Skip to content

Instantly share code, notes, and snippets.

@df-a

df-a/FreeNAS.md

Forked from nojuan/FreeNAS.md
Created January 13, 2022 05:10
Show Gist options
  • Save df-a/8f82bbc5281f375e116af6c56e87f041 to your computer and use it in GitHub Desktop.
Save df-a/8f82bbc5281f375e116af6c56e87f041 to your computer and use it in GitHub Desktop.
Download ZIP
Utimate FreeNAS Setup
Raw
FreeNAS.md

FreeNAS

This page is constantly being edited and worked on. Most of these should work but some might be broken.

Here are straight-forward instructions to setting up a bunch of different software on FreeNAS. If you make a terrible error, just throw up another plugin sandbox and repeat.

ToC

My current setup:

Configuration:

Other Apps:

Notes

Gist is awesome, and currently this write-up is written in Markdown. Unfortunately that means you'll have to replace a bunch of references to:

  • tetra: My zpool
  • 192.168.1.2: My static FreeNAS ip
  • 192.168.1.3: My static media jail ip
  • 192.168.1.4: My static backup jail ip

Along with that be sure to keep paths consistent between your builds. It is easy to forget if you SSH'd into FreeNAS or into the jail.

Additionally, do not copy/paste entire chunks of commands. I often skip over different yes/no options for brevity in this guide. Read what the prompt says and feel free to drop a comment if answers seem ambiguous.

Setting up the jail

Create a jail using the FreeNAS web UI

Jail name: media_jail
IPv4 address: 192.168.1.3/24
autostart: checked
type: pluginjail
VIMAGE: unchecked
vanilla: checked
sysctls: allow.raw_sockets=true,allow.sysvipc=true

Ports and dependencies

ssh [email protected]
jls
jexec 17 tcsh
passwd
portsnap fetch extract
portsnap fetch update
sysrc sshd_enable=YES
sysrc ftpd_enable=YES
cd /usr/ports/ports-mgmt/pkg/ && make deinstall
cd /usr/ports/ports-mgmt/pkg/ && make install clean
pkg2ng
cd /usr/ports/ports-mgmt/portmaster && make config-recursive install clean
cd /usr/ports/devel/git && make config-recursive install clean
cd /usr/ports/devel/py-cheetah && make config-recursive install clean

Create a 'media' user and create media directory

mkdir /mnt/media
adduser
Username   : media
Password   : <blank>
Full Name  : Media
Uid        : 1001
Class      : 
Groups     : media 
Home       : /home/media
Home Mode  : 
Shell      : /bin/tcsh
Locked     : no
id media

Create this user in your FreeNAS with the same uid and gid (typically 1001 if you haven't made a custom account yet).

Add mounts for media + crashplan backups inside the jail (/mnt//media to /mnt/media).

Software

Transmission

pkg update && pkg upgrade
pkg install -y transmission-daemon

# did not need this one
sysrc transmission_conf_dir="/var/db/transmission"

sysrc transmission_download_dir=""
sysrc transmission_enable="YES"

# you might need to change the white list in settings.json to 0.0.0.0

restart jail use your browser and navigate to jail_ip:9091

Jackett

https://github.com/Jackett/Jackett/releases https://forums.freenas.org/index.php?threads/need-help-installing-jackett-on-freenas-in-a-jail.38384/

pkg update && pkg upgrade
pkg install -y mono curl
cd /usr/local/
fetch https://github.com/Jackett/Jackett/releases/download/v0.7.923/Jackett.Binaries.Mono.tar.gz
tar -zxvf Jackett.Binaries.Mono.tar.gz
rm Jackett.Binaries.Mono.tar.gz
echo "/usr/local/bin/mono /usr/local/Jackett/JackettConsole.exe" >> /etc/rc.d/jackett
chmod 555 /etc/rc.d/jackett

restart jail
use your browser and navigate to jail_ip:9117

Update

cd /usr/local/
fetch https://github.com/Jackett/Jackett/releases/download/v0.7.923/Jackett.Binaries.Mono.tar.gz
tar -zxvf Jackett.Binaries.Mono.tar.gz
rm Jackett.Binaries.Mono.tar.gz

Emby

pkg update && pkg upgrade
pkg install -y emby-server
sysrc emby_server_enable=YES
service emby-server start

# Update FreeBSD ports tree
portsnap fetch update
# might need to run this, watch log closely
portsnap extract

# Remove default FFMpeg package
pkg delete -f ffmpeg

# Reinstall FFMpeg from ports with lame option enabled
cd /usr/ports/multimedia/ffmpeg
make config

# enable the lame option
# enable the ass subtitles option
# enable the opus subtitles option
# enable the x265 subtitles option

# last step
make install clean

use your browser and navigate to jail_ip:8096

Sonarr

https://github.com/Sonarr/Sonarr/wiki/Installation-FreeBSD

pkg install sonarr
sysrc sonarr_enable=YES
pkg upgrade
service sonarr start
# not the best option but works for in app updates
chmod 777 /usr/local/share/sonarr

use your browser and navigate to jail_ip:8989

Updating Sonarr

pkg upgrade sonarr or though the web interface

Plex

pkg install -y plexmediaserver
sysrc plexmediaserver_enable=YES
service plexmediaserver start
ln -s /mnt/myVol/jails/plex/usr/local/plexdata/Plex\ Media\ Server/Logs/ Plex\ Logs

use your browser and navigate to jail_ip:32400/web

Updating Plex

pkg upgrade plexmediaserver

Might be an issue:There has been new security settings added and there was a problem with the plex scanner making a request to a local agent. To fix it you should add 192.168.1.0/24 to Settings -> Server -> Network -> Enabled Advanced -> "List of IP Address and networks that are allowed without auth" add 192.168.1.0/24. After that, click refresh all and the scanner should be able to connect to the local agent.

Ombi

https://github.com/tidusjar/Ombi/releases https://forums.freenas.org/index.php?threads/plex-request-or-similar.42187/

pkg update && pkg upgrade
pkg install -y mono screen
echo 'jail_sysvipc_allow="YES"' >> /etc/rc.conf
fetch https://github.com/tidusjar/Ombi/releases/download/v2.0.1/Ombi.zip
unzip Ombi.zip
mv Release /usr/local/Ombi
rm Ombi.zip
touch /etc/rc.d/ombi
echo "/usr/local/bin/screen -d -m -S root nohup /usr/local/bin/mono /usr/local/Ombi/Ombi.exe" >> /etc/rc.d/ombi
chmod 555 /etc/rc.d/ombi

restart jail
use your browser and navigate to jail_ip:3579

Radarr

https://github.com/Radarr/Radarr/releases https://github.com/Radarr/Radarr

pkg update && pkg upgrade
pkg install -y mono mediainfo sqlite3
#needed this to stop error:Could not find libgdiplus. Cannot test if image is corrupt.: Couldn't load GDIPlus library
pkg install libgdiplus

cd /usr/local/
fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.210/Radarr.develop.0.2.0.210.linux.tar.gz
tar -zxvf Radarr.develop.0.2.0.210.linux.tar.gz
rm Radarr.develop.0.2.0.210.linux.tar.gz
echo "/usr/local/bin/mono /usr/local/Radarr/Radarr.exe" > /etc/rc.d/radarr
chmod 555 /etc/rc.d/radarr
#this is needed for updates within Radarr
ln -s /usr/local/bin/mono /bin

restart your jail
use your browser and navigate to jail_ip:7878

Updating Radarr

Updating is done through the web interface

Unifi

https://www.freshports.org/net-mgmt/unifi5/ https://forums.freenas.org/index.php?threads/how-i-installed-unifi-controller.40193/

pkg update && pkg upgrade
pkg install -y mongodb unifi5
sysrc mongod_enable="YES"
sysrc unifi_enable="YES"

restart your jail
use your browser and navigate to jail_ip:8443

PlexPy

cd /usr/local && git clone https://github.com/JonnyWong16/plexpy.git
chown -R media:media plexpy
cp /usr/local/plexpy/init-scripts/init.freebsd /usr/local/etc/rc.d/plexpy
chmod +x /usr/local/etc/rc.d/plexpy
sysrc plexpy_enable=YES
sysrc plexpy_user=media
sysrc plexpy_dir=/usr/local/plexpy
sysrc plexpy_port=8083

Sabnzbd

cd /usr/ports/news/sabnzbdplus && make config-recursive install clean
chown -R media:media sabnzbd
sysrc sabnzbd_enable=YES
sysrc sabnzbd_user=media
sysrc sabnzbd_group=media

SickRage

cd /usr/local && git clone git://github.com/SickRage/SickRage.git sickrage
chown -R media:media sickrage
cp /usr/local/sickrage/runscripts/init.freebsd /usr/local/etc/rc.d/sickrage
sysrc sickrage_enable=YES
sysrc sickrage_user=media
sysrc sickrage_group=media

Couch Potato

cd /usr/local && git clone git://github.com/RuudBurger/CouchPotatoServer.git couchpotato
chown -R media:media couchpotato
cp /usr/local/couchpotato/init/freebsd /usr/local/etc/rc.d/couchpotato
chmod +x /usr/local/etc/rc.d/couchpotato
sysrc couchpotato_enable=YES
sysrc couchpotato_user=media
sysrc couchpotato_group=media
sysrc couchpotat_dir=/usr/local/couchpotato

Headphones

pkg update && pkg upgrade
pkg install py27-sqlite3  py27-cheetah
cd /usr/local && git clone git://github.com/rembo10/headphones.git
chown -R media:media headphones
cp /usr/local/headphones/init-scripts/init.freebsd /usr/local/etc/rc.d/headphones
chmod +x /usr/local/etc/rc.d/headphones
sysrc headphones_enable=YES
sysrc headphones_user=media
sysrc headphones_group=media

# edit rc.d/headphones, change python lcation to /usr/local/bin/python

use your browser and navigate to jail_ip:8181

Subsonic

https://project.altservice.com/issues/752

pkg update && pkg upgrade
pkg install subsonic-standalone
sysrc subsonic_enable=YES
service subsonic start

use your browser and navigate to jail_ip:4040

# edit usr/local/etc/rc.d/subsonic if you want web index /subsonic
# turn off transcoding for each player in Subsonic settings
# add storage and media folders
# change admin password and grant access to music folders

Madsonic

Discovered madsonic only recently (quite a surprise!). Looks like a great fork of subsonic that includes a number of features for free compared to subsonic. The port depends on jetty server and other stuff. I prefer to use openjdk and a standalone install as done below. Use the madsonic start script also attached to the gist.

pkg update && pkg upgrade
pkg install jdk8-jre
mkdir -p /usr/local/madsonic && cd /usr/local/madsonic
wget -Omadsonic.tar.gz http://madsonic.org/download/6.0/20160122_madsonic-6.0.7960-standalone.zip
tar -zxvf madsonic.tar.gz
rm madsonic.tar.gz
chown -R media:media /usr/local/madsonic

vi /usr/local/etc/rc.d/madsonic
# Use the file "madsonic" attached below
chmod a+x /usr/local/etc/rc.d/madsonic

sysrc madsonic_enable=YES
sysrc madsonic_user=media
sysrc madsonic_group=media
sysrc madsonic_bin=/usr/local/madsonic/madsonic.sh
sysrc madsonic_podcast_folder=/mnt/media/music/podcasts
sysrc madsonic_playlist_folder=/mnt/media/music/playlists

Here is the madsonic launch script to use.

Deluge

https://forums.freenas.org/index.php?threads/install-deluge-in-a-jail.28778/page-3 Uncheck option for GTK during configuration.

cd /usr/ports/net-p2p/deluge-cli && make WITHOUT_X11=yes config-recursive install clean
mkdir -p /usr/local/deluge
chown -R media:media /usr/local/deluge
sysrc deluged_enable=YES
sysrc deluged_user=media
sysrc deluged_group=media
sysrc deluged_confdir=/usr/local/deluge
sysrc deluge_web_enable=YES
sysrc deluge_web_user=media
sysrc deluge_web_group=media
sysrc deluge_web_confdir=/usr/local/deluge

or try this

pkg update && pkg upgrade
pkg install deluge-cli
pw useradd -n deluge -u 1001 -c "Deluge BitTorrent Client" -s /sbin/nologin -w no
echo 'deluged_enable="YES"' >> /etc/rc.conf
echo 'deluged_user="deluge"' >> /etc/rc.conf
echo 'deluge_web_enable="YES"' >> /etc/rc.conf
echo 'deluge_web_user="deluge"' >> /etc/rc.conf
mkdir -p /home/deluge/.config/deluge
chown -R deluge:deluge /home/deluge/
ee /etc/group
in that file, add or modify the line to make the deluge user member of the media group:
media:*:1000:deluge
[Esc], [a], [a] to save and close the file
/usr/local/etc/rc.d/deluged start
Go with your web browser to: http://<your jail ip>:8112
pw is "deluge" without the quotes

#enable plugins
mkdir /.python-eggs
chmod 755 /.python-eggs

service deluge_web stop
edit the following line in /home/deluge/.config/deluge/web.conf from
Code:
 "default_daemon": "",
to
Code:
 "default_daemon": "127.0.0.1:58846",
 
 service deluge_web start

Calibre

pkg install calibre
sysrc calibre_enable=YES
sysrc calibre_port=8082
sysrc calibre_user=media
sysrc calibre_group=media
sysrc calibre_library=/mnt/media/books

Nginx webserver + PHP + MYSQL

For PHP5-extensions, include: bz2 ctype curl ftp dom exif fileinfo gd gmp iconv json ldap mbstring mcrypt mysql mysqli openssl pdo_mysql pdo_pgsql pdo_sqlite pgsql xsl zip zlib

For PHP5, include: FPM

pkg install -y nginx mysql56-server postgresql94-server php56-extensions
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
cd /usr/local/etc/nginx && cp nginx.conf-dist nginx.conf && cp mime.types-dist mime.types
sysrc nginx_enable=YES
sysrc php_fpm_enable=YES
sysrc mysql_enable=YES
sysrc postgresql_enable=YES
service postgresql initdb
service postgresql start
service mysql-server start
mysql_secure_installation
su pgsql
passwd

Modify nginx.conf similar to the attached nginx.conf file. Make sure to pay close attention to where "root" is and "location ~ .php$". You can overwrite the file with ":wq!"

Create a similar index.html as below in folder /usr/local/www.

NextCloud

cd /usr/ports/www/nextcloud && make config-recursive install clean
su pgsql
createdb ocdb
psql -s ocdb
create user <user> password <password>
GRAND ALL PRIVELEGES ON DATABASE ocdb TO <user>

Tiny Tiny RSS

Helpful link: http://tt-rss.org/forum/viewtopic.php?f=16&t=911

cd /usr/ports/www/tt-rss && make config-recursive && make install clean
sysrc ttrssd_enable=YES
mysql -u root -p
CREATE DATABASE ttrssdb;
GRANT ALL ON ttrssdb.* TO ttrssuser IDENTIFIED BY "pick some random long password with lots of words BLAMMY";
quit;
chown -R www:www /usr/local/www/tt-rss
rm /usr/local/www/tt-rss/config.php

Updates

Sonarr:pkg upgrade sonarr
Radarr: through the web interface
Plex: pkg upgrade plexmedia-server
Plexpy : through web interface

Backups

Important files

Sonarr: download backup through web interface or nzbdrone.db config.xml
Radarr: download backup through web interface or nzbdrone.db config.xml
Unifi: download backup through web interface
Ombi: Ombi.sqlite
Headphones: headphones.db config.ini

Plexpy

/usr/local/plexpy/config.ini
/usr/local/plexpy/plexpy.db 
/usr/local/plexpy/plexpy.log
/usr/local/plexpy/backups

Emby

/var/db/emby-server/config
/var/db/emby-server/plugins
/var/db/emby-server/data/collections
/var/db/emby-server/data/playlists
/var/db/emby-server/data/displaypreferences.db
/var/db/emby-server/data/userdata_v2.db (if present)
/var/db/emby-server/data/users.db

Additionally, backup the library database file, but put it into a separate place from the others. This file will not be copied into your new Emby Server installation, but we will migrate your user data, such as watched data, favorites, etc.

/ProgramData/data/library.db

You'll need a Sqlite database editor such as DB Browser for Sqlite.
 
You'll need to open the old library.db file, then attach the new library.db file. You can then migrate the data using:
REPLACE INTO NewDB.userdata SELECT * FROM userdata

Install Emby on the new machine as you normally would. When the startup wizard launches in the browser, do not complete it and instead shut down the server.
 
Now take all of the files you backed up from the old server and copy them into the equivalent locations on the new server.
 
Then launch the new server, sign into the dashboard and setup your library paths. Allow the scan to complete as normal.

https://emby.media/community/index.php?/topic/10427-how-to-migrate-media-browser-server/

Sickbeard replacement: sickbeard.db and config.ini
Sabnzbd replacement: sabnzbd.ini
Couch potato replacement:
Plex: not worth it

Moving over databases and config files from plugins Log into FreeNAS

cp /mnt/tetra/plugins_1/usr/pbi/sickbeard-amd64/data/config.ini /mnt/tetra/media_jail/usr/local/sickbeard
cp /mnt/tetra/plugins_1/usr/pbi/sickbeard-amd64/data/sickbeard.db /mnt/tetra/media_jail/usr/local/sickbeard
cp /mnt/tetra/plugins_1/usr/pbi/sabnzbdplus-amd64/sabnzbd/sabnzbd.ini /mnt/tetra/media_jail/usr/local/sabnzbd
cp /mnt/tetra/plugins_1/usr/pbi/headphones-amd64/data/config.ini /mnt/tetra/media_jail/usr/local/headphones/
cp /mnt/tetra/plugins_1/usr/pbi/headphones-amd64/data/headphones.db /mnt/tetra/media_jail/usr/local/headphones/
cp /mnt/tetra/plugins_1/usr/local/CouchPotatoServer/data/settings.conf /mnt/tetra/media_jail/usr/local/CouchPotatoServer/data
cp /mnt/tetra/plugins_1/usr/local/CouchPotatoServer/data/couchpotato.db /mnt/tetra/media_jail/usr/local/CouchPotatoServer/data

Make sure your settings move across the boundary. Daemons might not start up if ip's, filepaths, etc. are different.

Common Commands

https://www-uxsup.csx.cam.ac.uk/pub/doc/suse/suse9.0/userguide-9.0/ch24s04.html

cd /directorypath	: Change to directory.
chmod [options] mode filename	: Change a file’s permissions.
chown [options] filename :	Change who owns a file.
cp [options] :source destination	: Copy files and directories.
ln -s test symlink	: Creates a symbolic link named symlink that points to the file test
mkdir [options] directory	: Create a new directory.
mv -i myfile yourfile : Move the file from "myfile" to "yourfile". This effectively changes the name of "myfile" to "yourfile".
mv -i /data/myfile :	Move the file from "myfile" from the directory "/data" to the current working directory.
rm [options] directory	: Remove (delete) file(s) and/or directories.
tar [options] filename :	Store and extract files from a tarfile (.tar) or tarball (.tar.gz or .tgz).
touch filename :	Create an empty file with the specified name.

Testing

service [name of service] start
service [name of service] stop
service [name of service] restart

Alarmserver

pkg install python
pkg install py27-tornado py27-OpenSSL
cd /usr/local/share/
git clone https://github.com/juggie/AlarmServer
change the config example file
cd usr/local/share/AlarmServer
python alarmserver.py

Muximux

Install NGINX

http://linoxide.com/unix/freebsd-11-webserver-nginx-mysql-php-7-0-fpm/

pkg install -y php70 php70-json php70-session php70-openssl php70-zlib
pkg install -y nginx git
sysrc nginx_enable=YES
sysrc php_fpm_enable=YES
cd /usr/local/www
git clone https://github.com/mescon/Muximux Muximux

service nginx start

look on here for how to configure nginx if you don't already have an nginx.conf or else move your nginx.conf, ssl certs, .htaccess to their proper locations

cd /usr/local/etc/
nano php-fpm.conf


;listen = 127.0.0.1:9000
listen = /var/run/php-fpm.sock

#Just uncomment these lines
listen.owner = www
listen.group = www
listen.mode = 0660

cd /usr/local/etc/
cp php.ini-production php.ini
nano php.ini
Set cgi.fix_pathinfo=0

sysrc php_fpm_enable=YES
service php-fpm start

Test your setup

cd /usr/local/www/nginx/
nano info.php
=====================
<?php phpinfo(); ?>
=====================

Test at http://<JAIL IP>/info.php

Install Muximux

https://github.com/mescon/Muximux ''' pkg -y install git cd /usr/local/www git clone https://github.com/mescon/Muximux ''' move your settings.ini.php over if you have one Your settings.ini.php will never be overwritten if you use git pull or download the ZIP-file again

Crashplan

Create a jail using the FreeNAS web UI

Jail name: backup_jail
IPv4 address: 192.168.1./24
autostart: checked
type: portjail
VIMAGE: unchecked
vanilla: checked

Now add the directories you want to backup and where the backups should go.

Ports and dependencies

ssh [email protected]
jls
jexec 5 tcsh
passwd
portsnap fetch && portsnap extract && portsnap update
sysrc sshd_enable=YES
vi /etc/ssh/sshd_config
# add the following to the end of the file
Match User backup
    AllowTcpForwarding yes

adduser # backup with Uid 1002

Download the java runtime in order to please the CrashPlan overlords (or alternatively, modify the crashplan port scripts): http://www.oracle.com/technetwork/java/javase/downloads/index.html Scroll down to Java SE 8u111/112 and click JRE Download (third button). Accept the license and download jdk-8u112-linux-i586.tar.gz. Then scp or ftp it over:

scp ~/Downloads/jdk-8u112-linux-i586.tar.gz [email protected]:/mnt/tetra/backup_jail/usr/ports/distfiles/

This is just to appease the makefile, and instead we will use OpenJDK's JRE anyways. The following takes quite a while to install.

Install java and crashplan

cd /usr/ports/java/openjdk8-jre/ && make config-recursive && make install clean
cd /usr/ports/sysutils/linux-crashplan/ && make config-recursive && make install clean
sysrc crashplan_enable=YES

Now change the default Java binary path:

vi /usr/local/share/crashplan/install.vars
  JAVACOMMON=/usr/local/bin/java

Restart the jail. Now follow this guide to modify your current crashplan install to work on the remote machine. You will need to create a port bridge over ssh, which you can do with the following command (before starting up crashplan locally):

ssh -L 4200:localhost:4243 [email protected]

And grab the file /var/lib/crashplan/.ui_info from the server and bring it to your local host where you will run the crashplan desktop client.

Helpful codes

Mounting USB drive:

kldload fuse
mkdir /mnt/usb
ntfs-3g /dev/da1s1 /mnt/usb
ntfs-3g -o permissions /dev/da1s1 /mnt/usb

Upgrading

Upgrading can be a royal pain... but fear not. Typically you can just run a portmaster -ad, and if it says "conflict... blah blah" just run "pkg delete -f " then re-run the portmaster command. Eventually everything should be updated! Many times the update process comes to a grinding halt because of dependency issues. You can kick off a single app to be updated similar below. You will also want to review /usr/ports/UPDATING if you run into trouble to see if a port has changed. There is usually a command to migrate a package such as a portmaster -o oldpackage newpackage.

less /usr/ports/UPDATING
portsnap fetch update
cd /usrports/ports-mgmt/pkg && make install clean
cd /usr/ports/ports-mgmt/portmaster && make install clean
pkg version -l '<'
portmaster -Rafd
portmaster -fd news/sabnzbdplus

Rsync files

&rsync --progress --stats --recursive --times --perms --links --dry-run /mnt/tetra /mnt/usb/tetra
nohup foo &

rsync -az -H --delete --numeric-ids --stats --progress -e ssh [email protected]:/mnt/tetra/family /media/jacob/usb/tetra
rsync -az -H --delete --numeric-ids --stats --progress -e ssh [email protected]:/mnt/tetra/media_jail/usr/local/sickbeard/data/config.ini /media/jacob/usb/tetra/backup

cp

Copy server and daemon config files and databases

mkdir /mnt/tetra/backup/server_configs
cd /mnt/tetra/backup/server_configs
rsync -aqz /mnt/tetra/media_jail/usr/local/sickbeard/config.ini /mnt/tetra/media_jail/usr/local/sickbeard/sickbeard.db sickbeard/
rsync -aqz /mnt/tetra/media_jail/usr/local/sabnzbd/sabnzbd.ini sabnzbd/
rsync -aqz /mnt/tetra/media_jail/usr/local/headphones/config.ini /mnt/tetra/media_jail/usr/local/headphones/headphones.db headphones/
rsync -aqz /mnt/tetra/media_jail/usr/local/CouchPotatoServer/data/settings.conf /mnt/tetra/media_jail/usr/local/CouchPotatoServer/data/couchpotato.db couchpotato/
rsync -aqz /mnt/tetra/media_jail/usr/local/etc/nginx/nginx.conf /mnt/tetra/media_jail/usr/local/www/home/index.html nginx/

cd /mnt/tetra/backup/server_configs
rsync -aqz sabnzbd/sabnzbd.ini /mnt/tetra/media_jail/usr/local/sabnzbd/
rsync -aqz sickbeard/config.ini sickbeard/sickbeard.db /mnt/tetra/media_jail/usr/local/sickbeard/
rsync -aqz headphones/config.ini headphones/headphones.db /mnt/tetra/media_jail/usr/local/headphones/
rsync -aqz couchpotato/settings.conf couchpotato/couchpotato.db /mnt/tetra/media_jail/usr/local/CouchPotatoServer/data/

cd /usr/local && chmod -R media:media sabnzbd sickbeard headphones CouchPotatoServer

LEMP Server - FreeBSD, Nginx, MariaDB & PHP (FastCGI)

Install Nginx

pkg install -y nano

pkg search nginx
pkg install -y nginx-1.8.0_3,2
cd /usr/local/etc/nginx/
mv nginx.conf nginx.conf.original

nano nginx.conf
=====================
# Define user that run nginx
user  www;
worker_processes  2;

# Define error log
error_log /var/log/nginx/error.log info;

events {
  worker_connections  1024;
}

http {
  include       mime.types;
  default_type  application/octet-stream;

  # Define access log
  access_log /var/log/nginx/access.log;

  sendfile        on;
  keepalive_timeout  65;

  server {
    listen       80;
    server_name  localhost;

    # Define web data
    root /usr/local/www/nginx;
    index index.php index.html index.htm;

    location / {
      try_files $uri $uri/ =404;
    }

    error_page      500 502 503 504  /50x.html;
    location = /50x.html {
      root /usr/local/www/nginx;
    }

    # Configuration for PHP-FPM
      location ~ \.php$ {
      try_files $uri =404;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass unix:/var/run/php-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $request_filename;
      include fastcgi_params;
    }
  }
}
=====================

mkdir -p /var/log/nginx/
touch /var/log/nginx/{error,access}.log
cd /usr/local/www/
rm -r nginx
mkdir nginx
cp nginx-dist/index.html nginx/index.html

sysrc nginx_enable=YES

nginx -t # check that there are no errors
service nginx start

Install MariaDB

pkg search mariadb
pkg install -y mariadb100-server-10.0.22 mariadb100-client-10.0.22
cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf
sysrc mysql_enable=YES
service mysql-server start

mysql_secure_installation

Enter current password for root (enter for none):
#Just press Enter here
Change the root password? [Y/n] Y
#Type your password for mariadb here
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Test your connection:
mysql -u root -p<your password>

Install PHP with FastCGI (FPM)

pkg search php56
pkg install -y php56-5.6.16 php56-mysqli-5.6.16

cd /usr/local/etc/
nano php-fpm.conf

Line 164:
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm.sock

Line 175:
#Just uncomment these lines
listen.owner = www
listen.group = www
listen.mode = 0660

cd /usr/local/etc/
cp php.ini-production php.ini
nano php.ini
Set cgi.fix_pathinfo=0

sysrc php_fpm_enable=YES
service php-fpm start

Test your setup

cd /usr/local/www/nginx/
nano info.php
=====================
<?php phpinfo(); ?>
=====================

Test at http://<JAIL IP>/info.php

NZBGet

Create a dataset called media. Create your nzbget jail. Link the dataset to your jail under /mnt/nzbget SSH into the jail.

// Create nzbget folder structure.
cd /mnt/nzbget
mkdir dst inter log nzb queue scripts tmp

// This line not only installs nano but also updates pkg.
// Just ignore all of the "pkg: Skipping unknown key
// 'messages'" messages.
pkg install -y nano ffmpeg p7zip unrar

// Make 7z available to nzbToMedia
ln -s /usr/local/bin/7z /usr/bin/7z
ln -s /usr/local/bin/7za /usr/bin/7za
ln -s /usr/local/bin/7zr /usr/bin/7zr

// Install from ports... this will take a while.
portsnap fetch update
portsnap extract
cd /usr/ports/news/nzbget && make -DBATCH install clean

// Edit config
cp /usr/local/etc/nzbget.conf /usr/local/share/nzbget/nzbget.conf.template
nano /usr/local/etc/nzbget.conf
MainDir=/mnt/nzbget # Or whatever you have mapped your storage as.
WebDir=/usr/local/share/nzbget/webui
ConfigTemplate=/usr/local/share/nzbget/nzbget.conf.template
LogFile=${MainDir}/log/nzbget.log
LockFile=${TempDir}/nzbget.lock
WriteLog=rotate
ControlUsername=
ControlPassword=

// Add config to autostart
nano /usr/local/etc/rc.d/nzbget
${command} -D -c /usr/local/etc/nzbget.conf

// Autostart
sysrc nzbget_enable=YES
service nzbget start

If you also want to a VPN within the jail you can use this script:
https://gist.github.com/MikeRatcliffe/10dbd91d88a772d2e51e.

The script uses privateinternetaccess.com but it is easy to tweak the script to work with other providers.

NZBGet will be available at http://<your jail IP>:6789 Start the web interface and configure as you wish.

get_iplayer

pkg install -y get_iplayer ffmpeg atomicparsley id3v2
sysrc get_iplayer_enable="YES"
sysrc get_iplayer_chdir="/mnt/downloads"
sysrc get_iplayer_listen_address=0.0.0.0
service get_iplayer start

Baïkal

Install a LEMP server
pkg install -y baikal

touch /usr/local/www/baikal/Specific/ENABLE_INSTALL

To finish installing Baikal:
  1) Set up an httpd directive
     See /usr/local/share/examples/baikal
  2) touch /usr/local/www/baikal/Specific/ENABLE_INSTALL
  3) Browse http://baikal/admin
  4) rm /usr/local/www/baikal/Specific/ENABLE_INSTALL

Couch Potato

Install Python as explained above then:

cd /usr/local && git clone git://github.com/RuudBurger/CouchPotatoServer.git
cp /usr/local/CouchPotatoServer/init/freebsd /usr/local/etc/rc.d/couchpotato
chmod +x /usr/local/etc/rc.d/couchpotato
sysrc couchpotato_enable=YES
sysrc couchpotato_user=root
service couchpotato start

Headphones

pkg install -y git
cd /usr/local && git clone git://github.com/rembo10/headphones.git
chown -R media headphones && chgrp -R media headphones
cp /usr/local/headphones/init-alt.freebsd /usr/local/etc/rc.d/headphones
chmod +x /usr/local/etc/rc.d/headphones
sysrc headphones_enable=YES
sysrc headphones_user=media

ZoneMinder

pkg install -y nano fish zoneminder
sysrc zoneminder_enable=YES
service zoneminder start
ln -s /mnt/Mediaserver-Jails-Volume/jails/plexmediaserver/usr/local/plexdata-plexpass/Plex\ Media\ Server/Logs/ Plex\ Logs
Raw
index.html
<html>
<head>
<script src="https://code.jquery.com/jquery-2.2.4.min.js" integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<style>
.fluid-container {
padding-left: 15px;
padding-right: 15px;
margin-left: auto;
margin-right: auto;
}
iframe {
width: 100%;
height: 100%;
}
.nav-tabs>li>a.sabnzbd_logo {
background: url("http://192.168.1.3:8080/static/images/logo.png") no-repeat top right;
background-position: 0 0px;
float: left;
height: 40px;
padding-left: 50px;
padding-right: 50px;
}
.nav-tabs>li>a.headphones_logo {
background: url("http://192.168.1.3:8181/images/headphoneslogo.png") no-repeat top right;
background-size: contain;
float: left;
width: 40px;
height: 40px;
}
.nav-tabs>li>a.plex_logo {
background: url("http://192.168.1.3:32400/web/img/base/plex-logo.96faf245690b14fdd33eccd3294ac57f.svg") no-repeat top right;
background-color: #1f1f1f;
background-size: contain;
float: left;
width: 80px;
height: 40px;
}
.nav-tabs>li>a.plexpy_logo {
background: url("http://192.168.1.3:32400/web/img/base/plex-logo.96faf245690b14fdd33eccd3294ac57f.svg") no-repeat top right;
background-color: #1f1f1f;
background-size: contain;
float: left;
width: 80px;
height: 40px;
}
.nav-tabs>li>a.calibre_logo {
background: url("http://192.168.1.3:8082/static/calibre_banner.png") no-repeat top right;
background-size: contain;
height: 40px;
width: 150px;
}
.nav-tabs>li>a.madsonic_logo {
background: url("http://192.168.1.3:4040/icons/madsonic_sunny/logo.png") no-repeat top right;
background-size: contain;
height: 40px;
width: 160px;
}
.nav-tabs>li>a.freenas_logo {
background: url("http://192.168.1.2/static/images/ui/freenas-logo.png") no-repeat top right;
background-size: cover;
height: 40px;
width: 150px;
}
</style>
<title>Home Media</title>
</head>
<body>
<div>
<ul class="nav nav-tabs" id="myTabs">
<li class="active"><a href="#home" data-toggle="tab">Home</a></li>
<li><a href="#freenas" data-toggle="tab" class="freenas_logo"></a></li>
<li><a href="#freenasftp" data-toggle="tab">NAS FTP</a></li>
<li><a href="#plex" data-toggle="tab" class="plex_logo" alt="Plex">Plex</a></li>
<li><a href="#plexpy" data-toggle="tab" class="plexpy_logo" alt="PlexPy">PlexPy</a></li>
<li><a href="#sabnzbd" data-toggle="tab" class="sabnzbd_logo" alt="Sabnzbd"></a></li>
<li><a href="#sickrage" data-toggle="tab">Sickrage</a></li>
<li><a href="#sonarr" data-toggle="tab">Sonarr</a></li>
<li><a href="#couchpotato" data-toggle="tab">Couch Potato</a></li>
<li><a href="#headphones" data-toggle="tab" class="headphones_logo" alt="Headphones"></a></li>
<li><a href="#deluge" data-toggle="tab">Deluge</a></li>
<li><a href="#calibre" data-toggle="tab" class="calibre_logo"></a></li>
<li><a href="#ttrss" data-toggle="tab">TT-RSS</a></li>
<li><a href="#madsonic" data-toggle="tab" class="madsonic_logo"></a></li>
</ul>
</div>
<div>
<div class="tab-content">
<div class="tab-pane active" id="home">
<p>Home!</p>
</div>
<div class="tab-pane" id="freenas" data-src="http://192.168.1.2"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="freenasftp" data-src="ftp://192.168.1.3"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="sabnzbd" data-src="http://192.168.1.3:8080"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="sickrage" data-src="http://192.168.1.3:8081"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="sonarr" data-src="http://192.168.1.3:8989"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="couchpotato" data-src="http://192.168.1.3:5050"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="headphones" data-src="http://192.168.1.3:8181"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="plex" data-src="http://192.168.1.3:32400/web/"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="plexpy" data-src="http://192.168.1.3:8083"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="deluge" data-src="http://192.168.1.3:8112"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="calibre" data-src="http://192.168.1.3:8082"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="ttrss" data-src="http://192.168.1.3/tt-rss/"><iframe src="" allowfullscreen></iframe></div>
<div class="tab-pane" id="madsonic" data-src="http://192.168.1.3:4040"><iframe src="" allowfullscreen></iframe></div>
</div>
</div>
<script>
$(document).ready(function() {
$('#myTabs').on('show.bs.tab', function(e) {
var paneId = $(e.target).attr('href');
var src = $(paneId).attr('data-src');
if ($(paneId+" iframe").attr("src")=="") {
$(paneId+" iframe").attr("src", src);
}
});
});
</script>
</body>
</html>
Raw
madsonic
#!/bin/sh
#
# PROVIDE: madsonic
# REQUIRE: LOGIN DAEMON NETWORKING
# KEYWORD: shutdown
#
# To enable madsonic, add this line to your /etc/rc.conf:
#
# madsonic_enable="YES"
#
# And optionally these line:
#
# madsonic_user="username" # Default is "root"
# madsonic_bin="/path/to/madsonic.sh" # Default is "/usr/local/sbin/madsonic.sh"
. /etc/rc.subr
name="madsonic"
rcvar="${name}_enable"
load_rc_config $name
required_files=$madsonic_bin
: ${madsonic_enable="NO"}
: ${madsonic_user="root"}
: ${madsonic_port="4040"}
: ${madsonic_home="/usr/local/madsonic"}
: ${madsonic_bin="${madsonic_home}/madsonic.sh"}
: ${madsonic_music_folder="/mnt/media/music"}
: ${madsonic_podcast_folder="${madsonic_music_folder}/podcasts"}
: ${madsonic_playlist_folder="${madsonic_music_folder}/playlists"}
: ${madsonic_playlist_import_folder="${madsonic_playlist_folder}/import"}
: ${madsonic_playlist_export_folder="${madsonic_playlist_folder}/export"}
: ${madsonic_playlist_backup_folder="${madsonic_playlist_folder}/backup"}
: ${madsonic_pidfile="${madsonic_home}/madsonic.pid"}
status_cmd="${name}_status"
stop_cmd="${name}_stop"
command=$madsonic_bin
command_args="--pidfile=${madsonic_pidfile} --home=${madsonic_home} --port=${madsonic_port} --default-music-folder=${madsonic_music_folder} --default-podcast-folder=${madsonic_podcast_folder} --default-playlist-import-folder=${madsonic_playlist_import_folder} --default-playlist-export-folder=${madsonic_playlist_export_folder} --default-playlist-backup-folder=${madsonic_playlist_backup_folder}"
verify_pid() {
pid=`cat ${madsonic_pidfile} 2>/dev/null`
ps -p ${pid} | grep -q "madsonic"
return $?
}
madsonic_stop() {
echo "Stopping ${name}"
verify_pid
if [ -n "${pid}" ]; then
kill ${sig_stop} ${pid}
wait_for_pids ${pid}
echo "Stopped"
fi
rm -f ${madsonic_pidfile}
}
madsonic_status() {
verify_pid && echo "${name} is running as ${pid}" || echo "${name} is not running"
}
run_rc_command "$1"
Raw
nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
index index.php index.htm index.html;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
root /usr/local/www;
listen 80;
server_name localhost;
location / {
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
# last;
#rewrite ^/.well-known/host-meta.json
# /nextcloud/public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location /.well-known/acme-challenge { }
location ^~ /nextcloud {
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /nextcloud/core/templates/403.php;
error_page 404 /nextcloud/core/templates/404.php;
location /nextcloud {
rewrite ^ /nextcloud/index.php$uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS off;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass 127.0.0.1:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment