Revisions of "FreeBSD 12で自宅サーバの構築　基本システム編その３ "

Posted
Chun3 2019-02-16 12:01 PM JST

Changes in title

+FreeBSD 12で自宅サーバの構築　基本システム編その３

Changes in tags

+FreeBSD

Changes in body

Source | HTML | Preview

@@ -0,0 +1,245 @@

+## はじめに

+FreeBSD 12を使用した自宅サーバの構築を行った。FreeBSD 12はリリースされて間もない状態ですが、カーネルに標準でVIMAGEが取り込まれDNSの外向きと、内向きを別々のシステム（jail+VIMAGE）が同一ホストで構築できることから採用することにしました。その時の構築手順を備忘録の意味も含め、具体的にいくつかに渡り説明する。

+* [基本システム編その１](URL "https://qiita.com/chun3/")

+ - 背景

+ - 基本のインストール

+ - 日本語環境の設定

+* [基本システム編その２](URL "https://qiita.com/chun3/")

+ - セキュリティ

+ - ftpサーバ

+* [基本システム編その３](URL "https://qiita.com/chun3/")（この記事）

+ - jail

+ - 基本システム編おわり

+* [jail内基本システム編](URL "https://qiita.com/chun3/")

+ - 基本の設定（jail1・jail2共通）

+* DNS編

+* Let's Encrypt編

+* Webサーバ編

+* メールサーバ編

+* ファイルサーバ編

+##jailの構築

+外向きと内向きの２つのjailを構築し、ホストにはサーバー類は構築しないこととする。そこで、jailの管理維持のためにqjailを使用する。

+###qjailのインストール

+```

+# pkg install qjail

+Updating FreeBSD repository catalogue...

+Fetching meta.txz: 100% 944 B 0.9kB/s 00:01

+Fetching packagesite.txz: 100% 6 MiB 1.1MB/s 00:06

+Processing entries: 100%

+FreeBSD repository update completed. 31804 packages processed.

+All repositories are up to date.

+Checking integrity... done (0 conflicting)

+The following 1 package(s) will be affected (of 0 checked):

+New packages to be INSTALLED:

+ qjail: 5.4

+Number of packages to be installed: 1

+Proceed with this action? [y/N]: y

+[1/1] Installing qjail-5.4...

+[1/1] Extracting qjail-5.4: 100%

+Message from qjail-5.4:

+########################################################################

+Use the qjail utility to deploy small or large numbers of jails quickly.

+First issue "rehash" command to enable the qjail command (if using csh).

+Then issue

+"man qjail-intro" To read the qjail introduction.

+"man qjail" For qjail usage details.

+"man qjail-howto" For example of driving public traffic to non-vnet jails.

+"man qjail-vnet-howto" For example of creating vnet jails.

+"man qjail-ipv6-testing" For example of testing jails with ipv6 addresses.

+########################################################################

+```

+ファイルシステムインストール

+```

+# qjail install

+resolving server address: ftp2.freebsd.org:80

+requesting http://ftp2.freebsd.org/pub/FreeBSD/releases/amd64/amd64/12.0-RELEASE/base.txz

+remote size / mtime: 154325028 / 1544159064

+base.txz 147 MB 120 kBps 20m48s

+The RELEASE distribution files are populating template.

+Estimated less than 1 minute for this to complete.

+sharedfs is being populated.

+Estimated less than 1 minute for this to complete.

+Successfully installed qjail system.

+```

+外向き用(jail1)と内向き用(jail2)のjailを作成

+```

+# qjail create -4 192.168.1.41 jail1

+Successfully created jail1

+# qjail create -4 192.168.1.42 jail2

+Successfully created jail2

+```

+作成したjailにVIMAGE用の設定を行う

+```

+# qjail config -w em0 -v none jail1

+Successfully enabled vnet.interface for jail1

+Successfully enabled vnet for jail1

+# qjail config -w em0 -v none jail2

+Successfully enabled vnet.interface for jail2

+Successfully enabled vnet for jail2

+```

+設定ファイルを確認する。

+```sh:/usr/local/etc/qjail.config/jail1

+jail1 {

+host.hostname = "jail1";

+path = "/usr/jails/jail1";

+mount.fstab = "/usr/local/etc/qjail.fstab/jail1";

+exec.consolelog = "/var/log/qjail.jail1.console.log";

+mount.devfs;

+devfs_ruleset = "4";

+vnet = "new";

+vnet.interface = "epair1b";

+exec.start = "ifconfig epair1b 192.168.1.41";

+exec.start += "route add default 192.168.1.1";

+exec.start += "/bin/echo "epair1b" > /etc/epair";

+exec.start += "/bin/sh /etc/rc";

+exec.stop = "/bin/sh /etc/rc.shutdown";

+```

+```sh:/usr/local/etc/qjail.config/jail2

+jail2 {

+host.hostname = "jail2";

+path = "/usr/jails/jail2";

+mount.fstab = "/usr/local/etc/qjail.fstab/jail2";

+exec.consolelog = "/var/log/qjail.jail2.console.log";

+mount.devfs;

+devfs_ruleset = "4";

+vnet = "new";

+vnet.interface = "epair2b";

+exec.start = "ifconfig epair2b 192.168.1.42";

+exec.start += "route add default 192.168.1.1";

+exec.start += "/bin/echo "epair2b" > /etc/epair";

+exec.start += "/bin/sh /etc/rc";

+exec.stop = "/bin/sh /etc/rc.shutdown";

+```

+### jail用ports collectionの初期設定

+ホストで操作する

+```

+# portsnap -p /usr/jails/sharedfs/usr/ports fetch

+# portsnap -p /usr/jails/sharedfs/usr/ports extract

+```

+### 日本語マニュアル

+```

+# fetch ftp://ftp.koganemaru.co.jp/pub/jman12/ja-cat-doc-12.0.20181218.amd64.txz

+ja-cat-doc-12.0.20181218.amd64.txz 9419 kB 546 kBps 17s

+# tar -zxf ja-cat-doc-12.0.20181218.amd64.txz -C /usr/jails/sharedfs/

+tar: Removing leading '/' from member names

+# rm /usr/jails/sharedfs/+COMPACT_MANIFEST /usr/jails/sharedfs/+MANIFEST ja-cat-doc-12.0.20181218.amd64.txz

+# ln -s ja /usr/jails/sharedfs/usr/share/man/ja_JP.eucJP

+```

+###起動する

+```

+# qjail start

+Jail successfully started jail1

+Jail successfully started jail2

+```

+確認する。2つのjailが確認でき、ネットワーク設定もem0・epair1a・epair2aがブリッジ接続されている。

+```

+# jls

+ JID IP Address Hostname Path

+ 2 jail1 /usr/jails/jail1

+ 3 jail2 /usr/jails/jail2

+# ifconfig

+em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

+ options=810099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>

+ ether 08:00:27:93:ce:1e

+ inet 192.168.1.32 netmask 0xffffff00 broadcast 192.168.1.255

+ media: Ethernet autoselect (1000baseT <full-duplex>)

+ status: active

+ nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

+lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384

+ options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>

+ inet6 ::1 prefixlen 128

+ inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2

+ inet 127.0.0.1 netmask 0xff000000

+ groups: lo

+ nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

+bridge10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

+ ether 02:af:ae:e8:ed:0a

+ id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15

+ maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200

+ root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0

+ member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

+ ifmaxaddr 0 port 5 priority 128 path cost 2000

+ member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

+ ifmaxaddr 0 port 4 priority 128 path cost 2000

+ member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

+ ifmaxaddr 0 port 1 priority 128 path cost 20000

+ groups: bridge

+ nd6 options=1<PERFORMNUD>

+epair1a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

+ options=8<VLAN_MTU>

+ ether 02:fa:12:43:bd:0a

+ inet6 fe80::fa:12ff:fe43:bd0a%epair1a prefixlen 64 scopeid 0x4

+ groups: epair

+ media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)

+ status: active

+ nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

+epair2a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

+ options=8<VLAN_MTU>

+ ether 02:8a:09:cb:8a:0a

+ inet6 fe80::8a:9ff:fecb:8a0a%epair2a prefixlen 64 scopeid 0x5

+ groups: epair

+ media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)

+ status: active

+ nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

+```

+jail1にログインし、ネットワーク接続を確認する

+```

+# qjail console jail1

+FreeBSD 12.0-RELEASE-p2 GENERIC

+Welcome to your FreeBSD jail.

+jail1 /root >ifconfig

+lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384

+ options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>

+ inet6 ::1 prefixlen 128

+ inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

+ inet 127.0.0.1 netmask 0xff000000

+ groups: lo

+ nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

+epair1b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

+ options=8<VLAN_MTU>

+ ether 02:fa:12:43:bd:0b

+ inet 192.168.1.41 netmask 0xffffff00 broadcast 192.168.1.255

+ inet6 fe80::fa:12ff:fe43:bd0b%epair1b prefixlen 64 scopeid 0x2

+ groups: epair

+ media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)

+ status: active

+ nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

+```

+##基本システム編おわり

+これまでで、ホストの基本システムの構築が完了した。次節からは、jail内の設定として、外向き・内向き用のサーバをインストールしていく。