# BNMP配置

**升级系统和打补丁**<br>

**# freebsd-update fetch**\
**# freebsd-update install**<br>

**如果升级失败**

**# freebsd-update rollback**<br>

**升级后重启服务器**

**# shutdown -r now**<br>

**夜间自动获取补丁**

**# ee /etc/crontab**<br>

**@daily                                  root freebsd-update cron**<br>

**新系统安装软件前先升级ports树**<br>

**获取port树更新**

**# portsnap fetch**<br>

**第一次使用portsnap请extract**

**# portsnap extract**<br>

**更新port树**

**# portsnap update**<br>

**安装port**<br>

**寻找port目录**

**# whereis nginx**

**nginx: /usr/ports/www**<br>

**安装nginx**

**# cd /usr/ports/www/nginx**

**# make install clean**<br>

**安装mysql**

**# cd /usr/ports/databases/mysql57-server**

**# make install clean**<br>

**安装php**

**# cd /usr/ports/lang/php56-extensions**

**# make install clean**<br>

**添加自启动**

**# ee /etc/rc.conf**<br>

**php\_fpm\_enable="YES"**

**nginx\_enable="YES"**

**mysql\_enable="YES"**<br>

**启动nginx**

**# nginx**<br>

**关闭nginx**

**# nginx -s stop**<br>

**热升级,部署,模块替换重载**

**# nginx -s reload**<br>

**升级已安装port**<br>

**安装portmaster**

**# cd /usr/ports/ports-mgmt/portmaster**\
**# make install clean**<br>

**获取需要更新的所有port**

**# portmaster -L**<br>

**自动更新所有port**

**# portmaster -a**<br>

**卸载port**

**# make deinstall**<br>

**Nginx 配置**\ <br>

**# ee /usr/local/etc/nginx/nginx.conf**<br>

**load\_module /usr/local/libexec/nginx/ngx\_mail\_module.so;**

**load\_module /usr/local/libexec/nginx/ngx\_stream\_module.so;**<br>

**worker\_processes  8;    //指定nginx所用cpu核心数量**<br>

**events {**

&#x20;  **worker\_connections  1024;     //每核心用户链接最大数量**

&#x20;  **use kqueue;    // 用于BSD内核,Linux用use epoll**

**}**\ <br>

**http {**

&#x20;  **include       mime.types;**

&#x20;  **default\_type  application/octet-stream;**<br>

&#x20;  **sendfile        on;**

&#x20;  **keepalive\_timeout  65;**<br>

&#x20;  **server {**

&#x20;      **listen      80;**

&#x20;      **server\_name  localhost;**<br>

&#x20;      **location / {**

&#x20;          **root /usr/local/www;**

&#x20;          **index index.html index.htm index.php;**

&#x20;          **if (!-e $request\_filename) {**

&#x20;          **rewrite "^/(.\*)$" /index.php last;**

&#x20;          **}**

&#x20;          **rewrite ^/$/index.php last;**

&#x20;      **}**<br>

&#x20;      **error\_page  404     /404.html;**

&#x20;      **error\_page   500 502 503 504  /50x.html;**

&#x20;      **location = /50x.html {**

&#x20;          **root /usr/local/www/nginx-dist;**

&#x20;      **}**

&#x20;      **location \~ \\.php($|/) {**

&#x20;          **root    /usr/local/www;**

&#x20;          **fastcgi\_pass   127.0.0.1:9000;**

&#x20;          **fastcgi\_index  index.php;**

&#x20;          **fastcgi\_split\_path\_info ^(.+\\.php)(.\*)$;**

&#x20;          **fastcgi\_param   PATH\_INFO $fastcgi\_path\_info;**

&#x20;          **fastcgi\_param   SCRIPT\_FILENAME $document\_root$fastcgi\_script\_name;**

&#x20;          **fastcgi\_param   PATH\_TRANSLATED   $document\_root$fastcgi\_path\_info;**

&#x20;          **include    fastcgi\_params;**

&#x20;      **}**

&#x20;  **}**

**}**\
\ <br>

**FreeBSD 安装mySql**<br>

**配置文件**

**# ee /usr/local/etc/mysql/my.cnf**\
\ <br>

**\[mysqld]**

**socket          = /tmp/mysql.sock**

**# Don't listen on a TCP/IP port at all.**

**skip-networking**

**skip-name-resolve**

**#Expire binary logs after one day:**

**expire\_logs\_days = 1**\ <br>

**启动服务**

**# service mysql-server start**<br>

**安全配置**

**# mysql\_secure\_installation**<br>

**更换root密码**

**# mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'psw', 'root'@'localhost' PASSWORD EXPIRE NEVER;**

**# mysqladmin -u root -p password 'psw'**<br>

**更换数据库位置**<br>

**# cd /var/db**\
**# mv mysql /usr/local/**\
**# ln -s /usr/local/mysql mysql**\
**# cd /usr/local**\
**# chown -R mysql:mysql mysql**<br>

**安装ssl**<br>

**# cd /usr/ports/security/py-certbot**

**# make install clean**

**# certbot certonly --webroot -w /usr/local/www/ -d xxx.com -d** [**www.xxx.com**](http://www.xxx.com/)<br>

**nginx https配置**<br>

**server {**

&#x20;      **listen 80;**

&#x20;       **listen 443 ssl http2;**

&#x20;       **server\_name  xxx.com;**

&#x20;       **server\_name [www.xxx.com](http://www.xxx.com);**<br>

&#x20;       **if ($scheme = http) {**

&#x20;               **return   301 https\://$host$request\_uri;**

&#x20;       **}**<br>

&#x20;       **ssl\_certificate          /usr/local/etc/letsencrypt/live/xxx.com/fullchain.pem;**

&#x20;       **ssl\_certificate\_key      /usr/local/etc/letsencrypt/live/xxx.com/privkey.pem;**

&#x20;       **ssl\_trusted\_certificate /usr/local/etc/letsencrypt/live/xxx.com/chain.pem;**\ <br>

&#x20;       **ssl\_protocols TLSv1 TLSv1.1 TLSv1.2;**

&#x20;       **ssl\_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA";**<br>

&#x20;      **ssl\_prefer\_server\_ciphers on;**

&#x20;       **ssl\_ecdh\_curve secp384r1;**<br>

&#x20;       **ssl\_session\_cache    shared:SSL:10m;**

&#x20;       **ssl\_session\_timeout  10m;**

&#x20;       **ssl\_session\_tickets off;**<br>

&#x20;       **add\_header Strict-Transport-Security "max-age=31536000";**

&#x20;       **add\_header X-Frame-Options SAMEORIGIN;**

&#x20;       **add\_header X-Content-Type-Options nosniff;**<br>

&#x20;       **resolver 8.8.8.8 8.8.4.4 valid=300s;**

&#x20;       **resolver\_timeout 10s;**

&#x20;       **ssl\_stapling on;**

&#x20;       **ssl\_stapling\_verify on;**<br>

&#x20;       **ssl\_buffer\_size 8k;**<br>

&#x20;**;…...**<br>

&#x20;  **}**\ <br>

**更新证书**<br>

**# certbot renew**\
\
\
\
\ <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://guenchi.gitbook.io/louis/bnmp-pei-zhi.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.