![[PukiWiki]](image/logo_hwiki.png "[PukiWiki]"){kind=logo}
#author("2025-06-06T02:11:20+00:00","hhh","hhh") #author("2025-06-06T08:09:35+00:00","hhh","hhh") &size(24){&color(olive){''FreeBSD''};}; #topicpath #ls2 #contents #br - http://www.freebsd.org/ - FreeBSD UTF-8化 - http://www.bugbearr.jp/?FreeBSD%2FUTF-8%E5%8C%96 - CIDR - https://www.softel.co.jp/labs/tools/network/ *** 一行コメント [#a7df4b23] //#comment(below,noname) - ifconfig em0 media 100baseTx mediaopt full-duplex -- &new{2017-05-01 (月) 09:57:16}; - CPANはwww/p5-libwww -- &new{2016-07-25 (月) 21:47:23}; - /usr/local/bin/rsync -av --iconv=UTF-8,EUC-JP-MS --delete aaa:from bbb:to -- &new{2015-03-26 (木) 17:23:39}; - 引越しのmountには-o async,noatimeを渡すと転送が捗ります -- &new{2012-06-08 (金) 11:03:04}; - インストール後にboot selectorをインストールするには,# boot0cfg -B /dev/ada0 -- &new{2011-10-01 (土) 14:54:47}; - NTFSを日本語で # mount_ntfs -o ro -CEUC-JP /dev/ada1s2 /mnt -- &new{2011-07-28 (木) 22:30:26}; - setxkbmap -option "ctrl:swapcaps" -- &new{2010-09-26 (日) 10:35:52}; - emacsを立ち上げてM-x view-fileするとROでファイルが眺められる。 -- &new{2010-06-09 (水) 13:47:59}; -slogin -Y enables trusted X11 forwarding. -- &new{2009-11-01 (日) 20:48:55}; -xdletaはbinary diff -- &new{2005-09-13 16:38:13 (Tue)}; -chown -h hoge:hoge pon でシンボリックリンクの所有者変更 -- &new{2005-07-08 15:54:34 (Fri)}; -cp -d hoge でシンボリックリンクをシンボリックリンクのままコピー -- &new{2005-07-04 18:26:11 (Mon)}; - FreeBSD .DS_Store掃除 # find /opt -name .DS_Store -print -delete *** Let's Encrypt [#h2cf6001] - https://letsencrypt.org/ - FreeBSD 12とApache 2.4とcertbotでLet's Encrypt! - https://decomo.info/wiki/freebsd/apache/freebsd_12_apache24_certbot - https://decomo.info/wiki/freebsd/apache/freebsd_13_apache24_certbot - https://certbot.eff.org/instructions?ws=apache&os=freebsd - In order to automatically renew the certificates, add this line to /etc/periodic.conf: weekly_certbot_enable="YES" - More config details in the certbot periodic script: /usr/local/etc/periodic/weekly/500.certbot-3.8 - VirtualHost環境でLet’s Encryptを導入 - https://hp.ofuton.org/305/ - Let's Encryptを利用してApache 2.4サーバをHTTPS化する - https://qiita.com/ariaki/items/5680cb6da6223844af4e - certbot # certbot certonly --webroot -w /usr/local/www/apache24/data -d dataz.dyndns.info Successfully received certificate. Certificate is saved at: /usr/local/etc/letsencrypt/live/dataz.dyndns.info/fullchain.pem Key is saved at: /usr/local/etc/letsencrypt/live/dataz.dyndns.info/privkey.pem - Let’s Encryptの証明書をRSA方式で更新。 - https://manualmaton.com/2023/05/28/lets-encrypt%E3%81%AE%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%82%92rsa%E6%96%B9%E5%BC%8F%E3%81%A7%E6%9B%B4%E6%96%B0%E3%80%82/ - certbot # certbot certonly --webroot -w /usr/local/www/apache24/data -d dataz.dyndns.info --key-type rsa *** coreutils [#qf26d1cb] - pkg pkg install coreutils - 1年以内に更新されたフィイルをディレクトリ構造を保ってコピー find mora -mtime -365 -type f -print0 | xargs -0 gcp --parents -t /home/hasebe/mora *** pukiwiki-1.5.4 [#z99f351a] - mod_php80 -- install # pkg install gcc php80-session # cd /usr/ports/www/mod_php80 # sh # export CC=/usr/local/bin/gcc # make install clean # pkg lock mod_php80 # pkg info -D mod_php80 -- https://forums.freebsd.org/threads/apache24-with-mod_php82-wont-start-up.86779/page-2 - php-fpm -- mod_php80 -> php-fpm # pkg delete mod_php80 php80-session php80 # pkg install php81-session -- /etc/rc.conf php_fpm_enable="YES" -- /usr/local/etc/php-fpm.d/www.conf listen = 127.0.0.1:9000 -- /usr/local/etc/apache24/httpd.conf LoadModule proxy_module libexec/apache24/mod_proxy.so LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so <FilesMatch "\.php$"> SetHandler proxy:fcgi://127.0.0.1:9000 </FilesMatch> -- start # /usr/local/etc/rc.d/php-fpm start # apachectl gfraceful *** rsync [#j87d2826] - iconv # cd /usr/ports/converters/libiconv/ # make config [x] ENCODINGS [x] PATCHES - rsync # ce /usr/ports/net/rsync/ # make config [x] ICONV (*) FLAGS - /usr/local/bin/rsync -av --iconv=UTF-8,EUC-JP-MS --delete aaa:from bbb:to - lock pkg lock rsync pkg lock libiconv *** SoftEther VPN [#g04cb34d] - http://ja.softether.org/ - run # vpnserver/vpnserver start // # vpnbridge/vpnbridge start # vpncmd/vpncmd - vpncmd > ServerPasswordSet > UserCreate > UserPasswordSet > BridgeCreate > IPsecEnable - http://ytsrvlog.blogspot.jp/2014/04/softethervpn-2.html - ports To run softether vpn client from startup, add softether_client_enable="YES" in your rc.conf. To run softether vpn server from startup, add softether_server_enable="YES" in your rc.conf. To run softether vpn bridge from startup, add softether_bridge_enable="YES" in your rc.conf. Initial and further configuration of all softether services can be done either by using a Windows client to connect to the running services or by vpncmd from command line. Please note client and bridge functionality is not fully supported on FreeBSD right now. When removing SoftEther VPN without the desire to reinstall, please ensure to remove the directory /var/db/softether as well. *** /usr/src [#w0263729] - checkout svnlite co svn://svn.freebsd.org/base/head /usr/src svnlite co svn://svn.freebsd.org/base/stable/10 /usr/src - リポジトリの確認 # svnlite info Path: . Working Copy Root Path: /usr/src URL: svn://svn.freebsd.org/base/head Relative URL: ^/head Repository Root: svn://svn.freebsd.org/base Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 303551 Node Kind: directory Schedule: normal Last Changed Author: mav Last Changed Rev: 303551 Last Changed Date: 2016-07-30 19:32:28 +0900 (Sat, 30 Jul 2016) # svnlite info Path: . Working Copy Root Path: /usr/src URL: svn://svn.freebsd.org/base/stable/10 Relative URL: ^/stable/10 Repository Root: svn://svn.freebsd.org/base Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 303537 Node Kind: directory Schedule: normal Last Changed Author: sbruno Last Changed Rev: 303459 Last Changed Date: 2016-07-29 05:11:34 +0900 (Fri, 29 Jul 2016) - リポジトリの変更 # svnlite switch --relocate svn://svn.freebsd.org/base/stable/10 svn://svn.freebsd.org/base/stable/11 *** samba4 [#la944902] - rc.conf #samba_enable="YES" samba_server_enable="YES" - smb.conf # cp /usr/local/etc/smb.conf /usr/local/etc/smb4.conf - いったんstart/stop # /usr/local/etc/rc.d/samba_server start # /usr/local/etc/rc.d/samba_server stop - ユーザ移行 # cp /usr/local/etc/samba/* /var/db/samba4/private - wsdd # pkg install py39-wsdd -- /etc/rc.local wsdd_enable="YES" -- Windows 10はNetBIOSをツカわず、Web Service Discoveryのみになった。 -- SMBクライアントがブラウジングリストに表示されない。 *** コンソール [#g3947393] - vtを有効化 -- /boot/loader.conf hw.vga.textmode=0 kern.vty=vt - sc -- モードの確認 # vidcontrol -i mode -- 手動設定 # vidcontrol MODE_291 -- /etc/rc.conf allscreens_flags="MODE_291" *** avahi [#ebe62c3c] - dbus # cd /usr/ports/devel/dbus # make config - X11 # make install clean - avahi # cd /usr/ports/net/avahi # make config - AUTOIPD - GTK # make install clean # vi /usr/local/etc/avahi/avahi-daemon.conf host-name domain-name # vi /etc/nsswitch.conf hosts: files mdns dns - mdns # portmaster dns/nss_mdns *** screen [#ve1f719a] - .screen escape ^T^T vbell off startup_message off defscrollback 1000 defhstatus "^En:^Et" -- [[screenのススメ:http://www.dekaino.net/screen/]] |~shortcut|~command| |c-t S|split| |c-t TAB|switch between split screens| |c-t X|remove| |c-t c-[|copy| |c-t c-]|paste| |SPACE|set start and end point in copy mode| #br -.bashrc export PS1='\h\$ ' -.emacs (setq inhibit-startup-message t) (setq display-time-24hr-format t) (display-time) (setq column-number-mode t) (global-set-key "\M-g" 'goto-line) (set-input-mode nil nil t) ;// -nwのときaltをmetaに ;(tool-bar-mode 0) ; // -nwのときエラーになる todo *** FreeBSDのお引っ越し [#od3221c6] - パーティションスキーム作成 gpart create -s gpt ada1 - boot gpart add -s 64K -t freebsd-boot ada1 - swap # gpart add -s 4G -t freebsd-swap ada1 - / gpart add -s 40G -t freebsd-ufs ada1 - /opt gpart add -t freebsd-ufs ada1 - 確認 gpart show ada1 40 3907029088 ada1 GPT (1.8T) 40 128 1 freebsd-boot (64K) 168 8388608 2 freebsd-swap (4.0G) 8388776 83886080 3 freebsd-ufs (40G) 92274856 3814754264 4 freebsd-ufs (1.8T) 3907029120 8 - free - (4.0K) - boot loader gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada1 - 初期化 newfs /dev/ada1p3 newfs /dev/ada1p4 - /仮マウント mount /dev/ada1p3 /mnt - /引っ越し dump 0aLf - / | (cd /mnt && restore rf -) - /optを仮マウント mount /dev/ada1p4 /mnt/opt - /opt引っ越し dump 0aLf - /opt | (cd /mnt/opt && restore rf -) *** HDD追加 [#v326a93a] - パーティションスキーム作成 # gpart create -s gpt ada1 - パーティション作成 # gpart add -t freebsd-ufs ada1 - ファイルシステム作成 # newfs /dev/ada1p1 - パーティション削除 # gpart delete -i 1 ada1 - パーティションスキーム削除 # gpart destroy ada1 *** gmirror [#q2cedc4f] - root FSもミラーリングできる。 - 単独HDD運用からミラーリングに変更できる。 - geom -- universal control utility for GEOM classes - gmirror -- control utility for mirrored devices - HDD1に普通にFreeBSDをインストールする。 # Device Mountpoint FStype Options Dump Pass# /dev/ad6s1b none swap sw 0 0 /dev/ad6s1a / ufs rw 1 1 /dev/ad6s1d /opt ufs rw 2 2 - /boot/loader.conf kern.geom.part.check_integrity="0" # workaround geom_mirror_load="YES" - ミラーリングデバイスをマウントするようにfstabを書き換える。 # Device Mountpoint FStype Options Dump Pass# /dev/mirror/gm0s1b none swap sw 0 0 /dev/mirror/gm0s1a / ufs rw 1 1 /dev/mirror/gm0s1d /opt ufs rw 2 2 - FreeBSDインストールCDとFreeBSD LIVE FS CDを作る。 - FreeBSDインストールCDから起動して、fixitのshellに入る。 - HDD1をミラーリングに追加 # gmirror label -b round-robin gm0 ad6 - 再起動することを確認する。 - HDD2を接続して起動。 - HDD2をミラーリングに追加 # gmirror insert gm0 ad8 - gmirror status Name Status Components mirror/gm0 COMPLETE ad6 ad8 - HDDがクラッシュするとStatusがCOMPLETEでなくなる。 - なんと電源を落とさずにHDD交換できるらしい。 - やり方はクラッシュしたときに調べるということでヨシトシよう。 - 新規インストール -- パーティション設定でshellを起動 kldload geom_mirror gmirror label gm0 ada0 gpart create -s gpt mirror/gm0 gpart add -s 512k -a 4k -t freebsd-boot -l "boot" mirror/gm0 gpart add -s 100g -a 4k -t freebsd-ufs -l "root" mirror/gm0 gpart add -s 4g -a 4k -t freebsd-swap -l "swap" mirror/gm0 gpart add -s 1600g -a 4k -t freebsd-ufs -l "opt" mirror/gm0 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 mirror/gm0 newfs -j /dev/gpt/root newfs -j /dev/gpt/opt vi /tmp/bsdinstall_etc/fstab /dev/gpt/root / ufs rw,noatime 1 1 /dev/gpt/swap none swap sw 0 0 /dev/gpt/opt /opt ufs rw,noatime 2 2 mount /dev/gpt/root /mnt exit -- リブート前にshellを起動 vi /boot/loader.conf kern.cam.ada.0.quirks="1" geom_mirror_load="YES" -- リブート後HDD追加 gmirror inster gm0 ada1 *** pf [#vd4675bb] - packet filteringはラストマッチングルールで、デフォルトはpass - rc.conf pf_enable="YES" gateway_enable="YES" - /etc/pf.conf -- 変数定義 ext_if="xl0" int_if="fxp0" internal_net="192.168.0.0/24" -- トラフィック成形 scrub in all scrub out all random-id max-mss 1414 -- NAT nat on $ext_if from $internal_net to any -> ($ext_if) -- ポートフォワード rdr on $ext_if proto tcp from any to port 1234 -> $gbx port 1234 -- UPnP rdr-anchor "miniupnpd" anchor "miniupnpd" pass out on $int_if from any to 239.0.0.0/8 keep state pass in on $int_if from any to 239.0.0.0/8 keep state -- SMB block on $ext_if proto {tcp, udp} from any to any port {137, 138, 139, 445} *** mpd [#x0b879bf] - mpd5 startup: default: load pppoe_client pppoe_client: create bundle static B1 set iface route default set iface enable tcpmssfix create link static L1 pppoe set link action bundle B1 set link no acfcomp protocomp set link disable pap set link accept chap set link max-redial 0 set link mtu 1454 set link mru 1454 set link keep-alive 10 60 set auth authname xxx set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set pppoe iface fxp0 set pppoe service "" open *** WLAN STA [#qe5ab091] - /etc/rc.local ifconfig wlan0 create wlandev ath0 mode 11a country J5 wpa_supplicant -B -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf sleep 4 dhclient wlan0 または - /etc/rc.conf wlans_ath0="wlan0" ifconfig_wlan0="WPA DHCP" ifconfig_wlan0_ipv6="inet6 accept_rtadv" - /etc/wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant network={ ssid="AirPort5" psk="1234123412345" } *** WLAN AP [#j1128eec] - manual # ifconfig wlan0 create wlandev ath0 wlanmode hostap mode 11na country J5 # ifconfig bridge0 create addm wlan0 addm fxp0 up - /etc/hostapd.conf nterface=wlan0 driver=bsd ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=aaa country_code=JP #ieee80211d=1 hw_mode=a #channel=13 auth_algs=1 #wme_enabled=1 wpa=2 wpa_passphrase=1111111111111 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP - /etc/rc.conf create_args_wlan0="wlanmode hostap mode 11na country J5" wlans_ath0="wlan0" ifconfig_wlan0="channel 3:ht/40" hostapd_enable="YES" cloned_interfaces="bridge0" ifconfig_bridge0="addm wlan0 addm fxp0 up" *** WLAN monitor [#x6588084] - manual # ifconfig wlan0 create wlandev ath0 wlanmode monitor mode 11a country J5 - tcpdump # ifconfig wlan0 channel 36 # tcpdump -i wlan0 -y IEEE802_11_RADIO -e # tcpdump -i wlan0 -I -e *** vtund Ethernet bridge [#q02230dd] -loader.conf if_bridge_load="YES" if_tap_load="YES -サーバ側 vtund.conf options { port 5000; # Listen on this port. bindaddr { iface vr0; }; # Syslog facility syslog daemon; # Path to various programs ppp /usr/sbin/pppd; ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipchains; ip /sbin/ip; } # Default session options default { compress no; # Compression is off by default speed 0; # By default maximum speed, NO shaping } # Ethernet example. Session 'lion'. lion { passwd aaaaaa; # Password type ether; # Ethernet tunnel device tap0; # Device tap0 proto udp; # UDP protocol compress lzo:1; # LZO compression level 1 encrypt yes; # Encryption stat yes; # Log connection statistic keepalive yes; # Keep connection alive up { ifconfig "%% 192.168.0.2 netmask 0xffffff00"; ifconfig "bridge0 create"; ifconfig "bridge0 addm tap0 addm fxp0 up"; }; down { ifconfig "bridge0 deletem tap0 deletem fxp0"; ifconfig "bridge0 down destroy"; ifconfig "%% delete down"; }; } - クライアント側 vtund.conf options { port 5000; # Connect to this port. timeout 60; # General timeout # Path to various programs ppp /usr/sbin/pppd; ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipchains; ip /sbin/ip; } # Ethernet example. Session 'lion'. lion { passwd aaaaaa; # Password type ether; # Ethernet tunnel device tap0; # Device tap1 up { ifconfig "%% 192.168.100.253 netmask 0xffffff00"; ifconfig "bridge0 create"; ifconfig "bridge0 addm tap0 addm fxp0 up"; }; down { ifconfig "bridge0 deletem tap0 deletem fxp0"; ifconfig "bridge0 destroy"; ifconfig "%% delete down"; }; *** ISOイメージ [#j8e84933] - mdconfig # mdconfig -af hoge.iso md0 # mount -t cd9660 /dev/md0 /mnt # mdconfig -du md0 *** 録音 [#w86022f0] - wavrec #!/bin/sh mixer =rec line rec 25 wavrec -s 48000 -M -t 900 RJ-`date "+%Y-%m-%d"`.wav
