filerun.md

Installing FileRun in FreeBSD (or in a FreeNAS jail) with Caddy as webserver

Here are the general instructions to install FileRun on FreeBSD or in a FreeNAS jail. For those who don't know, "jail" is the container technology used by the FreeBSD.

This guide was written while I was actually installing, and I guess it reflects the exact steps needed to accomplish the task. Anyway this guide must not be followed alone: you still need the general guide provided by the FileRun documentation. Here you will find only the relevat parts regarding the FreeBSD system.

Feel free to comment and point my mistakes, not only the technical ones but the grammar and spelling also, so I can make this guide more accurate as possible.

Some assumptions

1. In the examples below I'll use my settings. Feel free to change them to suit your needs. For example, my Time Zone is São Paulo, and my domain is "local".

2. You're using the root account to execute the commands.

Adjust the timezone

In the occasion that your system is with wrong date/time, adjust the time zone:

cd /etc
rm localtime
ln -s /usr/share/zoneinfo/America/Sao_Paulo localtime

and check that it's correct with:

date

Packages

First initialize the package system and make sure that everything is updated:

pkg update
pkg upgrade

And then install the necessary packages:

pkg install php73 ioncube-php73 php73-pdo php73-openssl php73-gd php73-mbstring php73-exif \
php73-xml php73-zlib php73-opcache php73-curl php73-pdo_mysql php73-sockets php73-json \
php73-fileinfo php73-ctype php73-session php73-pecl-imagick-im7 ImageMagick7-nox11 \
ffmpeg openjdk8-jre mysql80-server caddy

NOTE: I chose PHP73 because that's the latest version with ionCube available as a package. If you want the latest & greatest PHP74 version, I guess you'll need to install ionCube manually, by yourself.

Database

Configure MySQL server to run at startup:

sysrc mysql_enable=YES

And start the MySQL service:

service mysql-server start

Check that it is running with:

service mysql-server status

Now access the main instance of MySQL (default without password)

mysql -u root -p

(press ENTER at password prompt)

At the MySQL prompt, create the database for FileRun:

mysql> create database filerun;

Then create a user and grant privileges:

mysql> create user 'filerun'@'localhost' identified with mysql_native_password by 'filerun';
mysql> grant all privileges on filerun.* to 'filerun'@'localhost';
mysql> flush privileges;
mysql> exit

NOTE: the user and password is "filerun" in the example above. Feel free to change it if you want it.

ionCube

Create a file in /usr/local/etc/php named ext-40-filerun.ini with the following content:

expose_php              = Off
error_reporting         = E_ALL & ~E_NOTICE
display_errors          = Off
display_startup_errors  = Off
log_errors              = On
ignore_repeated_errors  = Off
allow_url_fopen         = On
allow_url_include       = Off
variables_order         = "GPCS"
allow_webdav_methods    = On
memory_limit            = 128M
max_execution_time      = 300
output_buffering        = Off
output_handler          = ""
zlib.output_compression = Off
zlib.output_handler     = ""
safe_mode               = Off
register_globals        = Off
magic_quotes_gpc        = Off
upload_max_filesize     = 20M
post_max_size           = 20M
enable_dl               = Off
disable_functions       = ""
disable_classes         = ""
session.save_handler     = files
session.use_cookies      = 1
session.use_only_cookies = 1
session.auto_start       = 0
session.cookie_lifetime  = 0
session.cookie_httponly  = 1
date.timezone            = "America/Sao_Paulo"

NOTE: verify if "date.timezone" is right for you...

The webserver (Caddy) and the FileRun installation

Create a folder www at /usr/local:

mkdir /usr/local/www

Download filerun at this new folder:

cd /usr/local/www
fetch -o FileRun.zip http://www.filerun.com/download-latest

Unzip it:

unzip FileRun.zip

Change the owner of the /usr/local/www folder to www:

chown -R www:www /usr/local/www

Set Caddy to start at boot and other things with the following variables:

sysrc caddy_enable=YES
sysrc caddy_user=www
sysrc caddy_group=www
sysrc caddy_log=/var/log/caddy.log
sysrc [email protected]

NOTE: adjust your e-mail address.

Create a file called Caddyfile at /usr/local/www with the following content:

filerun.local:8000 {

        tls off

        root /usr/local/www

        fastcgi / 127.0.0.1:9000 php {
                index index.php
        }
}

NOTE 1: change "filerun.local" to your URL or the IP address you chose. In my case my internal DNS maps filerun.local to 192.168.0.113 (of course your mileage may vary).

NOTE 2: more about the port "8000" at the Bonus section.

PHP and PHP-FPM

Configure php-fpm to start at boot

sysrc php_fpm_enable=YES

Start the php-fpm service

service php-fpm start

Check that it is running with:

service php-fpm status

Final steps

Start the Caddy web server service:

service caddy start

Check that it is running with:

service caddy status

Then point your browser to

http://[NAME OR IP]:8000

and follow the FileRun instructions to complete the installation.

Bonus

Users and groups

If you are using FreeNAS jails, you need to configure users and groups inside the jail with the same UIDs/GIDs of the user/groups you are using outside the jail (at the host). In my case I have only two active users (zamana and plex) and group (plex). That's the way I do in order to access my files from inside the jail. Adapt according with your needs:

1. Creating a group plex with gid 118

pw add group plex -g 118

2. Creating a user plex with uid 111 (and default group plex implicitly):

pw add user plex -u 111

3. Creating a user zamana with uid 1000 (and default group zamana implicitly), and additional group plex:

pw add user zamana -u 1000 -G plex

FreeNAS jails and mount points

Still regarding FreeNAS jails, you'll need to access your files at the host from inside the jail. Use the "Mount Points" at the jail configuration to do it. Feel free to make them "read only" if you don't intend to change/delete your files/folders from FileRun interface. And pay attention to the setup of users/groups stated above.

FreeBSD and privileged ports

By default FreeBSD does not allow that ordinary users access the privileged ports (those below 1024). In this particular case the alternatives are running the Caddy web server as root or by using The MAC Port Access Control List Policy. Feel free to messing around with this.

Post instructions

After logging in for the first time, setting up your user etc, go to Interface->Thumbnails and preview. At "ImageMagick support", set Mode to "IMagick PHP Extension" and change the Path for "magick" or "convert" to "/usr/local/bin/convert"

If you installed the FFMpeg package, enable it and change the Path to /usr/local/bin/ffmpeg.

In both cases, click "Check path" below each path to make sure that the path/programs are written correctly and working.

Then save changes.

Enjoy.

I can't get caddy to start. In the log it just says error code 1 and something about not being able to bind port 80.

Any ideas?

listen tcp :80: bind: permission denied

Hi.

You need to read the topic FreeBSD and privileged ports.

Regards.

Hi.

You need to read the topic FreeBSD and privileged ports.

Regards.

Thanks, but if I'm logged in as root inside the jail and run "service caddy start", isn't that starting it as root?

Also reading https://docs.freebsd.org/doc/9.2-RELEASE/usr/share/doc/freebsd/handbook/mac-portacl.html

sysctl security.mac.portacl.enabled
I get 'unknown oid'

sysctl security.mac.portacl.port_high=1023
also get 'unknown oid'

sysctl net.inet.ip.portrange.reservedlow=0
operation not permitted

I don't normally use FreeBSD so I'm a bit in the dark here. Not sure why it wants port 80 anyway? since the config says 8000?

Hi. Zamana

Can you publish the teaching video？

I always fail to building

Hi.
You need to read the topic FreeBSD and privileged ports.
Regards.

Thanks, but if I'm logged in as root inside the jail and run "service caddy start", isn't that starting it as root?

Also reading https://docs.freebsd.org/doc/9.2-RELEASE/usr/share/doc/freebsd/handbook/mac-portacl.html

sysctl security.mac.portacl.enabled
I get 'unknown oid'

sysctl security.mac.portacl.port_high=1023
also get 'unknown oid'

sysctl net.inet.ip.portrange.reservedlow=0
operation not permitted

I don't normally use FreeBSD so I'm a bit in the dark here. Not sure why it wants port 80 anyway? since the config says 8000?

First make sure that you can make it work in port 8000.

Hi. Zamana

Can you publish the teaching video？

I always fail to building

Can you post the error message from your build session? I guess that, maybe, there is some package missing...

Hey. I’m trying to figure out how to install this on TrueNAS while also having external access via DDNS. Could you explain that process at all?

I keep getting the following errors with caddy no matter what i do:

{"level":"info","ts":1665252234.86436,"msg":"using provided configuration","config_file":"/usr/local/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': /usr/local/etc/caddy/Caddyfile:3 - Error during parsing: single argument must either be 'internal' or an email address
Error: caddy process exited with error: exit status 1

I followed your guide step by step. Only installed php74. WHen i try to run caddy commandline:

root@FILERUN:~ # caddy run --config /usr/local/etc/caddy/Caddyfile 
{"level":"info","ts":1665253593.663784,"msg":"using provided configuration","config_file":"/usr/local/etc/caddy/Caddyfile","config_adapter":""}
Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': /usr/local/etc/caddy/C

tls off is invalid Caddyfile syntax (see https://caddyserver.com/docs/caddyfile/directives/tls for the docs). If you want to disable automatic HTTPS, the appropriate directive would be auto_https off (see https://caddyserver.com/docs/caddyfile/options#auto-https).

Or better yet, let Caddy run as root, and listen on port 80, which will also disable auto https.

tls off is invalid Caddyfile syntax (see https://caddyserver.com/docs/caddyfile/directives/tls for the docs). If you want to disable automatic HTTPS, the appropriate directive would be auto_https off (see https://caddyserver.com/docs/caddyfile/options#auto-https).

Or better yet, let Caddy run as root, and listen on port 80, which will also disable auto https.

This is my caddyfile:

192.168.1.100:8000 {

        auto_https off

        root /usr/local/www
 
        fastcgi / 127.0.0.1:9000 php {
                index index.php
        }
}

This results in:

auto_https is a global directive, and needs to be placed outside of any host block.

auto_https is a global directive, and needs to be placed outside of any host block.

Thanks that worked. Also the fastcgi needs to be php_fastcgi.

Now i'm getting the following message when trying the reach the website: Client sent an HTTP request to an HTTPS server.

OK, I've run through the guide. PHP 7.3 is EOL, and its packages aren't in the repo at least for FreeBSD 13.1--but ionCube is available for PHP 7.4 in the repo. So the pkg install command instead needs to look like:

pkg install php74 ioncube-php74 php74-pdo php74-openssl php74-gd php74-mbstring php74-exif \
php74-xml php74-zlib php74-opcache php74-curl php74-pdo_mysql php74-sockets php74-json \
php74-fileinfo php74-ctype php74-session php74-pecl-imagick-im7 ImageMagick7-nox11 \
ffmpeg openjdk8-jre mysql80-server caddy

Caddyfile shouldn't be in the same directory as your data files. Its default is /usr/local/etc/caddy/Caddyfile, and it probably ought to stay there. Its contents should be:

{
    auto_https off
}

:8000 {

        root * /usr/local/www

        php_fastcgi 127.0.0.1:9000
}

Thanks, but if I'm logged in as root inside the jail and run "service caddy start", isn't that starting it as root?

No, it isn't. It's starting as whatever user you've told Caddy to use, which if you follow these instructions, is www. And user www can't bind to a port <= 1024.

At this moment I'm getting somewhere, but still a blank page

I do see the title header though... :)

Edit: got it working now 👍 Thanks allot

I do have some weird problem with the thumbnails and some settings can't be accessed.

Can update the guide to install into a truenas scale? (and install all the necessary packages of php)