Tracy Phillips

Setting up Ruby on Rails using FreeBSD has to be one of the most dead simple things (/me knocks on wood) that you can get setup.

First you will need to have Ruby installed. If you have been following along in our Setting up FreeBSD series this was done for you when you installed portupgrade. If you don’t just use portinstall ruby and then you will be up to speed with us.

With Ruby installed, the next step is to install Ruby Gems

[server][root][~]# portinstall ruby18-gems

Next we will want to install the rails gem with Ruby Gems.

[server][root][~]# gem install rails --include-dependencies

Whew that was hard :) Ruby on Rails is now setup. Next we will go through the process of setting up a Ruby on Rails blog application… I think Typo would fit the bill don’t you?

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

Our little project for today is setting up MySQL on FreeBSD. Installing MySQL via the FreeBSD ports sytem is a fairly painless process.

To get started login to your server with an SSH client and issue the following command.

[server][root][~]# portinstall mysql-server

You should be presented with different versions of MySQL to choose from. I chose to install the mysql50-server version. If you require a different version for some reason, then you will need to say “yes” to it instead.

Once everything gets compiled we need to setup a way to start MySQL when your server starts.

[server][root][~]# echo 'mysql_enable="YES"' >> /etc/rc.conf

Lets go ahead and start mysql so we can go about setting up the MySQL root password.

[server][root][~]# /usr/local/etc/rc.d/mysql-server.sh start

Everything should have started up ok for you at this point. Lets go ahead an login at the MySQL root user.

[server][root][~]# mysql -u root -p

You will be prompted for a password, hit enter since we have not setup the password yet. Enter the following and be sure to replace MyPassword with the password of your choosing.

SET PASSWORD FOR root@localhost=PASSWORD('MyPassword');

Thats all there is to it. Lets exit MySQL now and log back in to make sure everything worked before we continue.

exit

Now lets log back in with our new password. When you are prompted for a password this time, be sure to use the password that you set above.

[server][root][~]# mysql -u root -p

Hopefully everything worked out. If it didn't your in trouble.. well not really, but that how to is for another day :)

Now lets delete user accounts that do not have a username or any passwords. Type each of the 3 following commands (while you are logged into mysql as the root user) to delete insecure accounts and then type exit.

use mysql;
delete from user where user='';
delete from user where host='localhost.localdomain';

And that's a wrap :)

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

Hopefully you have been following along with us in setting up a FreeBSD Server with Ruby on Rails. If you haven’t, just review so that you will be up to speed.

Lets get started by setting up lighttpd from the ports. If you want to use MySQL to install vhosts in, please have a look at our Install MySQL 5.x on FreeBSD how-to.

[server][root][~]# portinstall lighttpd

Make sure OpenSSL is selected along with any other options you might want.

Now lets make sure lighttpd gets started when the server boots.

[server][root][~]# echo 'lighttpd_enable="YES"' >> /etc/rc.conf

Create your directory structure where you web site documents go. We can change this later, so lets just give it what lighttpd is expecting without modifying them /usr/local/etc/lighttpd.conf file.

[server][root][~]# mkdir -p /usr/local/www/data

Now lets give the www user and the www group that was setup during the lighttpd install ownership.

[server][root][~]# chown -R www:www /usr/local/www

Lets create our log fils and chown (change owner) of the files so that lighttpd can write to them.

[server][root][~]# touch /var/log/lighttpd.access.log
[server][root][~]# touch /var/log/lighttpd.error.log
[server][root][~]# chown www:www /var/log/lighttpd.*.log

Now lets see how everything worked out.

[server][root][~]# /usr/local/etc/rc.d/lighttpd.sh start

Open Firefox and point it to your IP, http://127.0.0.1 if you are doing this on your workstation. If you receive 404 – Not Found in your browser, then your all set.

We will do some lighttpd configuration later when we get ready to install a Ruby on Rails application.

Until next time… adios amigo’s.

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

Installing PostgreSQL on FreeBSD is the topic of the day. If you haven’t been following this little series, make sure you have portupgrade installed.

What we want to accomplish today are the following.

• Install PostgreSQL
• Initialize PostgreSQL with initdb
• Setup the postgres db with UNICODE
• Only allow logins with MD5 authentication
• Setup PostgreSQL to start when the server is started.
• Setup a db user that will connect remotely via pgAdmin III
• Setup PostgreSQL so that we can connect remotely from our workstation.
• Setup PostgreSQL to Autovacuum.

I would like to thank AndrewSN from #postgresql on irc.freenode.com. His knowledge of PostgreSQL is what made possible the tiny details in configuring a PostgreSQL server correctly.

Digest all of that and hurry up so you will not be late for the party.

This is not going to take that long at all to setup if you are familiar with vim and how to search for things in files.

First lets just install Postgresql. I chose postgresql 8.1 and just used the default configure settings that came up.

[server][root][~]# portinstall postgresql-server

Don’t you just love FreeBSD Ports and how much easier it makes life? Ports are much better than RPM Hell any day of the week, although YUM makes things tolerable.

Next lets use initdb to initialize the postgresq db and get things setup the way we want them. This one line will take care of our second, third and fourth items on the list.

[server][root][~]# su -l pgsql -c "initdb -D /usr/local/pgsql/data -E UNICODE -A 'ident sameuser'"

Now what we need to do is setup /etc/rc.conf so that PostgreSQL gets started when the server is started. Issue the following at the command line and you will be all set:

[server][root][~]# echo 'postgresql_enable="YES"' >> /etc/rc.conf

Start PostgreSQL so that we can create a new role.

[server][root][~]# /usr/local/etc/rc.d/010.pgsql.sh start

Now let’s create the new user/role that we will use to login remotely with. The -P option of createuser prompts you for a password that will authenticate the new user, -U is the username you’re connecting as (NOT the user you’re creating), and then monty is the name of the new user. My comments are in ( ).

[server][root][~]# su pgsql -c 'createuser -P monty'

Enter password for new role: montypass (monty's password)
Enter it again: montypass (confirm monty's password)
Shall the new role be a superuser? (y/n) y (let monty be a superuser)
CREATE ROLE

Now we can get PostgrSQL setup to allow us to connect from our IP address. To do that we need to edit two files, /usr/local/pgsql/data/postgresql.conf and /usr/local/pgsql/data/pg_hba.conf.

[server][root][~]# vi /usr/local/pgsql/data/postgresql.conf

Search for listen_addresses and change it to look like:

listen_addresses = '*'

Search for password_encryption and uncomment it (delete the #)

password_encryption = on

Search for port and uncomment it and make sure the port number is 5432

port = 5432

To enable pg_autovacuum search for the following items and make sure they are uncommented and set to on

stats_start_collector = on
stats_row_level = on
autovacuum = on

Now lets fire up vi with the second file we need to edit

[server][root][~]# vi /usr/local/pgsql/data/pg_hba.conf

Search for # "local" is for Unix domain socket (should be about line 66) and make the local section identical to what we have here. Beneath host all 127.0.0.1/32 md5 add your IP address or netblock. I am doing this on a local network so I just allow a connection from any of my internal IP Addresses.

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
# "local" is for Unix domain socket connections only
local   all         pgsql                             ident sameuser
local   all         all                               md5
# IPv4 local connections:
host    all         all         127.0.0.1/32          md5
host    all         all         192.168.1.0/24        md5
#IPv6 local connections:
host    all         all         ::1/128               md5

Open up (or create) /etc/periodic.conf to automatically perform daily backups (and tell it where and how to back them up) and turn off daily vacuum since we turned on autovacuum in the postgresql.conf file.

daily_pgsql_vacuum_enable="NO"
daily_pgsql_backup_enable="YES"
daily_pgsql_pgdump_args="-F c"
daily_pgsql_backupdir="~pgsql/backups"
daily_pgsql_savedays="7"

Now start/restart PostgreSQL

[server][root][~]# /usr/local/etc/rc.d/010.pgsql.sh restart

AndrewSN from #postgresql on Freenode said that there is a bug in the FreeBSD port:

You can fix the bug by copying install-sh and mkinstalldirs from the config dir of the distribution into /usr/local/lib/postgresql/pgxs/config if they don’t already exist there.

If you don’t do that, then you can’t build extensions that use pgxs.

Ok, that is all there is to getting PostgreSQL installed and configured for a remote connection. It wasn’t all that painful was it? I sure hope not :)

Next we will go about installing and setting up Lighttpd.

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

Is that title an oxymoron or what :)

Sometimes we just need to add small things that give us comfort when working at the CLI (Command Line Interface). I would like to setup vim, bash and gnuls to make the CLI just a bit more friendly. Make sure that you followed our previous article and have vim, bash, and gnuls installed or you will run into problems :)

The first thing to do is fire up vi with a new file called .bash_profile. This is what we are going to use to make bash look for the .bashrc file we are going to make next. Be sure you are logged in as root and in /root

vi .bash_profile

Now put the following into vi and then save and close the file.

if [ -f ~/.bashrc ]; then . ~/.bashrc; fi
Now use vi to create a new file called .bashrc and put the following in it.

# file permissions: rwxr-xr-x
umask 022
TERM=xterm
BLOCKSIZE=K
EDITOR=/usr/local/bin/vim
PAGER=/usr/bin/less
alias ls='gnuls --color=always'
alias la='gnuls -a --color=always'
alias ll='gnuls -lah --color=always'
alias updatedb='/usr/libexec/locate.updatedb'
alias h='fc -l'
alias disksize='df -kh'
alias dirsize='du -h -d 1 .'
alias free='top -d1 | head -5 | tail -2'
alias vi=vim
PS1="[\u@\h \W]\\$ "
PS2="> "
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
;;
*)
;;
esac
export TERM EDITOR PAGER BLOCKSIZE

Save and close that file.

Think of aliases as shortcuts. You will notice alias vi=vim, which tells bash that when we type vi that what we really want to use is vim. You will also notice that we aliased ls to gnuls and told it that we always want to have colorized output.

Change your default shell from csh to bash

chsh -s /usr/local/bin/bash

Fire up vi with the new file .vimrc. With this we are going to tell vim how we want it to behave by default. Put the following into the file and save and close.

set nu
set backspace=eol,start,indent
set term=linux
set incsearch

The first line tells vi that we want to use line numbers by default, which make long files easier for me to read. The second line makes our backspace, home, and delete keys behave as you would normally expect them to. I can't remember why I actually put the third line :), but I imagine it was to make vim behave as it would when being used in Linux.

Log out and log back in, and type ls. Notice that your hidden files are not shown by default. To view your hidden files, type la notice the color. Now to view permissions on your files type ll. Nice eh?
Now just for fun, use vim by typing vi and open your .bashrc. Notice the nice line numbers with color. Spiffy stuff.

Ok, thats a wrap.

Next we will change our default encryption methods for passwords from MD5 to Blowfish.

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

Now that we have our few FreeBSD usability items out of the way, lets setup FreeBSD’s passwd utility to use Blowfish for the password hash by default instead of using the Md5 for the hash when creating new passwords. This is part of our good password policy.
So lets get started by firing up our old friend vi.

vi /etc/login.conf

Now what we need to do is replace the string passwd_format=md5 with:

passwd_format=blf

Save and close the file.

We need to rebuild the login.conf database for our changes to take place.

cap_mkdb /etc/login.conf

Now we need to change our password to use blowfish for the password hash instead of md5. All you have to do is use passwd and input your new tor same password. To see if you are indeed using blowfish do the following.

cat /etc/master.passwd

If you see your hashed password starting with $2 then you are all set. If it starts with $1 then you are still using md5. Something most have gone wrong, so you will need to go back and review your changes.

Lets go ahead and make all new users that get added to the system use blowfish for hashing their password by default. To do that we will need to tell adduser to use blowfish instead of md5.

echo 'crypt_default = blf' >> /etc/auth.conf

Whew, I don’t know about you, but I sure feel more secure :)

Next in this little series of setting up a FreeBSD box and getting it ready for cutting edge Ruby on Rails development, we will install and setup PostgreSQL 8.1.

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

The purpose of this exercise is to get a clean working environment for Ruby on Rails. Using any of the current web hosting control panels makes it a hack to put it lightly. Since I was going to do it from scratch to begin with, I reasoned that I should be using the best software for the job and not the most popular.

I am not going to go through the steps of actually installing FreeBSD, that has been explained all to well in other places. I will note that I did a basic install, that is to say that I did not elect to install any applications or ports.

To start things off, we will want to get a fresh copy of the ports installed on our boxen. We use to do this by setting up CVSup and getting the latest ports releases. With FreeBSD 6, we have a new utility that is installed by default called Portsnap. Portsnap is a system for securely downloading and updating a compressed snapshot of the FreeBSD ports tree, and using this compressed snapshot to extract or update an (uncompressed) copy of the ports tree. So lets go and get the latest ports and then extract them into our ports tree.

[server][root][~]# portsnap fetch

There we go, we have a shiny new compressed copy of the entire ports tree. Now lets create our directory structure and extract the snapshot.

[server][root][~]# mkdir /usr/ports;portsnap extract

A lot of items tend to rely on Berkeley DB from Sleepycat (now owned by Oracle), so lets get started with the latest version instead of an earlier version that some ports want to install by default.

[server][root][~]# cd /usr/ports/databases/db44;make install clean

Install portupgrade, which also includes the Portinstall utility that we will be using to install the rest of our ports. Installing portupgrade also installs Ruby as a dependency, which is cool because we will not have to deal with it as a separate item later on.

[server][root][~]# cd /usr/ports/sysutils/portupgrade;make install clean

Lets give out the ole’ rehash command so that csh will recognize the newly installed application. This little item will go away after we install the bash shell later on.

[server][root][~]# rehash

Now lets install portmanager, which we will use to upgrade our ports with. I used to use Portupgrade, but this seems to be a nicer solution to upgrading the ports and their dependencies. I guess time will tell on this one. I did not select any of the compile options.

[server][root][~]# portinstall portmanager

Another nifty item that I like is Portaudit, that I use to mitigate third party vulnerabilities (the ports). Portaudit polls a database, updated and maintained by the FreeBSD Security Team and ports developers, for known security issues. During the install process, Periodic(8) gets updated, so that daily security run emails get sent to root’s email account.

[server][root][~]# portinstall portaudit

Now that it installed, we need to update the database stored in /var/db/portaudit. The database will automatically be updated during the periodic(8) run, so this is optional.

[server][root][~]# rehash

To audit the few ports we have installed at this point, we can run the following command

[server][root][~]# portaudit -a

If there are problems then you will have some output and then you can use portupgrade to upgrade the affected package.

Now that we have the ports system taken care of, lets configure a way to get the base system updated. To do that we will use freebsd-update to download and install binary updates to the base system.

[server][root][~]# portinstall freebsd-update
[server][root][~]# cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf
[server][root][~]# rehash
[server][root][~]# freebsd-update fetch

If there were any updates downloaded then we could use the following to install them.

[server][root][~]# freebsd-update install

Now for some usability items that I have grown fond of while using Linux over the past few years.
I mentioned earlier that I prefer the bash shell compared to csh, so lets get that installed. When installing bash, you will have some choices to make. I like bash2 and have no need for bash1, so when asked about bash2, type yes and type no when asked if you want to install bash.

[server][root][~]# portinstall bash

If you have edited anything on the system yet with vi, then you will notice how bare it is compared to vim (no, before you ask, I do not use Emacs). Lets install vim without the X Window options that get installed with the regular vim port.

[server][root][~]# portinstall vim-lite

Now when I look at directories using ls, I like the directories and files to be shown in all their glorified color, so I can quickly see what is going on. I prefer GNU ls instead of the default FreeBSD ls, so lets install gnuls.

[server][root][~]# portinstall gnuls

Lets go ahead and setup our locale in /etc/login.conf. Make sure the end of your default section looks like the following, paying special attention to put a backslash (\) at the end of the umask line.

:umask=022:\
:charset=en_US.UTF-8:\
:lang=en_US.UTF-8:

Save and close the file.

We need to rebuild the login.conf database for our changes to take place.

[server][root][~]# cap_mkdb /etc/login.conf

I guess that is all for now. In the next post on the subject, I will do a little house keeping and setting up dot files to make bash, vim, and gnuls a bit more user friendly.

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

I am going through the process of switching from a Linux server (CentOS to be exact) running DirectAdmin as the control panel to a FreeBSD server with no control panel for management. Since I do not have to build within the constraints of some other company’s control panel, I thought I would install the best of breed servers and applications.

The main components that I require to be installed are:

PostgreSQL
Lighttpd
Ruby On Rails
Subversion
Postfix
Dovecot
Dspam

I will most likely do some more tweaking but at the moment that is the standard I wish to build against. I know for a fact that I will do some more “tweaking” such as setting up DNS RBLS, SPF, and maybe even Yahoo Domain Keys along with some good old postfix filtering for spam (can you tell I hate spam).
The fist thing that I will get to (hopefully in the next post) will be setting up FreeBSD 6 and getting it ready to install applications onto.

Rails Server Setup:

Part 1: New Server Setup
Part 2: Setup FreeBSD 6.x
Part 3: FreeBSD Usability
Part 4: Setup FreeBSD To Use Blowfish
Part 5: Install and Setup PostgreSQL
Part 6: Install Lighttpd on FreeBSD
Part 7: Install MySQL 5.x on FreeBSD
Part 8: Install Ruby On Rails with FreeBSD

For all of the folks that might be interested in the history of the BSD line of Operating Systems, this is an in depth review up to about 2000 or so.
20 Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable