Inspired from here: https://fahadusman.com/install-mysql-8-phpmyadmin-python3-apache-in-freenas-11-3-jail-freebsd/
Nginx config taken from here : https://www.cyberciti.biz/faq/freebsd-install-php-7-2-with-fpm-for-nginx/
- FreeNAS instance
- MySQL jail (the DB runs on a separate jail)
Create a jail as normal.
Jail => Add
Fire up the terminal and login to FreeNas box. Open a terminal inside the jail :
jexec <JAIL_ID> /bin/sh
Make sure you have the Internet:
ping google.com
In order for PHP to connect to MySQL database to retrieve information for serving to the web server, you need to install PHP Apache and MySQL extensions. The following command installs the most common PHP modules.
pkg install php74 php74-mysqli php74-mbstring php74-zlib php74-curl php74-gd php74-json \
php74-bcmath php74-intl php74-zip php74-xml php74-ldap php74-phar php74-filter php74-openssl \
php74-fileinfo php74-pdo php74-session php74-simplexml php74-tokenizer php74-dom \
php74-iconv php74-xmlwriter php74-pdo_mysql
Copy the sample PHP configuration file into the default place.
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
Check the version of PHP :
# php -v
PHP 7.4.12 (cli) (built: Nov 3 2020 01:13:53) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
Next, we are going to secure PHP and customize it.
Add the following config to the file /usr/local/etc/php/99-custom.ini :
display_errors=Off
safe_mode=Off
safe_mode_exec_dir=
safe_mode_allowed_env_vars=PHP_
expose_php=Off
log_errors=On
error_log=/var/log/nginx/php.scripts.log
register_globals=Off
cgi.force_redirect=0
file_uploads=On
allow_url_fopen=Off
sql.safe_mode=Off
disable_functions=show_source, system, shell_exec, passthru, proc_open, proc_nice, exec
max_execution_time=60
memory_limit=60M
upload_max_filesize=2M
post_max_size=2M
cgi.fix_pathinfo=0
Save and close the file.
Edit the file /usr/local/etc/php-fpm.d/www.conf
Find line: listen = 127.0.0.1:9000
Update it as follows:
listen = /var/run/php72-fpm.sock
Uncomment the following lines:
listen.owner = www
listen.group = www
listen.mode = 0660
Save and close the file. Enable php-fpm service: sysrc php_fpm_enable=YES
Restart php-fpm service on FreeBSD server:
service php-fpm restart
This takes in the terminal inside the jail itself. Installing nginx is a piece of cake:
pkg install nginx
To start and enable Nginx web server to run on system boot, run the commands below;
sysrc nginx_enable=yes
This will add the line nginx_enable="yes" at the end of the /etc/rc.conf configuration file.
Now start nginx and test if it works:
service nginx start
You can check the status of Nginx as shown below :
service nginx status
nginx is running as pid 1206.
To verify that you can actually access you web server from your favourite web browser, navigate to the IP address of your jail. If everything is working fine, you should be able to see the default Nginx web page which says, “It Works!“.
We're going now to modify its configuration.
Edit the file /usr/local/etc/nginx/nginx.conf to this :
user www;
worker_processes 4;
# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info.
#
error_log /var/log/nginx/error.log;
#
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
root /usr/local/www/<FIREFLY>/public;
location / {
index index.php;
try_files $uri $uri/ /index.php?$query_string;
autoindex on;
sendfile off;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
# include the fastcgi_param setting
include fastcgi_params;
# SCRIPT_FILENAME parameter is used for PHP FPM determining
# the script name.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
And setup the root value to the directory where we'll install firefly.
Install composer :
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
Navigate to the default nginx folder (probably /usr/local/www/).
Download an install using composer :
cd /usr/local/www/
php /usr/local/bin/composer create-project grumpydictator/firefly-iii --no-dev --prefer-dist money 5.4.6
Here firefly will be installed in the money subfolder.
Hence, our nginx config must be adapted, especially the root value.
It's time to add the database settings.
In order to do so, edit the file .env in the Firefly-III subfolder and update the database credentials in the following lines :
DB_CONNECTION=mysql
DB_HOST=hostname
DB_PORT=3306
DB_DATABASE=database
DB_USERNAME=username
DB_PASSWORD=password
Enter these commands to initialize the database :
php artisan migrate:refresh --seed
php artisan firefly-iii:upgrade-database
php artisan passport:install