Requesting feedback from FreeBSD Sysadmins (PortsBuild Project)

mmx

Verified User
Joined
May 8, 2005
Messages
130
Location
Montreal, QC
Hi all, I'm in the middle of developing and testing the first release of PortsBuild, a CustomBuild alternative for FreeBSD 9.3/10.3 and beyond. I've come to a point in the code that warrants user feedback and expectations, as some of the changes I've implemented may potentially cause frustration for those used to CB2 or DirectAdmin defaults.

I am looking for pre-release feedback and requests, so anyone who has a few minutes to spare their opinion on the direction of PortsBuild is not only welcomed but highly appreciated. Basically, I'm doing my best to make sure I keep everyone happy when/while using PortsBuild, so best to ask users for their feedback before the project permanently goes off track. :)

Please note that PortsBuild is absolutely NOT supported by DirectAdmin and comes with no warranty.

Current PortsBuild limitations and changes ("good to know"):
  • Only a single version of PHP can be installed at this time. Installing multiple PHP versions from ports is very, very tricky.
  • Supported PHP versions: 5.5, 5.6, 7.0, or whatever is available from the ports tree.
  • LiteSpeed support has been dropped since it's not found in ports or packages.
  • SquirrelMail support has been dropped due to lack of updates in the ports tree.
  • Default SQL database path has been moved to /var/db/mysql (used to be: /home/mysql) but can be changed.
  • Majority of files that were kept in /etc/ are moved to /usr/local/etc, except /etc/virtual has been kept for mail.
    Example files that are relocated: exim.conf, exim.pl, pureftpd.pdb, proftpd.conf, dovecot.conf, etc.

Included PortsBuild features:
  • All services installed via ports or packages (except Majordomo). The sysadmin can choose to install services via any combination, such as Apache from ports and MariaDB from packages.
  • Ability to define make.conf options through PortsBuild's configuration files.
  • Adheres to FreeBSD's hier recommendations.
  • Ability to apply Apache 2.4 patches, such as suexec, hardened symlinks, etc. even when installing from /usr/ports/www/apache24 :cool:
  • Minimal system modifications; PB only modifies the bare necessities unless you tell it to do more.

What's been kept so far or ported over from CustomBuild:
  • Custom configuration files for all services including the folder tree structure (e.g. custom/ap2, custom/fpm, etc.) with support for additional applications.
  • options.conf has the usual stuff, with the ability to control additional (optional) settings
  • Ability to enable/disable all services, including DNS (named/BIND) and SQL DB (MariaDB/MySQL).
  • Supporting BlockCracking, EasySpamFighter, SpamBlocker, etc.

Here are some examples of changes & differences between CB/DA defaults and PortsBuild. The following are currently implemented in PortsBuild:

CB/DA (Default)PortsBuild (Proposed)
Installing a service
e.g. Apache
./build apache./portsbuild.sh install apache
Updating a service
e.g. Apache
./build apache./portsbuild.sh upgrade apache
OR
pkg upgrade apache24
Path to PHP Sockets/usr/local/php%VER%/sockets/var/run/php/sockets
Path to WWW Directory/var/www/html/usr/local/www
Apache SSL Paths/etc/httpd/conf/ssl.crt
/etc/httpd/conf/ssl.key
/usr/local/etc/apache24/ssl
Both .key & .crt in the same folder;
ability to change paths.
Path to EasySpamFighter & BlockCracking folders/etc/exim.easy_spam_fighter
/etc/exim.blockcracking
/usr/local/etc/exim/esf
/usr/local/etc/exim/bc

Questions for all FreeBSD users interested in the PortsBuild project. You don't have to answer all questions. Any type of feedback or discussion is welcome.

  1. Ideally, how do you expect PortsBuild to function? Do you want a "single use" script, or a system that functions like CustomBuild?
    • Single use = use PortsBuild to install and configure a DirectAdmin box on FreeBSD with ports and packages, and then use pkg/portmaster/synth to manage the system, rarely coming back to PB. Think of PB as a one-time "deployment script" rather than a "daily driver".
    • CB style = continuously use PortsBuild to install/update/manage the DirectAdmin box (along with related services) on a daily basis. PortsBuild will mostly take care of everything.
  2. What do you think about relocating configuration files conforming to the FreeBSD's hier? Such as moving /usr/local/php/sockets to /var/run/php/sockets, or files that were once kept in /etc are now moved to /usr/local/etc? Do you prefer keeping the same structure as DirectAdmin and CustomBuild currently have in place, or are you okay with keeping files in the right places?
  3. Do you expect PortsBuild to upgrade services for you, or do you prefer using port/package management tools such as portmaster, pkg or synth?
  4. Do you expect or prefer PortsBuild update dovecot.conf and exim.conf for you automatically? e.g. whenever a new version of SpamBlocker/ESF/BC shows up.
  5. What do you think about using "synth" to manage and rebuild ports and packages for you? (synth is a nicer alternative to portmaster)
    If not, what do you recommend to use?
  6. Do you expect the same level of customization that CustomBuild offers you, or do you wish to have more flexibility and power? Or, do you tend to modify configuration files more often "by hand" and skip on custom templates?
  7. How much automation do you expect from a system like PortsBuild? Do you want PB to auto-fix common mistakes without prompting you, or do you prefer fixing problems manually?
    In other words, are you okay with PortsBuild automatically fixing problems without stopping to ask you first, or do you prefer the script to stop and exit with a warning and recommending the best course of action for you to consider? Try to think as to how CB tends to handle problems during its operation, and how much "AI-like" processing do you expect (or wish) from PortsBuild.
  8. Are you comfortable having PortsBuild installed under /usr/local/directadmin/portsbuild, or do you prefer elsewhere?
    Other possible places: /usr/local/portsbuild, or: /root/portsbuild

In short: do you expect PortsBuild to function the same way as CustomBuild, or are you okay with a completely different system to get stuff done?
 
1. Both. The PortsBuild should be just a collection of "shortcuts" to common update/configure commands

2. It's a tricky situation. Should be better to have them in the standard FreeBSD hierarchy. BUT... all existing tutorials in the net are with the CB hierarchy... so I don't actually know. What about keeping them with the FreeBSD hierarchy and having additional symlinks to mimick the CB hierarchy as well?

3. I expect PortsBuild to perform upgrades through pkg or portsmaster :)

4. Yes... but not automatically - it must ask for my permission to do it

5. I think portmaster is fine.

6. CB is fine

7. I want it to fix... but prompt before doing it. No exit/warning... just a yes/no question (and if "no" is selected, then exit and let the person fix it himself) :)

8. /usr/local/directadmin/portsbuild is fine
 
About the multiple PHP versions issue - make the primary one to build from ports and the secondary be using the alternative method...
 
While I do commend the effort I have to wonder if it wouldn't be better spent on working with Custombuild devs to improve it for BSD users?
 
While I do commend the effort I have to wonder if it wouldn't be better spent on working with Custombuild devs to improve it for BSD users?

It's not as easy as it sounds unfortunately. I can't simply knock on other developers' doors and ask to contribute without any proof of prior experiences.

Also, I decided to build PortsBuild from scratch as there was a lot of unneeded code in CustomBuild that a FreeBSD system did not need to use.

FYI, PortsBuild also replaces the setup.sh script DirectAdmin provides for first-time installations, resulting in faster FreeBSD deployments. :)
 
Have you tried though? I personally would be happy to get help for something I wasn't very good at.
 
We never used custombuild on FreeBSD servers and recently switched to pkg from ports.
I feel much more easier to manage and upgrade software when using packages.
In rare cases when we need some custom build, we just build from ports.
So I personally don't see why we need some additional software management tools, while we already have pkg.

BTW, Most paths differences (like /var/www/html and /usr/local/www) can be "fixed" with symlinks, and it HAVE to be fixed this way, because /var/www/html path is hardcoded into directadmin and it's used for webmail data management and brute-force monitoring.
 
And, BTW, alternative PHP versions can be easily build from ports if you add something like this into /etc/make.conf:
Code:
PHP_ALT=php52 php53 php55 php70 php71
.for port in ${PHP_ALT}
.if ${.CURDIR:M*/ports*/*/${port}*}
    PREFIX=/usr/local/${port}
    PHPBASE=/usr/local/${port}
    DISABLE_VULNERABILITIES=yes
.endif
.endfor
 
We never used custombuild on FreeBSD servers and recently switched to pkg from ports.
I feel much more easier to manage and upgrade software when using packages.
In rare cases when we need some custom build, we just build from ports.
So I personally don't see why we need some additional software management tools, while we already have pkg.

BTW, Most paths differences (like /var/www/html and /usr/local/www) can be "fixed" with symlinks, and it HAVE to be fixed this way, because /var/www/html path is hardcoded into directadmin and it's used for webmail data management and brute-force monitoring.

PortsBuild is not a package manager: it's a deployment script at its core. It essentially takes care of the symlinks for you, and it's designed to setup a FreeBSD system from scratch with DirectAdmin (it'll install it for you too). Once the system is setup and configured, you can continue using pkg or ports to update the binaries. You can, of course, use PortsBuild to upgrade services with properly configured options if you are lazy.

Not everything installed through packages is compatible with DirectAdmin out of the box. For starters, the X_MAIL_HEADER option is not compiled in by default in the PHP 5.x packages from FreeBSD. You have to compile PHP through ports to enable this option. Another example is SUEXEC support in Apache 2.4, which requires additional patches to be applied to the Ports sources. I took care of that already (and it's a very clean approach to patching). :)

DirectAdmin's WWW directory can be changed through directadmin.conf. Only the PHP paths are hardcoded in DirectAdmin as far as I know.
 
And, BTW, alternative PHP versions can be easily build from ports if you add something like this into /etc/make.conf:
Code:
PHP_ALT=php52 php53 php55 php70 php71
.for port in ${PHP_ALT}
.if ${.CURDIR:M*/ports*/*/${port}*}
    PREFIX=/usr/local/${port}
    PHPBASE=/usr/local/${port}
    DISABLE_VULNERABILITIES=yes
.endif
.endfor

Thank you for that. I'll read through the docs and run some tests to see if this solves the issues I had initially.
 
Not everything installed through packages is compatible with DirectAdmin out of the box. For starters, the X_MAIL_HEADER option is not compiled in by default in the PHP 5.x packages from FreeBSD. You have to compile PHP through ports to enable this option. Another example is SUEXEC support in Apache 2.4, which requires additional patches to be applied to the Ports sources. I took care of that already (and it's a very clean approach to patching). :)
Sure. But it's just a few custom ports while almost everything else can be installed and updated from FreeBSD repository (except alternative PHP versions of course).
DirectAdmin's WWW directory can be changed through directadmin.conf. Only the PHP paths are hardcoded in DirectAdmin as far as I know.
It seems paths for BFM can be changed, but I still believe webmail data path is hardcoded.
Code:
root@mensa:~# /usr/local/directadmin/directadmin c | grep /var/www
brute_force_roundcube_log=/var/www/html/roundcube/logs/errors
brute_force_squirrelmail_log=/var/www/html/squirrelmail/data/squirrelmail_access_log
brute_force_pma_log=/var/www/html/phpMyAdmin/log/auth.log
 
Last edited:
Sure. But it's just a few custom ports while almost everything else can be installed and updated from FreeBSD repository (except alternative PHP versions of course).
It seems paths for BFM can be changed, but I still believe webmail data path is hardcoded.
Code:
root@mensa:~# /usr/local/directadmin/directadmin c | grep /var/www
brute_force_roundcube_log=/var/www/html/roundcube/logs/errors
brute_force_squirrelmail_log=/var/www/html/squirrelmail/data/squirrelmail_access_log
brute_force_pma_log=/var/www/html/phpMyAdmin/log/auth.log

Webmail paths can be changed. The fact that you are seeing those variables means that they can be overridden in directadmin.conf. Like I said, only the PHP paths are hard-coded.
 
There is no "Webmail paths" variables right now. Only "bruteforce log paths" can be overridden, as you can see.
 
There is no "Webmail paths" variables right now. Only "bruteforce log paths" can be overridden, as you can see.

You don't have to set anything in directadmin.conf. You can change where Squirrelmail, RoundCube and everything else installs and serves out of by changing Apache (or Nginx) httpd.conf aliases.

DirectAdmin only installs authentication configuration files for phpMyAdmin and RoundCube installations.
 
As I told in my firs post, directadmin have some webmail management functions - such as cleaning webmail data or backup/restore.
I doubt that DA will read webmail paths from "Apache (or Nginx) httpd.conf aliases".
 
Here's how you can configure the php port to install in different directory

cd /usr/ports/lang/php56
make config
make PREFIX=/usr/local/php56 PHPBASE=/usr/local/php56 install clean DISABLE_CONFLICTS=1
cd /usr/ports/lang/php56-extensions/
make config
 
Here's how you can configure the php port to install in different directory

That's even better! I didn't know about DISABLE_CONFLICTS. No need to modify make.conf (which I try to avoid as much as I can) so this fits PB's goals perfectly.

Thank you!
 
Back
Top