Ultimate FreeNAS Setup


Here are straight-forward instructions to setting up a bunch of different software on FreeNAS. If you make a terrible error, just throw up another plugin sandbox and repeat.


Random fixes

If Python is needed

pkg install -y python27 py27-sqlite3

// You need these for some startup and other scripts to detect python
ln -s /usr/local/bin/python2.7 /usr/bin/python
ln -s /usr/local/bin/python2.7 /usr/bin/python2

Fix ACLs

When you come across ACL issues (and you will) just use this script to fix them.

find media/ -type f -exec setfacl -m everyone@:full_set:fd:allow {} \;
find media/ -type d -exec setfacl -m everyone@:full_set:fd:allow {} \;

SSH into a jail

$ ssh <yoursshuser>@mediaserver # Replace mediaserver with your mediaserver IP.
$ jls # Get JID
$ jexec <JID> tcsh

Fix nano linewrapping bug

echo set nowrap > ~/.nanorc
echo set softwrap >> ~/.nanorc

sed find / replace

sed -i 's/# set nowrap/set nowrap/' ~/.nanorc

Script to replace or append text in a file

Usage: e.g. appsert listen=80 listen=52767 somefile



#sed -e"s/^$find/$replaceorappend/" -e't' -e'$a\'$'\n'"$replaceorappend" test

if grep -ql "\s*$find" "$filename"
    sed -Ei '' "s/^([[:blank:]]*)$find/\1$replaceorappend/" $filename
    sed -i '' '$a\'$'\n'"$replaceorappend"$'\n' $filename

Password protecting a nginx folder

This command depends on your shell.

tcsh and probably most others:

printf "<yourusername>:`openssl passwd -apr1 <yourpassword>`\n" >> /usr/local/etc/nginx/.htpasswd


printf "<yourusername>:%s\n" (openssl passwd -apr1 <yourpassword>) >> /usr/local/etc/nginx/.htpasswd

Add this to the appropriate location in /usr/local/etc/nginx.conf

location  /  {
  auth_basic  "Authorized personnel only.";
  auth_basic_user_file  /usr/local/etc/nginx/.htpasswd;


Create a self signed certificate

cd /usr/local/etc/ssl
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key
openssl rsa -in -out server.key
openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt

LEMP Server - FreeBSD, Nginx, MariaDB & PHP (FastCGI)

Install Nginx

pkg install -y nano

pkg search nginx
pkg install -y nginx-1.8.0_3,2
cd /usr/local/etc/nginx/
mv nginx.conf nginx.conf.original

nano nginx.conf
# Define user that run nginx
user  www;
worker_processes  2;

# Define error log
error_log /var/log/nginx/error.log info;

events {
  worker_connections  1024;

http {
  include       mime.types;
  default_type  application/octet-stream;

  # Define access log
  access_log /var/log/nginx/access.log;

  sendfile        on;
  keepalive_timeout  65;

  server {
    listen       80;
    server_name  localhost;

    # Define web data
    root /usr/local/www/nginx;
    index index.php index.html index.htm;

    location / {
      try_files $uri $uri/ =404;

    error_page      500 502 503 504  /50x.html;
    location = /50x.html {
      root /usr/local/www/nginx;

    # Configuration for PHP-FPM
      location ~ \.php$ {
      try_files $uri =404;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass unix:/var/run/php-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $request_filename;
      include fastcgi_params;

mkdir -p /var/log/nginx/
touch /var/log/nginx/{error,access}.log
cd /usr/local/www/
rm -r nginx
mkdir nginx
cp nginx-dist/index.html nginx/index.html

sysrc nginx_enable=YES

nginx -t # check that there are no errors
service nginx start

Install MariaDB

pkg search mariadb
pkg install -y mariadb100-server-10.0.22 mariadb100-client-10.0.22
cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf
sysrc mysql_enable=YES
service mysql-server start


Enter current password for root (enter for none):
#Just press Enter here
Change the root password? [Y/n] Y
#Type your password for mariadb here
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Test your connection:
mysql -u root -p<your password>

Install PHP with FastCGI (FPM)

pkg search php56
pkg install -y php56-5.6.16 php56-mysqli-5.6.16

cd /usr/local/etc/
nano php-fpm.conf

Line 164:
;listen =
listen = /var/run/php-fpm.sock

Line 175:
#Just uncomment these lines
listen.owner = www = www
listen.mode = 0660

cd /usr/local/etc/
cp php.ini-production php.ini
nano php.ini
Set cgi.fix_pathinfo=0

sysrc php_fpm_enable=YES
service php-fpm start

Test your setup

cd /usr/local/www/nginx/
nano info.php
<?php phpinfo(); ?>

Test at http://<JAIL IP>/info.php


Create a dataset called media. Create your nzbget jail. Link the dataset to your jail under /mnt/nzbget SSH into the jail.

// Create nzbget folder structure.
cd /mnt/nzbget
mkdir dst inter log nzb queue scripts tmp

// This line not only installs nano but also updates pkg.
// Just ignore all of the "pkg: Skipping unknown key
// 'messages'" messages.
pkg install -y nano ffmpeg p7zip unrar

// Make 7z available to nzbToMedia
ln -s /usr/local/bin/7z /usr/bin/7z
ln -s /usr/local/bin/7za /usr/bin/7za
ln -s /usr/local/bin/7zr /usr/bin/7zr

// Install from ports... this will take a while.
portsnap fetch update
portsnap extract
cd /usr/ports/news/nzbget && make -DBATCH install clean

// Edit config
cp /usr/local/etc/nzbget.conf /usr/local/share/nzbget/nzbget.conf.template
nano /usr/local/etc/nzbget.conf
MainDir=/mnt/nzbget # Or whatever you have mapped your storage as.

// Add config to autostart
nano /usr/local/etc/rc.d/nzbget
${command} -D -c /usr/local/etc/nzbget.conf

// Autostart
sysrc nzbget_enable=YES
service nzbget start

If you also want to a VPN within the jail you can use this script:

The script uses but it is easy to tweak the script to work with other providers.

NZBGet will be available at http://<your jail IP>:6789

Start the web interface and configure as you wish.


pkg install -y mono mediainfo sqlite3 nano
ln -s /usr/local/bin/mono /usr/bin/mono
mkdir /usr/local/share/sonarr
cd /usr/local/share/sonarr
tar -xzvf NzbDrone.master.tar.gz
rm NzbDrone.master.tar.gz

nano /usr/local/etc/rc.d/sonarr
# PROVIDE: sonarr
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
# sonarr_enable (bool): Set to NO by default.
#                       Set it to YES to enable it.
# sonarr_data_dir:      Directory where sonarr configuration
#                       data is stored.
#                       Default: /home/${sonarr_user}/.config/NzbDrone
# sonarr_user:  The user account sonarr daemon runs as what
#                       you want it to be. It uses '%%USER%%' user by
#                       default. Do not sets it as empty or it will run
#                       as root.
# sonarr_group: The group account sonarr daemon runs as what
#                       you want it to be. It uses '%%GROUP%%' group by
#                       default. Do not sets it as empty or it will run
#                       as wheel.

. /etc/rc.subr
load_rc_config $name

: ${sonarr_enable:="NO"}
: ${sonarr_user:="root"}
: ${sonarr_group:=""}
: ${sonarr_dir:="/usr/local/share/sonarr/NzbDrone/"}
: ${sonarr_log:="/${sonarr_user}/sonarr.log"}

command_args="$sonarr_dir/NzbDrone.exe >$sonarr_log 2>&1 &"
        echo `ps ax | grep "NzbDrone.exe" | grep -v grep | awk '{print $1}'` > $pidfile
        rm $pidfile

export HOME="/${sonarr_user}"

run_rc_command "$1"

chmod 555 /usr/local/etc/rc.d/sonarr
sysrc sonarr_enable=YES

Sonarr will be available at http://<your jail IP>:8989

Updating Sonarr

service sonarr stop
cd /usr/local/share/sonarr
mv NzbDrone/ NzbDrone.backup/
# Use fetch for the dev version
tar xvzf NzbDrone.master.tar.gz
rm NzbDrone.master.tar.gz
service sonarr start

// Check that everything is okay then:
rm -r NzbDrone.backup


pkg install -y get_iplayer ffmpeg atomicparsley id3v2
sysrc get_iplayer_enable="YES"
sysrc get_iplayer_chdir="/mnt/downloads"
sysrc get_iplayer_listen_address=
service get_iplayer start


Install a LEMP server
pkg install -y baikal

touch /usr/local/www/baikal/Specific/ENABLE_INSTALL

To finish installing Baikal:
  1) Set up an httpd directive
     See /usr/local/share/examples/baikal
  2) touch /usr/local/www/baikal/Specific/ENABLE_INSTALL
  3) Browse http://baikal/admin
  4) rm /usr/local/www/baikal/Specific/ENABLE_INSTALL

Couch Potato

Install Python as explained above then:

cd /usr/local && git clone git://
cp /usr/local/CouchPotatoServer/init/freebsd /usr/local/etc/rc.d/couchpotato
chmod +x /usr/local/etc/rc.d/couchpotato
sysrc couchpotato_enable=YES
sysrc couchpotato_user=root
service couchpotato start


pkg install -y git
cd /usr/local && git clone git://
chown -R media headphones && chgrp -R media headphones
cp /usr/local/headphones/init-alt.freebsd /usr/local/etc/rc.d/headphones
chmod +x /usr/local/etc/rc.d/headphones
sysrc headphones_enable=YES
sysrc headphones_user=media


Go to and copy the link for Plex Media Server for FreeBSD.

pkg install -y plexmediaserver-plexpass
sysrc plexmediaserver_plexpass_enable=YES
service plexmediaserver_plexpass start
ln -s /mnt/Mediaserver-Jails-Volume/jails/plexmediaserver/usr/local/plexdata-plexpass/Plex\ Media\ Server/Logs/ Plex\ Logs

Plex will be available at http://<your jail IP>:32400/web


pkg install -y nano fish zoneminder
sysrc zoneminder_enable=YES
service zoneminder start
ln -s /mnt/Mediaserver-Jails-Volume/jails/plexmediaserver/usr/local/plexdata-plexpass/Plex\ Media\ Server/Logs/ Plex\ Logs

Plex will be available at http://<your jail IP>:32400/web

i followed the setup but sonarr wont start. any pointer?

DoctorRobotnick commented Dec 18, 2018

I'm up to this point getting nzbget set up but don't know what to do at this point:

// Add config to autostart
nano /usr/local/etc/rc.d/nzbget
${command} -D -c /usr/local/etc/nzbget.conf

// Autostart
sysrc nzbget_enable=YES
service nzbget start

Can someone walk me through editing what I need to for autostart?

Copy link

tangorri commented Aug 22, 2019

For headphones, I don't get media user when I create a jail ... should I create the host media user with same uid, and same media group with corresponding gid as well ?

Copy link

For headphones, I don't get media user when I create a jail ... should I create the host media user with same uid, and same media group with corresponding gid as well ?

Yes, that is what I do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment