In this post we will see how to install FEMP stack on FreeBSD 10.1

FEMP stands for (F)reeBSD (N)ginx (M)ySQL (P)HP-FPM.

I will be using the ports collection to install this. At a production level, installing packages from the ports tree is highly advisable. You can tailor each package to your specific needs — for example disabling all Xorg dependencies which are essentially useless for any kind of headless server, specifying whether to use postgresql, mysql, or sqlite as your database backend, choosing whether to install the documentation for the port, etc, etc. Using ‘pkg install‘ will pull in generic binaries and all the dependencies for that package which have all been built with the default configurations which can sometimes, actually most times, pull in extras that you may not necessarily require.

1) Getting the ports collection updated

root@freebsd:~ # portsnap fetch update

Once the ports collection is ready we can proceed with the installation.

2) Install Nginx WebServer

root@freebsd:~ # cd /usr/ports/www/nginx root@freebsd:/usr/ports/www/nginx # make config-recursive

During this “make phase” you will see the TUI screen with option to select the modules like HTTP_DAV, HTTP_GZIP_STATIC, HTTP_PERL, HTTP_SSL, HTTP_DAV_EXT etc. that you want to be compiled into nginx before installation. Once this is done you can proceed with installation

root@freebsd:/usr/ports/www/nginx # make install clean

Lets start nginx server

root@freebsd:~# echo "nginx_enable=YES" >> /etc/rc.conf root@freebsd:~# service nginx start

3) Install MySql Database Server

As on date Mysql Version 5.1, 5.5 and 5.6 are available in the ports collection. I will be installing mysql-server 5.5

root@freebsd:~ # cd /usr/ports/databases/mysql55-server/ root@freebsd:/usr/ports/databases/mysql55-server # make config-recursive root@freebsd:/usr/ports/databases/mysql55-server # make install root@freebsd:/usr/ports/databases/mysql55-server #

Start mysql-server

root@freebsd:~ # echo "mysql_enable=YES" >> /etc/rc.conf root@freebsd:~ # service mysql-server start

Assign a mysql root password, remove the test database and secure it with the following command

root@blog:~ # mysql_secure_installation

4) Install PHP-FPM

Here again PHP version 5.4, 5.5 and 5.6 are available in ports collection. I will use PHP 5.6

root@freebsd:~ # cd /usr/ports/lang/php56 root@freebsd:/usr/ports/lang/php56 # make config-recursive

In the TUI popup window select FPM, we will install it next.

root@freebsd:/usr/ports/lang/php56 # make install clean

Next we will install some php extensions like php-gd and php-mysql etc

root@freebsd:~ # cd /usr/ports/lang/php56-extensions/ root@freebsd:/usr/ports/lang/php56-extensions # make config-recursive

In the TUI popup screen select optional modules like CURL, GD, EXIF, IMAP, MBSTRING, MCRYPT, MySQL, MySQLi, OPENSSL, PDO_MySQL, ZIP, ZLIB etc.

root@freebsd:/usr/ports/lang/php56-extensions # make install clean

Now its time to make a few changes with how php5-fpm works and connect it to nginx. Create the “php.ini” configuration file.

root@freebsd:~ # cp -R /usr/local/etc/php.ini-production /usr/local/etc/php.ini

Find the parameter that sets “cgi.fix_pathinfo”. This will be commented out with a semi-colon (;) and set to “1” by default.

This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.

We will change both of these conditions by uncommenting the line and setting it to “0” like this:

cgi.fix_pathinfo=0

Start the php-fpm service

root@freebsd:~ # echo "php_fpm_enable=YES" >> /etc/rc.conf root@freebsd:~ # service php-fpm start

Thats It, Our FEMP stack is up and running now. Lets test it

root@freebsd:~ # touch /usr/local/www/nginx/info.php root@freebsd:~ # echo "<?php phpinfo();?>" >> /usr/local/www/nginx/info.php

Now we will define server block in the nginx configuration file “/usr/local/etc/nginx/nginx.conf“. Our server block looks something like this

… server {

listen 80;

server_name example.com;

root /usr/local/www/nginx-dist;

index index.php index.html index.htm;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {

try_files $uri $uri/ /index.html;

}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /usr/local/www/nginx-dist;

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ \.php$ {

# proxy_pass http://127.0.0.1;

# }

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

location ~ \.php$ {

root /usr/local/www/nginx-dist;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

# deny access to .htaccess files, if Apache’s document root

# concurs with nginx’s one

#

location ~ /\.ht {

deny all;

}

} …

Lets try to access the php.info file from a web browser http://www.example.com/php.info

Great..!!! So our FEMP stack is working brilliantly. Please make sure that you delete this “php.info“. Use it for testing only. It is not advisable to keep this file on a production server

Installation Reference: https://www.freebsd.org/doc/handbook/ports-using.html