freebsd_nginx_backuppc
Differences
This shows you the differences between two versions of the page.
|
freebsd_nginx_backuppc [2018/04/03 20:30] k2patel [Outgoing Mail] |
freebsd_nginx_backuppc [2020/08/10 02:35] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== freebsd + nginx + backuppc ====== | ||
| - | |||
| - | My current installation is inside JAIL, inside freenas.\\ | ||
| - | Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup. | ||
| - | |||
| - | Note: For Linux RHEL Based installation look ([[https://wiki.k2patel.in/doku.php?id=centos_nginx_backuppc4.x | here ]]) | ||
| - | ===== Installation ===== | ||
| - | Installing packages required.\\ | ||
| - | |||
| - | <code bash> | ||
| - | pkg install nginx | ||
| - | pkg install rrdtool | ||
| - | pkg install fcgiwrap | ||
| - | </code> | ||
| - | |||
| - | I've built backuppc4, because i needed to choose more options than default.\\ | ||
| - | But you can install using command | ||
| - | <code bash> | ||
| - | cd /usr/ports/sysutils/backuppc4/ | ||
| - | make config # Select options you want to install | ||
| - | make -j4 | ||
| - | make install | ||
| - | </code> | ||
| - | |||
| - | ===== Configuration ===== | ||
| - | ==== Backuppc ==== | ||
| - | Enable backuppc daemon | ||
| - | <code bash> | ||
| - | sysrc backuppc_enable=YES | ||
| - | </code> | ||
| - | |||
| - | ==== FCGI ==== | ||
| - | Running Nginx going to use fcgiwrap package instead of CGI. | ||
| - | Enable wrapper in rc.conf. | ||
| - | <code bash /etc/rc.conf> | ||
| - | fcgiwrap_enable="YES" | ||
| - | fcgiwrap_profiles="main" | ||
| - | fcgiwrap_socket_owner="www" | ||
| - | fcgiwrap_main_socket="unix:/var/run/fcgiwrap/fcgiwrap.socket" | ||
| - | fcgiwrap_main_user="backuppc" | ||
| - | </code> | ||
| - | |||
| - | ==== NGINX ==== | ||
| - | Enable nginx after system reboot and allow it to run. | ||
| - | <code bash> | ||
| - | sysrc nginx_enable=YES | ||
| - | </code> | ||
| - | |||
| - | Configuring nginx to work with fcgiwrap. | ||
| - | <WRAP prewrap> | ||
| - | <code bash /usr/local/etc/nginx/nginx.conf> | ||
| - | worker_processes 1; | ||
| - | |||
| - | events { | ||
| - | worker_connections 1024; | ||
| - | } | ||
| - | |||
| - | http { | ||
| - | include mime.types; | ||
| - | default_type application/octet-stream; | ||
| - | |||
| - | sendfile on; | ||
| - | |||
| - | keepalive_timeout 65; | ||
| - | |||
| - | gzip on; | ||
| - | |||
| - | server { | ||
| - | listen 80; | ||
| - | server_name <hostname>; | ||
| - | |||
| - | return 302 https://<hostname>$request_uri; | ||
| - | |||
| - | } | ||
| - | |||
| - | server { | ||
| - | listen 443 ssl http2; | ||
| - | server_name <hostname>; | ||
| - | |||
| - | ssl on; | ||
| - | ssl_certificate /usr/local/etc/nginx/ssl/<domain>.crt; | ||
| - | ssl_certificate_key /usr/local/etc/nginx/ssl/<domain>.key; | ||
| - | ssl_trusted_certificate /usr/local/etc/nginx/ssl/<domain>.ca; | ||
| - | |||
| - | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) | ||
| - | add_header Strict-Transport-Security max-age=15768000; | ||
| - | |||
| - | # OCSP Stapling --- | ||
| - | # fetch OCSP records from URL in ssl_certificate and cache them | ||
| - | ssl_stapling on; | ||
| - | ssl_stapling_verify off; | ||
| - | |||
| - | # modern configuration. tweak to your needs. | ||
| - | ssl_protocols TLSv1.2; | ||
| - | ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; | ||
| - | ssl_prefer_server_ciphers on; | ||
| - | |||
| - | ssl_session_timeout 1d; | ||
| - | ssl_session_cache shared:SSL:50m; | ||
| - | ssl_session_tickets off; | ||
| - | |||
| - | add_header Strict-Transport-Security max-age=63072000; | ||
| - | add_header X-Frame-Options DENY; | ||
| - | add_header X-Content-Type-Options nosniff; | ||
| - | |||
| - | error_page 500 502 503 504 /50x.html; | ||
| - | location = /50x.html { | ||
| - | root /usr/local/www/nginx-dist; | ||
| - | } | ||
| - | |||
| - | access_log /var/log/nginx/backuppc.access.log; | ||
| - | error_log /var/log/nginx/backuppc.error.log; | ||
| - | |||
| - | location / { | ||
| - | auth_basic "Backup"; | ||
| - | auth_basic_user_file /usr/local/etc/nginx/backuppc.users; | ||
| - | root /usr/local/www; | ||
| - | return 302 http://<hostname>/cgi-bin/BackupPC_Admin; | ||
| - | index BackupPC.html; | ||
| - | } | ||
| - | |||
| - | location /backuppc { | ||
| - | alias /usr/local/www/backuppc; | ||
| - | index BackupPC.html; | ||
| - | } | ||
| - | |||
| - | #location ~\.cgi$ { | ||
| - | location ~ ^/cgi-bin/BackupPC_Admin(/|$) { | ||
| - | auth_basic "Backup"; | ||
| - | auth_basic_user_file /usr/local/etc/nginx/backuppc.users; | ||
| - | gzip off; | ||
| - | include /usr/local/etc/nginx/fastcgi_params; | ||
| - | fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.socket; | ||
| - | |||
| - | fastcgi_param REMOTE_ADDR $remote_addr; | ||
| - | fastcgi_param REMOTE_USER $remote_user; | ||
| - | fastcgi_param SCRIPT_FILENAME /usr/local/www/cgi-bin/BackupPC_Admin; | ||
| - | } | ||
| - | |||
| - | location ~ /\.ht { | ||
| - | deny all; | ||
| - | } | ||
| - | } | ||
| - | } | ||
| - | </code> | ||
| - | </WRAP> | ||
| - | |||
| - | ===== Outgoing Mail ===== | ||
| - | In order to send notice and mail from backuppc i configured sendonly mail 'ssmtp'.\\ | ||
| - | |||
| - | **installation:** | ||
| - | <code bash> | ||
| - | pkg install ssmtp | ||
| - | </code> | ||
| - | |||
| - | **Configuration:** | ||
| - | This is simple but few points to remember: | ||
| - | - It does not use /etc/aliases | ||
| - | - change your mail configuration | ||
| - | - You have to configure your aliases in `/usr/local/etc/ssmtp/revaliases` | ||
| - | - mail command does not read these aliases | ||
| - | |||
| - | <code bash /usr/local/etc/ssmtp/revaliases (optional)> | ||
| - | # Alias look like this | ||
| - | root:k2patel@hotmail.com:smtp.k2patel.in | ||
| - | </code> | ||
| - | |||
| - | <code bash /usr/local/etc/ssmtp/ssmtp.conf> | ||
| - | # This is simplified version of my configuraiton | ||
| - | root=k2patel@hotmail.com | ||
| - | mailhub=smtp.k2patel.in | ||
| - | rewriteDomain=backup.k2patel.in | ||
| - | hostname=_HOSTNAME_ | ||
| - | </code> | ||
| - | |||
| - | <code bash /etc/mail/mailer.conf> | ||
| - | # this is what my mailer.conf file looks like | ||
| - | sendmail /usr/local/sbin/ssmtp | ||
| - | send-mail /usr/local/sbin/ssmtp | ||
| - | mailq /usr/local/sbin/ssmtp | ||
| - | newaliases /usr/local/sbin/ssmtp | ||
| - | hoststat /usr/bin/true | ||
| - | purgestat /usr/bin/true | ||
| - | </code> | ||
| - | |||
| - | <code bash /etc/mail.rc> | ||
| - | # this change does not require, unless you want to send email using mail command and want aliases to work | ||
| - | set append dot save ask crt | ||
| - | ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via | ||
| - | alias root backup@k2patel.in | ||
| - | </code> | ||
| - | ===== Troubleshooting ===== | ||
| - | - If there is any issue related to fcgiwrap | ||
| - | - Check permission of '/var/run/fcgiwrap/fcgiwrap.socket', it should be owned by 'www'. | ||
| - | - Creating user for nginx '/usr/local/etc/nginx/backuppc.users' | ||
| - | - openssl passwd -apr1 | ||
freebsd_nginx_backuppc.txt ยท Last modified: 2020/08/10 02:35 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
