Created FreeNAS 11.1-U5 (FreeBSD) (markdown)

FreeNAS-11.1-U5-(FreeBSD).md

@@ -0,0 +1,162 @@
+# Host Invoice Ninja on FreeNAS with a self signed cert
+
+First lets create the iocage jail, you can do this through the new UI but its waaay faster to use CLI. ssh into freenas and lets get going.
+
+### Create the iocage jail (Replace the ip with what works for you):
+
+`iocage create -n InvoiceNinja -r 11.1-RELEASE ip4_addr="vnet0|192.168.1.23/24" defaultrouter="192.168.1.2" vnet="on" allow_raw_sockets="1" boot="on"`
+
+### Lets log into the jail:
+
+`iocage console InvoiceNinja`
+
+
+### Install all the dependencies:
+
+`pkg install -y nginx nano git curl openssl mariadb102-server php71 php71-ctype php71-pdo php71-pdo_mysql php71-session php71-iconv php71-filter php71-openssl php71-phar php71-mysqli aws-sdk-php php71-simplexml php71-xmlreader php71-xmlwriter php71-fileinfo php71-pear-PHP_Parser php71-tokenizer php71-mcrypt php71-gd php71-curl php71-gmp php71-json php71-zip php71-xml php71-readline php71-opcache php71-mbstring`
+
+### AutoStart php, mysql and nginx:
+
+`sysrc mysql_enable=YES`<br>
+`sysrc nginx_enable=YES`<br>
+`sysrc php_fpm_enable=YES`<br>
+`service nginx start`<br>
+`service mysql-server start`<br>
+`service php-fpm start`<br>
+
+### Modify php files to host the web server using user www:
+
+`sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf`<br>
+`sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf`<br>
+`sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf`<br>
+`sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf`<br>
+`cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini`<br>
+`sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini`<br>
+
+### Create the MySQL database for invoice ninja:
+
+`mysql -u root -e "CREATE DATABASE ninja;"`<br>
+`mysql -u root  -e "CREATE USER 'ninja'@'localhost' IDENTIFIED BY 'ninja';"`<br>
+`mysql -u root -e "GRANT ALL PRIVILEGES ON ninja.* TO 'ninja'@'localhost';"`<br>
+`mysql -u root -e "FLUSH PRIVILEGES;"`<br>
+
+### Secure the database:
+
+Answer most of the questions with yes. Read them.
+
+`mysql_secure_installation`<br>
+
+### Install Invoice Ninja (Installed to /usr/local/ninja):
+
+`curl -sS https://getcomposer.org/installer | php`<br>
+`mv composer.phar /usr/local/bin/composer`<br>
+`mkdir /usr/local/ninja`<br>
+`git clone https://github.com/hillelcoren/invoice-ninja.git /usr/local/ninja`<br>
+`cd /usr/local/ninja && composer install --no-dev -o `<br>
+
+### Generate a self signed cert named "ininja":
+
+`mkdir -p /etc/nginx/ssl`<br>
+`openssl genrsa -des3 -passout pass:x -out /etc/nginx/ssl/ininja.pass.key 2048`<br>
+`openssl rsa -passin pass:x -in /etc/nginx/ssl/ininja.pass.key -out /etc/nginx/ssl/ininja.key`<br>
+`rm /etc/nginx/ssl/ininja.pass.key`<br>
+`openssl req -new -key /etc/nginx/ssl/ininja.key -out /etc/nginx/ssl/ininja.csr`<br>
+`openssl x509 -req -days 365 -in /etc/nginx/ssl/ininja.csr -signkey /etc/nginx/ssl/ininja.key -out /etc/nginx/ssl/ininja.crt` <br>
+
+### Set correct permissions for invoice ninja:
+
+`touch /usr/local/ninja/.env`<br>
+`chown www:www /usr/local/ninja/.env`<br>
+`chmod -R 755 /usr/local/ninja/storage`<br>
+`cd /usr/local/ninja && chown -R www:www storage bootstrap public/logo`<br>
+
+### Now lets create the nginx config. Replace the server_name with your IP or domain name:
+
+`rm /usr/local/etc/nginx/nginx.conf`<br>
+`nano /usr/local/etc/nginx/nginx.conf`<br>
+
+Copy the contents below and replace ip the wiki formatted it weird, copy everything after nginx.conf till the next heading:
+
+### nginx.conf
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+	
+	server {
+		listen      443 default;
+		server_name 192.168.1.23;
+		ssl on;
+		ssl_certificate     /etc/nginx/ssl/ininja.crt;
+		ssl_certificate_key /etc/nginx/ssl/ininja.key;
+		ssl_session_timeout 5m;
+		ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
+		ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
+		ssl_prefer_server_ciphers on;
+		root /usr/local/ninja/public;
+		index index.html index.htm index.php;
+		charset utf-8;
+		location / {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+		location = /favicon.ico { access_log off; log_not_found off; }
+		location = /robots.txt  { access_log off; log_not_found off; }
+		access_log  /var/log/nginx/ininja.access.log;
+		error_log   /var/log/nginx/ininja.error.log;
+		sendfile off;
+		location ~ \.php$ {
+			fastcgi_split_path_info ^(.+\.php)(/.+)$;
+			fastcgi_pass unix:/var/run/php-fpm.sock;
+			fastcgi_index index.php;
+			include fastcgi_params;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_intercept_errors off;
+			fastcgi_buffer_size 16k;
+			fastcgi_buffers 4 16k;
+		}
+		location ~ /\.ht {
+			deny all;
+		}
+	}
+	server {
+		listen      80;
+		server_name 192.168.1.23;
+		add_header Strict-Transport-Security max-age=2592000;
+		rewrite ^ https://$server_name$request_uri? permanent;
+	}
+}
+
+### Ok lets restart all the services you should be able to access the GUI setup on https://yourip
+
+**HTTPS!** 
+
+`service mysql-server restart`<br>
+`service php-fpm restart`<br>
+`service nginx restart`<br>
+
+
+
+
+
+
+
+
+