« FreeBSD » : différence entre les versions

De PN Wiki
Aller à la navigation Aller à la recherche
← Modification précédente
 
(26 versions intermédiaires par le même utilisateur non affichées)
Ligne 14 : Ligne 14 :
=== One shot ===
=== One shot ===


<pre>
rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /var/ftp/ newice3:/var/ftp/
</pre>


=== 1 full + diff at the migration time ===  
=== 1 full + diff at the migration time ===  


rsync -av --exclude={'rc.d','oldice3','newice3','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
<pre>
 
rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)
</pre>


= Nginx =
= Nginx =
Ligne 59 : Ligne 48 :


A cron job shall be used to update these databases on a daily basis<ref>https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/</ref>
A cron job shall be used to update these databases on a daily basis<ref>https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/</ref>
= ZFS snapshots =
FreeBSD creates a snapshot at each FreeBSD update (freebsd-update fetch && freebsd-update install). These snapshots are not needed anymore should your system restarts & runs correctly. Moreover they take loads of space on your hardrive.
== Procedure to delete ==
=== List & check ===
<pre>root@icecube BSD:~ # bectl list
BE                                Active Mountpoint Space Created
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                          NR    /          814G  2023-12-01 23:34
</pre>
Check that the active Boot Envionment is the default (NR set on default).
<pre>root@icecube BSD:~ # zfs list -t snapshot
NAME                                      USED  AVAIL  REFER  MOUNTPOINT
zroot/ROOT/default@2025-12-19-12:14:34-0  927M      -  812G  -
</pre>
=== Delete ===
<pre>root@icecube BSD:~ # bectl destroy 14.3-RELEASE-p6_2025-12-19_121434
</pre>
=== Results ===
<pre>root@icecube BSD:~ # bectl list
BE      Active Mountpoint Space Created
default NR    /          813G  2023-12-01 23:34
root@icecube BSD:~ # zfs list -t snapshot
no datasets available
</pre>
= Reboot or no reboot after a minor system upgrade ? =
After a system upgrade performed thanks to :
<pre>root@icecube BSD:~ # freebsd-update fetch
root@icecube BSD:~ # freebsd-update install
</pre>
If the output of these two commands differs, then reboot your system:
<pre>root@icecube BSD:~ # freebsd-version -k
14.3-RELEASE-p7
root@icecube BSD:~ # uname -r
14.3-RELEASE-p7
</pre>
= PF =
After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).<br>
This is explained here with a quick & dirty non-permanent fix :<br>
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832
# First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
# Then restart PF the usual way


= References =
= References =
{{references}}
{{references}}

Dernière version du 24 décembre 2025 à 10:16

Named

Manually updating a Dynamic controlled zone

"If you have to edit the zone files of dynamic zones manually while the DNS server is running, you'll have to freeze the zones with # rndc freeze <myzone> before editing and unfreeze them with # rndc thaw <myzone> after editing. This is because named(8) has internal state information and external journal files attached to dynamic zones that have to be kept in sync with the zone files[1]".

Rsync

To delete files in the target if they disappeared from the source, then add the --delete option to your command. For example:

rsync -avh source/ dest/ --delete
NB: -avh is for --archive --verbose --human-readable[2].

Migration of folders to a new server

One shot

rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /var/ftp/ newice3:/var/ftp/

1 full + diff at the migration time

rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)

Nginx

Maxmind

Country based filtering can be performed in nginx thanks to the free Maxmind databases.

A cron job shall be used to update these databases on a daily basis[3]

ZFS snapshots

FreeBSD creates a snapshot at each FreeBSD update (freebsd-update fetch && freebsd-update install). These snapshots are not needed anymore should your system restarts & runs correctly. Moreover they take loads of space on your hardrive.

Procedure to delete

List & check

root@icecube BSD:~ # bectl list
BE                                Active Mountpoint Space Created
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                           NR     /          814G  2023-12-01 23:34

Check that the active Boot Envionment is the default (NR set on default). 

root@icecube BSD:~ # zfs list -t snapshot
NAME                                       USED  AVAIL  REFER  MOUNTPOINT
zroot/ROOT/default@2025-12-19-12:14:34-0   927M      -   812G  -

Delete

root@icecube BSD:~ # bectl destroy 14.3-RELEASE-p6_2025-12-19_121434

Results

root@icecube BSD:~ # bectl list
BE      Active Mountpoint Space Created
default NR     /          813G  2023-12-01 23:34
root@icecube BSD:~ # zfs list -t snapshot
no datasets available

Reboot or no reboot after a minor system upgrade ?

After a system upgrade performed thanks to : 

root@icecube BSD:~ # freebsd-update fetch
root@icecube BSD:~ # freebsd-update install

If the output of these two commands differs, then reboot your system: 

root@icecube BSD:~ # freebsd-version -k
14.3-RELEASE-p7
root@icecube BSD:~ # uname -r
14.3-RELEASE-p7

PF

After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).
This is explained here with a quick & dirty non-permanent fix :
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832

  1. First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
  2. Then restart PF the usual way

References

  1. https://forums.freebsd.org/threads/dynamic-dns-with-bind-and-isc-dhcp-server.33849/
  2. https://askubuntu.com/a/665918
  3. https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/
Récupérée de "https://wiki.deprelledelanieppe.be/mediawiki/index.php?title=FreeBSD&oldid=941"