Setting up LAMP/LEMP Stack on FreeBSD
Categories:
8 minute read
FreeBSD is a powerful, secure, and highly stable operating system that serves as an excellent platform for hosting web applications. This guide will walk you through the process of setting up both LAMP (Linux, Apache, MySQL, PHP) and LEMP (Linux, Nginx, MySQL, PHP) stacks on FreeBSD. While the “L” traditionally stands for Linux, we’ll be using FreeBSD as our operating system base.
Table of Contents
- Table of Contents
- Introduction to FreeBSD and Web Stacks
- System Preparation
- Setting Up the LAMP Stack
- Setting Up the LEMP Stack
- Performance Tuning
- Security Considerations
- Troubleshooting Common Issues
- Conclusion
Introduction to FreeBSD and Web Stacks
FreeBSD is a Unix-like operating system known for its reliability, security, and performance. While Linux-based systems are more commonly used for web servers, FreeBSD offers several advantages, including a cohesive base system, advanced networking capabilities, and the powerful ZFS filesystem.
A web stack consists of software components needed to run dynamic web applications. The two most popular stacks are:
- LAMP: Apache as the web server, MySQL as the database, and PHP as the programming language
- LEMP: Nginx (pronounced “Engine X”) as the web server, with MySQL and PHP
Both stacks have their strengths. Apache is feature-rich and highly configurable, while Nginx is known for its performance under high loads and efficient handling of static content.
System Preparation
Before installing either stack, ensure your FreeBSD system is up to date.
# Update the FreeBSD package repository
pkg update
# Upgrade installed packages
pkg upgrade -y
# Install necessary utilities
pkg install -y nano htop wget bash
Now, let’s configure some basics for optimal performance:
# Edit the FreeBSD kernel parameters
cat >> /etc/sysctl.conf << EOF
# Increase maximum number of file descriptors
kern.maxfiles=25000
kern.maxfilesperproc=20000
# Network tuning
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536
EOF
# Apply the new kernel parameters
sysctl -f /etc/sysctl.conf
Setting Up the LAMP Stack
Installing and Configuring Apache
Let’s start by installing Apache:
pkg install -y apache24
After installation, enable Apache to start at boot and start the service:
sysrc apache24_enable="YES"
service apache24 start
Now, configure Apache by editing its main configuration file:
nano /usr/local/etc/apache24/httpd.conf
Make the following adjustments:
- Set
ServerNameto your server’s domain or IP - Adjust
DocumentRootif needed (default is/usr/local/www/apache24/data) - Enable necessary modules (uncomment lines starting with
LoadModulefor required modules) - Configure virtual hosts if you plan to host multiple sites
A basic virtual host configuration would look like this:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/usr/local/www/example.com"
ErrorLog "/var/log/httpd-example-error.log"
CustomLog "/var/log/httpd-example-access.log" combined
<Directory "/usr/local/www/example.com">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Create the document root directory:
mkdir -p /usr/local/www/example.com
chown -R www:www /usr/local/www/example.com
Installing and Securing MySQL/MariaDB
You can choose between MySQL and MariaDB. MariaDB is a community-developed fork of MySQL with additional features:
# For MySQL
pkg install -y mysql80-server
# Or for MariaDB
pkg install -y mariadb105-server
Enable the database server to start at boot and start the service:
# For MySQL
sysrc mysql_enable="YES"
service mysql-server start
# For MariaDB
sysrc mysql_enable="YES"
service mysql-server start
Secure your MySQL/MariaDB installation:
mysql_secure_installation
Follow the prompts to:
- Set a root password
- Remove anonymous users
- Disallow root login remotely
- Remove test database
- Reload privilege tables
Installing and Configuring PHP for Apache
Install PHP and required extensions:
pkg install -y php80 php80-extensions mod_php80
Configure PHP for Apache by creating a configuration file:
echo 'AddType application/x-httpd-php .php' >> /usr/local/etc/apache24/modules.d/001_mod_php.conf
echo 'DirectoryIndex index.php index.html' >> /usr/local/etc/apache24/modules.d/001_mod_php.conf
Next, create a PHP configuration file:
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
Edit the PHP configuration file to adjust settings as needed:
nano /usr/local/etc/php.ini
Common adjustments include:
; Maximum upload file size
upload_max_filesize = 32M
post_max_size = 48M
; Memory limit
memory_limit = 256M
; Maximum execution time
max_execution_time = 60
; Error handling
display_errors = Off
log_errors = On
error_log = /var/log/php_errors.log
Restart Apache to apply the changes:
service apache24 restart
Testing Your LAMP Installation
Create a test PHP file to verify your LAMP stack is working correctly:
cat > /usr/local/www/apache24/data/info.php << EOF
<?php
phpinfo();
EOF
Set proper permissions:
chown www:www /usr/local/www/apache24/data/info.php
Now, open a web browser and navigate to http://your_server_ip/info.php. If PHP is correctly configured, you should see the PHP information page.
Once you’ve verified that everything is working, delete the info.php file for security:
rm /usr/local/www/apache24/data/info.php
Setting Up the LEMP Stack
Installing and Configuring Nginx
Install Nginx:
pkg install -y nginx
Enable Nginx to start at boot and start the service:
sysrc nginx_enable="YES"
service nginx start
Configure Nginx by editing its main configuration file:
nano /usr/local/etc/nginx/nginx.conf
A basic Nginx configuration looks like this:
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/local/www/nginx;
index index.php index.html index.htm;
}
# PHP handler
location ~ \.php$ {
root /usr/local/www/nginx;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
}
Create the necessary directories:
mkdir -p /usr/local/www/nginx
chown -R www:www /usr/local/www/nginx
Installing and Configuring PHP for Nginx
For Nginx, we need PHP with the FastCGI Process Manager (FPM):
pkg install -y php80 php80-extensions php80-fpm
Configure PHP-FPM to start at boot and start the service:
sysrc php_fpm_enable="YES"
service php-fpm start
Edit the PHP-FPM configuration file:
nano /usr/local/etc/php-fpm.d/www.conf
Ensure the following settings are configured:
user = www
group = www
listen = 127.0.0.1:9000
Copy and modify the PHP configuration file:
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
Make the same PHP configuration adjustments as mentioned in the LAMP section.
Testing Your LEMP Installation
Create a test PHP file to verify your LEMP stack is working correctly:
cat > /usr/local/www/nginx/info.php << EOF
<?php
phpinfo();
EOF
Set proper permissions:
chown www:www /usr/local/www/nginx/info.php
Restart Nginx and PHP-FPM:
service nginx restart
service php-fpm restart
Open a web browser and navigate to http://your_server_ip/info.php. If PHP is correctly configured, you should see the PHP information page.
Delete the info.php file after testing:
rm /usr/local/www/nginx/info.php
Performance Tuning
Apache Performance Tuning
Edit /usr/local/etc/apache24/httpd.conf:
nano /usr/local/etc/apache24/httpd.conf
Adjust the following settings:
# Use the event MPM for better performance
<IfModule event.c>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
# Enable compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
</IfModule>
# Enable caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
</IfModule>
Nginx Performance Tuning
Edit /usr/local/etc/nginx/nginx.conf:
nano /usr/local/etc/nginx/nginx.conf
Adjust the following settings:
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 4096;
multi_accept on;
use kqueue;
}
http {
# Basic settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# Compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
# File cache
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
}
MySQL/MariaDB Performance Tuning
Create a custom configuration file:
nano /usr/local/etc/mysql/conf.d/my.cnf
Add the following settings:
[mysqld]
# Cache settings
innodb_buffer_pool_size = 1G
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 2
innodb_flush_method = O_DIRECT
# Connection settings
max_connections = 300
thread_cache_size = 32
# Query cache
query_cache_type = 1
query_cache_size = 64M
Security Considerations
Firewall Configuration
FreeBSD includes the PF (Packet Filter) firewall. Enable and configure it:
# Enable PF
sysrc pf_enable="YES"
# Create a basic ruleset
cat > /etc/pf.conf << EOF
# Define interfaces and networks
ext_if = "vtnet0" # Replace with your network interface
# Default deny policy
block all
# Allow loopback
set skip on lo0
# Allow outgoing connections
pass out all keep state
# Allow established connections
pass in all flags S/SA keep state
# Allow SSH (adjust as needed)
pass in on \$ext_if proto tcp to port 22 keep state
# Allow HTTP and HTTPS
pass in on \$ext_if proto tcp to port { 80, 443 } keep state
EOF
# Load the ruleset
pfctl -f /etc/pf.conf
# Start PF
service pf start
SSL/TLS Configuration
To secure your web server with HTTPS, install Let’s Encrypt’s Certbot:
pkg install -y py39-certbot
For Apache:
pkg install -y py39-certbot-apache
certbot --apache -d example.com -d www.example.com
For Nginx:
pkg install -y py39-certbot-nginx
certbot --nginx -d example.com -d www.example.com
Troubleshooting Common Issues
Apache Not Starting
If Apache fails to start, check the error log:
cat /var/log/httpd-error.log
Common issues include:
- Port conflicts
- Syntax errors in configuration files
- Permission problems
Nginx Configuration Issues
To test your Nginx configuration:
nginx -t
PHP Not Processing
If PHP files are being downloaded instead of executed:
- For Apache, ensure
mod_phpis enabled - For Nginx, check the FastCGI configuration
Database Connection Problems
If your application can’t connect to MySQL/MariaDB:
- Verify the database service is running
- Check user permissions
- Ensure the correct host is allowed in user permissions
Conclusion
Setting up a LAMP or LEMP stack on FreeBSD provides a robust foundation for hosting web applications. FreeBSD’s stability and security features make it an excellent choice for production environments.
Each component in these stacks can be fine-tuned for performance and security, allowing you to build a web server tailored to your specific needs. Whether you choose Apache or Nginx largely depends on your application requirements and expected traffic patterns.
By following this guide, you should now have a fully functional web server environment on FreeBSD, ready to host your web applications with excellent performance and security.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.