This shows you the differences between two versions of the page.
freebsd_nginx_backuppc [2018/04/03 20:30] k2patel [Outgoing Mail] |
freebsd_nginx_backuppc [2020/08/10 02:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== freebsd + nginx + backuppc ====== | ||
- | |||
- | My current installation is inside JAIL, inside freenas.\\ | ||
- | Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup. | ||
- | |||
- | Note: For Linux RHEL Based installation look ([[https://wiki.k2patel.in/doku.php?id=centos_nginx_backuppc4.x | here ]]) | ||
- | ===== Installation ===== | ||
- | Installing packages required.\\ | ||
- | |||
- | <code bash> | ||
- | pkg install nginx | ||
- | pkg install rrdtool | ||
- | pkg install fcgiwrap | ||
- | </code> | ||
- | |||
- | I've built backuppc4, because i needed to choose more options than default.\\ | ||
- | But you can install using command | ||
- | <code bash> | ||
- | cd /usr/ports/sysutils/backuppc4/ | ||
- | make config # Select options you want to install | ||
- | make -j4 | ||
- | make install | ||
- | </code> | ||
- | |||
- | ===== Configuration ===== | ||
- | ==== Backuppc ==== | ||
- | Enable backuppc daemon | ||
- | <code bash> | ||
- | sysrc backuppc_enable=YES | ||
- | </code> | ||
- | |||
- | ==== FCGI ==== | ||
- | Running Nginx going to use fcgiwrap package instead of CGI. | ||
- | Enable wrapper in rc.conf. | ||
- | <code bash /etc/rc.conf> | ||
- | fcgiwrap_enable="YES" | ||
- | fcgiwrap_profiles="main" | ||
- | fcgiwrap_socket_owner="www" | ||
- | fcgiwrap_main_socket="unix:/var/run/fcgiwrap/fcgiwrap.socket" | ||
- | fcgiwrap_main_user="backuppc" | ||
- | </code> | ||
- | |||
- | ==== NGINX ==== | ||
- | Enable nginx after system reboot and allow it to run. | ||
- | <code bash> | ||
- | sysrc nginx_enable=YES | ||
- | </code> | ||
- | |||
- | Configuring nginx to work with fcgiwrap. | ||
- | <WRAP prewrap> | ||
- | <code bash /usr/local/etc/nginx/nginx.conf> | ||
- | worker_processes 1; | ||
- | |||
- | events { | ||
- | worker_connections 1024; | ||
- | } | ||
- | |||
- | http { | ||
- | include mime.types; | ||
- | default_type application/octet-stream; | ||
- | |||
- | sendfile on; | ||
- | |||
- | keepalive_timeout 65; | ||
- | |||
- | gzip on; | ||
- | |||
- | server { | ||
- | listen 80; | ||
- | server_name <hostname>; | ||
- | |||
- | return 302 https://<hostname>$request_uri; | ||
- | |||
- | } | ||
- | |||
- | server { | ||
- | listen 443 ssl http2; | ||
- | server_name <hostname>; | ||
- | |||
- | ssl on; | ||
- | ssl_certificate /usr/local/etc/nginx/ssl/<domain>.crt; | ||
- | ssl_certificate_key /usr/local/etc/nginx/ssl/<domain>.key; | ||
- | ssl_trusted_certificate /usr/local/etc/nginx/ssl/<domain>.ca; | ||
- | |||
- | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) | ||
- | add_header Strict-Transport-Security max-age=15768000; | ||
- | |||
- | # OCSP Stapling --- | ||
- | # fetch OCSP records from URL in ssl_certificate and cache them | ||
- | ssl_stapling on; | ||
- | ssl_stapling_verify off; | ||
- | |||
- | # modern configuration. tweak to your needs. | ||
- | ssl_protocols TLSv1.2; | ||
- | ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; | ||
- | ssl_prefer_server_ciphers on; | ||
- | |||
- | ssl_session_timeout 1d; | ||
- | ssl_session_cache shared:SSL:50m; | ||
- | ssl_session_tickets off; | ||
- | |||
- | add_header Strict-Transport-Security max-age=63072000; | ||
- | add_header X-Frame-Options DENY; | ||
- | add_header X-Content-Type-Options nosniff; | ||
- | |||
- | error_page 500 502 503 504 /50x.html; | ||
- | location = /50x.html { | ||
- | root /usr/local/www/nginx-dist; | ||
- | } | ||
- | |||
- | access_log /var/log/nginx/backuppc.access.log; | ||
- | error_log /var/log/nginx/backuppc.error.log; | ||
- | |||
- | location / { | ||
- | auth_basic "Backup"; | ||
- | auth_basic_user_file /usr/local/etc/nginx/backuppc.users; | ||
- | root /usr/local/www; | ||
- | return 302 http://<hostname>/cgi-bin/BackupPC_Admin; | ||
- | index BackupPC.html; | ||
- | } | ||
- | |||
- | location /backuppc { | ||
- | alias /usr/local/www/backuppc; | ||
- | index BackupPC.html; | ||
- | } | ||
- | |||
- | #location ~\.cgi$ { | ||
- | location ~ ^/cgi-bin/BackupPC_Admin(/|$) { | ||
- | auth_basic "Backup"; | ||
- | auth_basic_user_file /usr/local/etc/nginx/backuppc.users; | ||
- | gzip off; | ||
- | include /usr/local/etc/nginx/fastcgi_params; | ||
- | fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.socket; | ||
- | |||
- | fastcgi_param REMOTE_ADDR $remote_addr; | ||
- | fastcgi_param REMOTE_USER $remote_user; | ||
- | fastcgi_param SCRIPT_FILENAME /usr/local/www/cgi-bin/BackupPC_Admin; | ||
- | } | ||
- | |||
- | location ~ /\.ht { | ||
- | deny all; | ||
- | } | ||
- | } | ||
- | } | ||
- | </code> | ||
- | </WRAP> | ||
- | |||
- | ===== Outgoing Mail ===== | ||
- | In order to send notice and mail from backuppc i configured sendonly mail 'ssmtp'.\\ | ||
- | |||
- | **installation:** | ||
- | <code bash> | ||
- | pkg install ssmtp | ||
- | </code> | ||
- | |||
- | **Configuration:** | ||
- | This is simple but few points to remember: | ||
- | - It does not use /etc/aliases | ||
- | - change your mail configuration | ||
- | - You have to configure your aliases in `/usr/local/etc/ssmtp/revaliases` | ||
- | - mail command does not read these aliases | ||
- | |||
- | <code bash /usr/local/etc/ssmtp/revaliases (optional)> | ||
- | # Alias look like this | ||
- | root:k2patel@hotmail.com:smtp.k2patel.in | ||
- | </code> | ||
- | |||
- | <code bash /usr/local/etc/ssmtp/ssmtp.conf> | ||
- | # This is simplified version of my configuraiton | ||
- | root=k2patel@hotmail.com | ||
- | mailhub=smtp.k2patel.in | ||
- | rewriteDomain=backup.k2patel.in | ||
- | hostname=_HOSTNAME_ | ||
- | </code> | ||
- | |||
- | <code bash /etc/mail/mailer.conf> | ||
- | # this is what my mailer.conf file looks like | ||
- | sendmail /usr/local/sbin/ssmtp | ||
- | send-mail /usr/local/sbin/ssmtp | ||
- | mailq /usr/local/sbin/ssmtp | ||
- | newaliases /usr/local/sbin/ssmtp | ||
- | hoststat /usr/bin/true | ||
- | purgestat /usr/bin/true | ||
- | </code> | ||
- | |||
- | <code bash /etc/mail.rc> | ||
- | # this change does not require, unless you want to send email using mail command and want aliases to work | ||
- | set append dot save ask crt | ||
- | ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via | ||
- | alias root backup@k2patel.in | ||
- | </code> | ||
- | ===== Troubleshooting ===== | ||
- | - If there is any issue related to fcgiwrap | ||
- | - Check permission of '/var/run/fcgiwrap/fcgiwrap.socket', it should be owned by 'www'. | ||
- | - Creating user for nginx '/usr/local/etc/nginx/backuppc.users' | ||
- | - openssl passwd -apr1 | ||