Tag Archives: FreeBSD

Moving MediaWiki to nginx

In a previous article we described the migration of this WordPress site from Apache to nginx. This article describes a similar task involving a private MediaWiki site.

The front-end is an internet-facing reverse-proxy enforcing SSL with client certificates. The back-end is implemented with nginx and php-fpm. Both ends run inside jails on FreeBSD servers.

This article focusses on the back-end configuration, the nginx instance that serves static content from the MediaWiki installation at /usr/local/www/mediawiki/ and forwards PHP requests to the php-fpm service listening on port 9000.

Continue reading Moving MediaWiki to nginx

Moving WordPress to nginx

This WordPress site has been migrated from Apache to nginx. The front-end is an internet-facing reverse-proxy using nginx, with the back-end using nginx and php-fpm. Both ends run inside jails on FreeBSD servers.

This article focusses on the back-end configuration, the nginx instance that serves static content from the WordPress installation at /usr/local/www/wordpress/ and forwards PHP requests to the php-fpm service listening on port 9000.

Continue reading Moving WordPress to nginx

Moving MediaWiki to nginx

See revised article

In a previous article we described the migration of this WordPress site from Apache to nginx. This article describes a similar task involving a private MediaWiki site.

The front-end is an internet-facing reverse-proxy enforcing SSL with client certificates. The back-end is implemented with nginx and php-fpm. Both ends run inside jails on FreeBSD servers.

This article focusses on the back-end configuration, the nginx instance that serves static content from the MediaWiki installation at /usr/local/www/mediawiki/ and forwards PHP requests to the php-fpm service listening on port 9000.

Continue reading Moving MediaWiki to nginx

Moving WordPress to nginx

See revised article

This WordPress site has been migrated from Apache to nginx. The front-end is an internet-facing reverse-proxy using nginx, with the back-end using nginx and php-fpm. Both ends run inside jails on FreeBSD servers.

This article focusses on the back-end configuration, the nginx instance that serves static content from the WordPress installation at /usr/local/www/wordpress/ and forwards PHP requests to the php-fpm service listening on port 9000.

Continue reading Moving WordPress to nginx

Replace Sendmail with Postfix

Postfix has been used on my mail servers for a number of years. My other servers only need minimal email to send out periodic reports, so Sendmail from the base system is adequate, easily started from /etc/rc.conf and works out of the box (until recently).

After updating FreeBSD to 10.1-RELEASE-p12 a couple of days ago, to address a security advisory relating to OpenSSL, Sendmail now refuses to work. Long story short, I decided to take this opportunity to replace Sendmail with a submit-only PostFix installation.

Continue reading Replace Sendmail with Postfix

Bridging Firewall

The bridging firewall can be deployed to enhance the security of a network, particularly a perimeter network with a block of addresses where a router may not be appropriate. The bridging aspect offers a stealthy solution with the ability to partition the perimeter network into a number of separately protected zones.

The bridge is an additional layer of security that can easily be inserted in place of a switch or hub. The article focusses on a firewall that sits between the service provider’s equipment and three protected networks.

The design and configuration of a bridging firewall is described, using a FreeBSD server with several network interfaces. The example network is a /29 subnet feeding a wireless LAN, a wired LAN, and a small server farm.

Continue reading Bridging Firewall