Install MySQL 8, phpMyAdmin, Python3, Apache in FreeNas 11.3 Jail (FreeBSD)

FreeBSD Jail in FreeNas 11.3

Step by step guide to install Apache, PhP, phpMyAdmin and Python in FreeNas Jail

By Fahad Usman

Why do we need this?

I wanted to isolate my web-dev work in a jail. My FreeNas machine is a beast, so I just wanted to install MySQL, Python, PhP etc. in a jail instead of installing it on my personal laptop!

There are many tutorials but none worked for me. It took me a while to get it all working so I thought I should write about it so that others can benefit and whip through the installation (unlike me 🙂 )

One of the biggest benefit for me was that I could create python scripts and let them run non stop!

“The nice thing about FeeNas jails is you can experiment with them with no threat to your FreeNas system. When you are done with your jail? Just delete it…”

In this guide, I will take you through step by step how to set it all up. 

Step 1 – Create a Jail:

Create a jail as normal.

Jail => Add 

FreeNAS is an appliance, meaning that its operating system is not intended to be modified, tweaked, expanded, jacked, bummed, experimented with, or anything else. If you want to install some bit of software into FreeNAS, you really “can’t”, because that’s just not how “appliances” work. But what you *CAN* do is create a “jail”, and you can install software INTO THAT JAIL.

SQL JAIL

Now Start the Jail.

Step 2 – ssh into FreeNas:

Fire up the terminal and login to FreeNas box. 

ssh [email protected]_freenas_ip. 
iocage console sql_jail_name

Make sure you have the Internet:

ping google.com

The first thing you need to do is to update and upgrade packages:

pkg update
pkg upgrade

 

Step 3 – Install Apache:

Installing apache is a piece of cake:

pkg install apache24

Start and Enable Apache

To start and enable Apache web server to run on system boot, run the commands below;

sysrc apache24_enable=yes

This will add the line apache24_enable="yes" at the end of the /etc/rc.conf configuration file.

Now start apache and test if it works:

service apache24 start

You can check the status of Apache as shown below;

service apache24 status
apache24 is running as pid 1206.

To verify that you can actually access you web server from your favourite web browser, navigate to the IP address of your jail. If everything is working fine, you should be able to see the default FreeBSD Apache web page which says, “It Works!“.

Step 4 – Install MySQL:

This is similar to installing apache, you could install via a single command. The question is which one because if you do a :

pkg search mysql

There are so many:

mysql55-client-5.5.62_3        Multithreaded SQL database (client)                             mysql55-server-5.5.62_3        Multithreaded SQL database (server)                             mysql56-client-5.6.47          Multithreaded SQL database (client)                             mysql56-server-5.6.47          Multithreaded SQL database (server)                             mysql57-client-5.7.29          Multithreaded SQL database (client)                             mysql57-server-5.7.29          Multithreaded SQL database (server)                             mysql80-client-8.0.19          Multithreaded SQL database (client)                             mysql80-server-8.0.19          Multithreaded SQL database (server)    

 

I installed mysql80 because it’s based on mysql 8. So run this command to install it:

pkg install mysql80-server

This will also install the mysql-client.

Enable MySQL as a service so it can start on system boot.
sysrc mysql_enable=yes

Start MySQL

service mysql-server start

The first thing we have to do is to secure the installation now. Simply run:

 mysql_secure_installation

This will kickoff the script asking questions. Setting root passwords etc. You would normally say ‘y’ to all the questions it asks and set the root password.

Login to check if everything works by:

mysql -u root -p

and the password you just set and you should be in the sql prompt like below:

 [email protected]:~ # mysql -u root -p

Enter password: 

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 10

Server version: 8.0.19 Source distribution

 

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

 

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

 

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

 

[email protected] [(none)]> 

 

Step 5 –  Install and Configure php

In order for PHP to connect to MySQL database to retrieve information for serving to the web server, you need to install PHP Apache and MySQL extensions. The following command installs the most common PHP modules.

 pkg install php72-mysqli php72-json php72-mbstring php72-session php72-hash php72 mod_php72 php72-zlib php72-curl php72-gd
Copy the sample PHP configuration file into the default place and regenerate system cached information about installed binaries.
cp /usr/local/etc/php.ini{-production,}
rehash
This will copy the php.ini-production file into:
/usr/local/etc/php.ini

 

You can check the version of PHP by running:
php -v

All good? This means php is installed. Now get apache to allow php code to run by editing the Apache configuration file httpd.conf. 

you can find where this is by:

find / -name httpd.conf

Mine was at: /usr/local/etc/apache24/httpd.conf. 

Now add the following at the end of this file:
<FilesMatch "\.php$">
    SetHandler application/x-httpd-php

<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
Also in the same file find where 

    DirectoryIndex index.html
 
And add index.php next to index.html. So in the end it will look like this:

    DirectoryIndex index.php index.html

 

Restart apache by:
service apache24 restart
create a file with some php code at:
/usr/local/www/apache24/data/
and then navigate to the file to see it works. I created the test.php file with the following code:
Navigate to http://your_jail_ip/test.php. You will see php info page. Beautiful. Now remove the test file from your server to avoid exposing the information about server to the public.

Step 6 – Install Latest PhpMyAdmin

Goto the website and copy the link to the latest downloadable file. I downloaded the following

wget https://files.phpmyadmin.net/phpMyAdmin/5.0.2/phpMyAdmin-5.0.2-all-languages.zip

Verify that the downloaded file is not corrupted by comparing that SHA256 hash for the two files matches. From the phpMyAdmin download page, the SHA256 has for the phpMyAdmin-5.0.2-all-languages.zip is b0ded1aa6ba4c38cebed0e58afacf88864862421656092d7b150293db78767a7. To check the SHA256 for the downloaded file, run the command below;

sha256 phpMyAdmin-5.0.2-all-languages.zip 
SHA256 (phpMyAdmin-5.0.2-all-languages.zip) = b0ded1aa6ba4c38cebed0e58afacf88864862421656092d7b150293db78767a7

Great, the hashes match and we are good to proceed.

unzip by:

unzip phpMyAdmin-5.0.2-all-languages.zip
mv phpMyAdmin-5.0.2-all-languages /usr/local/www/apache24/data/phpmyadmin

Configure phpMyAdmin

phpMyAdmin has been installed and thus can be configured as follows;

Navigate to the /usr/local/www/apache24/data/phpmyadmin and rename the PHP configuration file.

cd /usr/local/www/apache24/data/phpmyadmin
cp config.sample.inc.php config.inc.php

Create a tmp folder for caching templates and set proper permissions;

mkdir /usr/local/www/apache24/data/phpmyadmin/tmp
chmod 777 /usr/local/www/apache24/data/phpmyadmin/tmp

Create a blowfish secret required for cookie based authentication to encrypt password in cookie. You can generate the secret and paste as follows;

...
/**
 * This is needed for cookie based authentication to encrypt password in
 * cookie. Needs to be 32 chars long.
 */
$cfg['blowfish_secret'] = '$2a$07$jCKBmwSU0iyKGpwsHQUAVOuH5Kh37h52cT5.RLZrvN3tiHO67b1J.'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/**
...

Restart Apache for the changes to take effect.

service apache24 restart

To access phpMyAdmin dashboard, navigate to the browser and enter the URL in the format, http://server-IP/phpmyadmin. This will take you to phpMyAdmin login page.

Login with MySQL database root credentials.

If you are running MySQL 8.0 then you might have an issue with logging in to phpMyAdmin dashboard, see the error below. Note that MySQL 8.0 is using caching_sha2_password rather than mysql_native_password as the default authentication plugin which phpMyAdmin may not understand.

 

mysql8 login error

As a work around, login to your MySQL as root user and run the command below to change the Authentication Plugin for the root user to mysql_native_password as shown below;

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '[email protected]';

Restart MySQL and go back to the browser and login to your phpMyAdmin dashboard.

Install Method 2: packaged phpMyAdmin

This was the most painful process. The installation is very easy but you need to tell which version you want to install. I installed:

pkg install phpMyAdmin5-php72-5.0.1

It installs it at /usr/local/www/phpMyAdmin so move it to /usr/local/www/apache24/data/

mv /usr/local/www/phpMyAdmin/ /usr/local/www/apache24/data/

if you gona navigate to it i.e. http://your_jail_ip/phpMyAdmin. It will not work. You now need to edit your httpd.conf config again. 

vi /usr/local/etc/apache24/httpd.conf

Add at the end:

Alias /phpmyadmin/ "/usr/local/www/apache24/data/phpMyAdmin/"
 
    <Directory "/usr/local/www/apache24/data/phpMyAdmin/">
        Options None
        AllowOverride Limit
Require local
Require host .example.com

Restart apache by:  service apache24 restart 

Navigate to it again and you will get a Forbidden error. So reopen the httpd.conf file and add the following in the same directive:

 Alias /phpmyadmin/ “/usr/local/www/apache24/data/phpMyAdmin/”

    <Directory “/usr/local/www/apache24/data/phpMyAdmin/”>

      AddDefaultCharset UTF-8

         

                # Apache 2.4

               

                        Require all granted

               

       

       

                # Apache 2.2

                Order Allow,Deny

                Allow from All

       

        Options None

        AllowOverride Limit

        Require local

        Require host .example.com

     

Restart apache: service apache24 restart , The phpMyAdmin page will appear. Now if you login, you will get an error:

 mysqli::real_connect(): The server requested authentication method unknown to the client [caching_sha2_password]

To fix this, you will have to login mysql via jail terminal.

mysql -u root -p

And execute the command: 

alter user 'root'@'localhost' identified with mysql_native_password by 'put_complext_password_here';

Re-login and you should be in 🙂

Add the following in your my.cnf file: 

vi /usr/local/etc/mysql/my.cnf 
default_authentication_plugin = mysql_native_password

under the [mysqld] section.

Now you can login into myPhpAdmin.

If you see the following error message at the bottom of the page when you first log in to /phpMyAdmin (using a previously setup MySQL username and password) :

ERROR: The configuration file now needs a secret passphrase (blowfish_secret)  

You need to add a blowfish password to the phpMyAdmin’s config file. Edit /usr/local/www/apache24/data/phpMyAdmin/config.inc.php and insert a random blowfish “password” in the line

$cfg['blowfish_secret'] = ; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  

It should now look something like this:

$cfg['blowfish_secret'] = 'randomPassword$£@£{8IZr323xYcSN]0s)r$9b_JUnb{~Xz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  

This all assumes you’ve already properly created the config file,

cp config.sample.inc.php config.inc.php

Restart mysql-server: service mysql-server restart

Re-login and the error should be gone.

Step 7 –  Install Python

Install it using:

pkg install python3

Confirm if it installed successfully:

which python3
python3 --version

You can create a link to it so that you dont have to type python3 everytime you need to use it. You can simply say python by:

ln -s /usr/local/bin/python3 /usr/local/bin/python.conf 
python --version
Python 3.7.6

So python is installed successfully.

Install pip (Python Package manager)

pkg install py37-pip
pip install --upgrade pip

 

Step 8 (Optional) –  Enable HTTPS

I like to enable HTTPS by self signed certificates so that the communication is encrypted. The first thing you need to do is to create private key and the ssl certificate. Goto:

/usr/local/etc/ssl/

And create a certificate by:

openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout mysqlserver.key -out mysqlserver.crt

Now enable ssl options in the httpd.conf file:

vi -s /usr/local/etc/apache24/httpd.conf 
Listen 443
LoadModule ssl_module libexec/apache24/mod_ssl.so
Include etc/apache24/extra/httpd-vhosts.conf

Once these lines were uncommented (You will need to add Listen 443 yourself). Now edit the httpd-vhosts.conf file

vi /usr/local/etc/apache24/extra/httpd-vhosts.conf

Change the paths in the port 80 directives and add the directive for port 443. 

This is how it looks like at the end:

<VirtualHost *:80>

    DocumentRoot “/usr/local/www/apache24/data/”

    ServerName mysqlserver.home.com

    ServerAlias www.mysqlserver.home.com

    ErrorLog “/var/log/mysqlserver.home.com-error_log”

    CustomLog “/var/log/mysqlserver.home.com-access_log” common

</VirtualHost>

 

 <VirtualHost *:443>

    DocumentRoot “/usr/local/www/apache24/data/”

    SSLEngine on

    SSLCertificateFile “/usr/local/etc/ssl/mysqlserver.crt”

    SSLCertificateKeyFile “/usr/local/etc/ssl/mysqlserver.key”

</VirtualHost>

 

Save the file and restart apache: 

service apache24 restart

 

goto https://your_jail_ip/phpMyAdmin

 

it will load after you add the certificate in the browser!

 

Leave a Reply

Close Menu