Skip to content

Instantly share code, notes, and snippets.

@Zamana
Last active Aug 13, 2022
Embed
What would you like to do?

Installing FileRun in FreeBSD (or in a FreeNAS jail) with Caddy as webserver

Here are the general instructions to install FileRun on FreeBSD or in a FreeNAS jail. For those who don't know, "jail" is the container technology used by the FreeBSD.

This guide was written while I was actually installing, and I guess it reflects the exact steps needed to accomplish the task. Anyway this guide must not be followed alone: you still need the general guide provided by the FileRun documentation. Here you will find only the relevat parts regarding the FreeBSD system.

Feel free to comment and point my mistakes, not only the technical ones but the grammar and spelling also, so I can make this guide more accurate as possible.

Some assumptions

  1. In the examples below I'll use my settings. Feel free to change them to suit your needs. For example, my Time Zone is São Paulo, and my domain is "local".

  2. You're using the root account to execute the commands.

Adjust the timezone

In the occasion that your system is with wrong date/time, adjust the time zone:

cd /etc
rm localtime
ln -s /usr/share/zoneinfo/America/Sao_Paulo localtime

and check that it's correct with:

date

Packages

First initialize the package system and make sure that everything is updated:

pkg update
pkg upgrade

And then install the necessary packages:

pkg install php73 ioncube-php73 php73-pdo php73-openssl php73-gd php73-mbstring php73-exif \
php73-xml php73-zlib php73-opcache php73-curl php73-pdo_mysql php73-sockets php73-json \
php73-fileinfo php73-ctype php73-session php73-pecl-imagick-im7 ImageMagick7-nox11 \
ffmpeg openjdk8-jre mysql80-server caddy

NOTE: I chose PHP73 because that's the latest version with ionCube available as a package. If you want the latest & greatest PHP74 version, I guess you'll need to install ionCube manually, by yourself.

Database

Configure MySQL server to run at startup:

sysrc mysql_enable=YES

And start the MySQL service:

service mysql-server start

Check that it is running with:

service mysql-server status

Now access the main instance of MySQL (default without password)

mysql -u root -p

(press ENTER at password prompt)

At the MySQL prompt, create the database for FileRun:

mysql> create database filerun;

Then create a user and grant privileges:

mysql> create user 'filerun'@'localhost' identified with mysql_native_password by 'filerun';
mysql> grant all privileges on filerun.* to 'filerun'@'localhost';
mysql> flush privileges;
mysql> exit

NOTE: the user and password is "filerun" in the example above. Feel free to change it if you want it.

ionCube

Create a file in /usr/local/etc/php named ext-40-filerun.ini with the following content:

expose_php              = Off
error_reporting         = E_ALL & ~E_NOTICE
display_errors          = Off
display_startup_errors  = Off
log_errors              = On
ignore_repeated_errors  = Off
allow_url_fopen         = On
allow_url_include       = Off
variables_order         = "GPCS"
allow_webdav_methods    = On
memory_limit            = 128M
max_execution_time      = 300
output_buffering        = Off
output_handler          = ""
zlib.output_compression = Off
zlib.output_handler     = ""
safe_mode               = Off
register_globals        = Off
magic_quotes_gpc        = Off
upload_max_filesize     = 20M
post_max_size           = 20M
enable_dl               = Off
disable_functions       = ""
disable_classes         = ""
session.save_handler     = files
session.use_cookies      = 1
session.use_only_cookies = 1
session.auto_start       = 0
session.cookie_lifetime  = 0
session.cookie_httponly  = 1
date.timezone            = "America/Sao_Paulo"

NOTE: verify if "date.timezone" is right for you...

The webserver (Caddy) and the FileRun installation

Create a folder www at /usr/local:

mkdir /usr/local/www

Download filerun at this new folder:

cd /usr/local/www
fetch -o FileRun.zip http://www.filerun.com/download-latest

Unzip it:

unzip FileRun.zip

Change the owner of the /usr/local/www folder to www:

chown -R www:www /usr/local/www

Set Caddy to start at boot and other things with the following variables:

sysrc caddy_enable=YES
sysrc caddy_user=www
sysrc caddy_group=www
sysrc caddy_log=/var/log/caddy.log
sysrc caddy_cert_email=my_email@somewhere.com

NOTE: adjust your e-mail address.

Create a file called Caddyfile at /usr/local/www with the following content:

filerun.local:8000 {

        tls off

        root /usr/local/www

        fastcgi / 127.0.0.1:9000 php {
                index index.php
        }
}

NOTE 1: change "filerun.local" to your URL or the IP address you chose. In my case my internal DNS maps filerun.local to 192.168.0.113 (of course your mileage may vary).

NOTE 2: more about the port "8000" at the Bonus section.

PHP and PHP-FPM

Configure php-fpm to start at boot

sysrc php_fpm_enable=YES

Start the php-fpm service

service php-fpm start

Check that it is running with:

service php-fpm status

Final steps

Start the Caddy web server service:

service caddy start

Check that it is running with:

service caddy status

Then point your browser to

http://[NAME OR IP]:8000

and follow the FileRun instructions to complete the installation.

Bonus

Users and groups

If you are using FreeNAS jails, you need to configure users and groups inside the jail with the same UIDs/GIDs of the user/groups you are using outside the jail (at the host). In my case I have only two active users (zamana and plex) and group (plex). That's the way I do in order to access my files from inside the jail. Adapt according with your needs:

  1. Creating a group plex with gid 118
pw add group plex -g 118
  1. Creating a user plex with uid 111 (and default group plex implicitly):
pw add user plex -u 111
  1. Creating a user zamana with uid 1000 (and default group zamana implicitly), and additional group plex:
pw add user zamana -u 1000 -G plex

FreeNAS jails and mount points

Still regarding FreeNAS jails, you'll need to access your files at the host from inside the jail. Use the "Mount Points" at the jail configuration to do it. Feel free to make them "read only" if you don't intend to change/delete your files/folders from FileRun interface. And pay attention to the setup of users/groups stated above.

FreeBSD and privileged ports

By default FreeBSD does not allow that ordinary users access the privileged ports (those below 1024). In this particular case the alternatives are running the Caddy web server as root or by using The MAC Port Access Control List Policy. Feel free to messing around with this.

Post instructions

After logging in for the first time, setting up your user etc, go to Interface->Thumbnails and preview. At "ImageMagick support", set Mode to "IMagick PHP Extension" and change the Path for "magick" or "convert" to "/usr/local/bin/convert"

If you installed the FFMpeg package, enable it and change the Path to /usr/local/bin/ffmpeg.

In both cases, click "Check path" below each path to make sure that the path/programs are written correctly and working.

Then save changes.

Enjoy.

@GammaScorpii
Copy link

GammaScorpii commented Aug 15, 2021

I can't get caddy to start. In the log it just says error code 1 and something about not being able to bind port 80.

Any ideas?

listen tcp :80: bind: permission denied

@Zamana
Copy link
Author

Zamana commented Aug 16, 2021

Hi.

You need to read the topic FreeBSD and privileged ports.

Regards.

@GammaScorpii
Copy link

GammaScorpii commented Aug 16, 2021

Hi.

You need to read the topic FreeBSD and privileged ports.

Regards.

Thanks, but if I'm logged in as root inside the jail and run "service caddy start", isn't that starting it as root?

Also reading https://docs.freebsd.org/doc/9.2-RELEASE/usr/share/doc/freebsd/handbook/mac-portacl.html

sysctl security.mac.portacl.enabled
I get 'unknown oid'

sysctl security.mac.portacl.port_high=1023
also get 'unknown oid'

sysctl net.inet.ip.portrange.reservedlow=0
operation not permitted

I don't normally use FreeBSD so I'm a bit in the dark here. Not sure why it wants port 80 anyway? since the config says 8000?

@TsaiRongFu
Copy link

TsaiRongFu commented Aug 28, 2021

Hi. Zamana

Can you publish the teaching video?

I always fail to building

@Zamana
Copy link
Author

Zamana commented Sep 14, 2021

Hi.
You need to read the topic FreeBSD and privileged ports.
Regards.

Thanks, but if I'm logged in as root inside the jail and run "service caddy start", isn't that starting it as root?

Also reading https://docs.freebsd.org/doc/9.2-RELEASE/usr/share/doc/freebsd/handbook/mac-portacl.html

sysctl security.mac.portacl.enabled
I get 'unknown oid'

sysctl security.mac.portacl.port_high=1023
also get 'unknown oid'

sysctl net.inet.ip.portrange.reservedlow=0
operation not permitted

I don't normally use FreeBSD so I'm a bit in the dark here. Not sure why it wants port 80 anyway? since the config says 8000?

First make sure that you can make it work in port 8000.

@Zamana
Copy link
Author

Zamana commented Sep 14, 2021

Hi. Zamana

Can you publish the teaching video?

I always fail to building

Can you post the error message from your build session? I guess that, maybe, there is some package missing...

@jwagriff
Copy link

jwagriff commented Aug 13, 2022

Hey. I’m trying to figure out how to install this on TrueNAS while also having external access via DDNS. Could you explain that process at all?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment