive notes while at it and I will be posting them here for future reference and to help the occasional search engine user.

I will skip all the clicking through that can easily get to a running FreeBSD VM in Azure. There is tons of FreeBSD documentation, including specific Azure tutorials that my team and others have written. I am lazy, so I will just point out specific Azure differences and how to take care of them.

A word of caution: please don’t consider what you read here to be authoritative. I’m doing this for fun and my free time is what it is, so don’t think I researched this stuff thoroughly. It worked for me and seems to be still working as I write this – that’s all I needed.

Let’s start with networking. Every public cloud has their own approach, and Azure is no different. Two things to remember about Azure IP management:

[Read more…]

pfSense 2.2.1 RELEASE Now Available

The developers of pfSense have made available version 2.2.1 RELEASE.

Original post: https://blog.pfsense.org/?p=1661

pfSensepfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.

Security Fixes

A note on the OpenSSL “FREAK” vulnerability:

  • Does not affect the web server configuration on the firewall as it does not have export ciphers enabled.
  • pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability.
  • If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details.

[Read more…]