OpenSeaMap-dev:Server FreeBSD Jails

Aus OpenSeaMap-dev
Wechseln zu:Navigation, Suche

Installation

Create Jail

Add alias.

ifconfig lo0 alias <local-jail-address> netmask 255.255.255.255
 
vi /etc/rc.conf
  ifconfig_lo0_aliasN="inet <local-jail-address> netmask 255.255.255.255"

Create jail.

ezjail-admin create <jail-name> <local-jail-address>

Add ports tree.

rm /usr/jails/<jail-name>/usr/ports
mkdir /usr/jails/<jail-name>/usr/ports

vi /etc/fstab.<jail-name-corrected>
  /usr/ports /usr/jails/<jail-name>/usr/ports nullfs ro 0 0

Add DNS server.

cat /etc/resolv.conf | grep nameserver > /usr/jails/<jail-name>/etc/resolv.conf

Add port build config.

echo 'WITHOUT_X11=yes' >> /usr/jails/<jail-name>/etc/make.conf

Configure syslogd.

echo 'syslogd_flags="-ss"' >> /usr/jails/<jail-name>/etc/rc.conf

Set hostname.

echo 'hostname="<jail-name>.openseamap.org"' >> /usr/jails/<jail-name>/etc/rc.conf
echo '::1                  <jail-name>.openseamap.org localhost' > /usr/jails/<jail-name>/etc/hosts
echo '<local-jail-address> <jail-name>.openseamap.org localhost' >> /usr/jails/<jail-name>/etc/hosts

Configure sshd.

vi /usr/jails/<jail-name>/etc/ssh/sshd_config
  ListenAddress <local-jail-address>
  PermitRootLogin no
  ChallengeResponseAuthentication no

echo 'sshd_enable="YES"' >> /usr/jails/<jail-name>/etc/rc.conf

Configure firewall settings.

vi /etc/pf.conf
 rdr on $ext_if proto tcp from any to any port 22xx -> 127.0.0.xx port 22
 pass in on $ext_if inet proto tcp from any to 127.0.0.xx port 22 keep state

pfctl -f /etc/pf.conf

Start jail.

ezjail-admin start <jail-name>

Configureation inside jail

Connect to jail.

ezjail-admin console <jail-name>

Redirect mails for root.

vi /etc/aliases
  root: <mail-address>

newaliases

Install Ports

Connect to jail.

ezjail-admin console <jail-name>

Install portmaster.

cd /usr/ports/ports-mgmt/portmaster
make install clean
rehash

Install these ports in every jail.

portmaster -d -B sysutils/screen editors/vim-lite ports-mgmt/portaudit

Install Service

Additional installations based on the service type.

Maintenance

Update jail base system (world).

screen -S update
ezjail-admin update -u
exit

Restart affected services or restart the whole jails.