Monthly Archives: July 2019

FreeBSD 12: Mail Server Installation

blog.bachi.net
FreeBSD Ports
freebsd-update

QMail HOWTO (2016)

$ pkg install mysql57-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 11 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        mysql57-server: 5.7.26_1
        perl5: 5.28.2
        curl: 7.65.1
        libnghttp2: 1.39.1
        ca_root_nss: 3.45
        protobuf: 3.7.1,1
        libevent: 2.1.10
        libedit: 3.1.20190324,1
        mysql57-client: 5.7.26
        cyrus-sasl: 2.1.27
        liblz4: 1.9.1,1

Number of packages to be installed: 11

The process will require 285 MiB more space.
35 MiB to be downloaded.

Proceed with this action? [y/N]:

[...]

Message from ca_root_nss-3.45:

********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem

***************************************************************************
Message from perl5-5.28.2:

The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:

#!/usr/local/bin/perl

or

#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from cyrus-sasl-2.1.27:

You can use sasldb2 for authentication, to add users use:

        saslpasswd2 -c username

If you want to enable SMTP AUTH with the system Sendmail, read
Sendmail.README

NOTE: This port has been compiled with a default pwcheck_method of
      auxprop.  If you want to authenticate your user by /etc/passwd,
      PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and
      set sasl_pwcheck_method to saslauthd after installing the
      Cyrus-IMAPd 2.X port.  You should also check the
      /usr/local/lib/sasl2/*.conf files for the correct
      pwcheck_method.
      If you want to use GSSAPI mechanism, install
      ports/security/cyrus-sasl2-gssapi.
      If you want to use SRP mechanism, install
      ports/security/cyrus-sasl2-srp.
      If you want to use LDAP auxprop plugin, install
      ports/security/cyrus-sasl2-ldapdb.
Message from mysql57-client-5.7.26:

* * * * * * * * * * * * * * * * * * * * * * * *

This is the mysql CLIENT without the server.
for complete server and client, please install databases/mysql57-server

* * * * * * * * * * * * * * * * * * * * * * * *
Message from mysql57-server-5.7.26_1:

*****************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

*****************************************************************************


$ cat /etc/rc.conf
[...]
mysql_enable="YES"
mysql_dbdir="/db/mysql"
[...]

$ service mysql-server start
/usr/local/etc/rc.d/mysql-server: WARNING: failed precmd routine for mysql
$ mkdir /db
$ mkdir /db/mysql
$ service mysql-server start
Starting mysql.

How to Install MariaDB 10.3 on FreeBSD 12
MySQL unter FreeBSD: Installation

===> Creating groups.
Using existing group 'mysql'.
===> Creating users
Using existing user 'mysql'.
[5/5] Extracting mariadb104-server-10.4.6: 100%
Message from mariadb104-client-10.4.6:

************************************************************************

MariaDB respects hier(7) and doesn't check /etc and /etc/mysql for
my.cnf. Please move existing my.cnf files from those paths to
/usr/local/etc and /usr/local/etc/mysql.

************************************************************************
Message from mariadb104-server-10.4.6:

************************************************************************

Remember to run mysql_upgrade (with the optional --datadir=<dbdir> flag)
the first time you start the MySQL server after an upgrade from an
earlier version.

MariaDB respects hier(7) and doesn't check /etc and /etc/mysql for
my.cnf. Please move existing my.cnf files from those paths to
/usr/local/etc and /usr/local/etc/mysql.

This port does NOT include the mytop perl script, this is included in
the MariaDB tarball but the most recent version can be found in the
databases/mytop port

************************************************************************

 service mysql-server start
Installing MariaDB/MySQL system tables in '/var/db/mysql' ...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system


Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is root@localhost, it has no password either, but
you need to be the system 'root' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mysqld_safe --datadir='/var/db/mysql'

You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/local/mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
Get Involved
Starting mysql. # mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. Switch to unix_socket authentication [Y/n] n ... skipping. You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] n ... skipping. By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!

1. Installation

Mail Server Installation

/head/mail/qmail-tls/Makefile

=============================================

ATTENTION

Add the following line to your /etc/make.conf
QMAIL_SLAVEPORT=tls

=============================================

install  -m 0644 /usr/ports/mail/qmail-tls/work/qmail.conf /usr/ports/mail/qmail-tls/work/stage/usr/local/etc/man.d/qmail.conf
===> Fixing plist for /var/qmail ownership
/bin/rm -f -r /usr/ports/mail/qmail-tls/work/stage/var/qmail/queue/
====> Compressing man pages (compress-man)
===>  Installing for netqmail-tls-1.06.20160918_2
===>  Checking if netqmail-tls is already installed
===>   Registering installation for netqmail-tls-1.06.20160918_2
pkg-static: Warning: @exec is deprecated, please use @[pre|post][un]exec
Installing netqmail-tls-1.06.20160918_2...
===> Creating groups.
Creating group 'qmail' with gid '82'.
Creating group 'qnofiles' with gid '81'.
===> Creating users
Creating user 'alias' with uid '81'.
Creating user 'qmaild' with uid '82'.
Creating user 'qmaill' with uid '83'.
Creating user 'qmailp' with uid '84'.
Creating user 'qmailq' with uid '85'.
Creating user 'qmailr' with uid '86'.
Creating user 'qmails' with uid '87'.
Your hostname is samsung-bsd.
hard error
Sorry, I couldn't find your host's canonical name in DNS.
You will have to set up control/me yourself.
        ATTENTION:

Do not forget to read /var/qmail/doc/TLS.readme. After all,
this is NOT our old stock qmail.

You can enable qmail as your default mailer executing:
> /var/qmail/scripts/enable-qmail

==> As you need to provide a working certificate in /var/qmail/control/cert.pem :

# makes a self-signed certificate
3) do "make certificate"

# makes a certificate request
4) do "make certificate-req"

===> SECURITY REPORT:
      This port has installed the following binaries which execute with
      increased privileges.
/var/qmail/bin/qmail-queue

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://inoa.net/qmail-tls/

=============================================

$ make certificate

${OPENSSLBASE}/bin/openssl req -new -x509 -nodes \
    -out ${WRKDIR}/servercert.pem -days 366 \
    -keyout ${WRKDIR}/servercert.pem ; \
${INSTALL} -o qmaild -g qmail -m 0640 ${WRKDIR}/servercert.pem ${PREFIX}/control/servercert.pem ; \
${OPENSSLBASE}/bin/openssl ciphers > ${QMAIL_PREFIX}/control/tlsclientciphers ; \
${OPENSSLBASE}/bin/openssl ciphers > ${QMAIL_PREFIX}/control/tlsserverciphers ; \


=============================================

sendmail_enable="NONE"

vs.

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

$ openssl x509 -text -noout -in servercert.pem

/var/qmail/control/servercert.pem
/var/qmail/req.pem
===>   NOTICE:

The ucspi-tcp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port

[...]

===>   NOTICE:

The ucspi-tcp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/bin/tcpserver

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://cr.yp.to/ucspi-tcp.html

====> Compressing man pages (compress-man)
===> Staging rc.d startup script(s)
===>  Installing for spamassassin-3.4.2_3
===>  Checking if spamassassin is already installed
===>   Registering installation for spamassassin-3.4.2_3 as automatic
Installing spamassassin-3.4.2_3...
===> Creating groups.
Creating group 'spamd' with gid '58'.
===> Creating users
Creating user 'spamd' with uid '58'.
You should complete the following post-installation tasks:

        1) Read /usr/local/share/doc/spamassassin/INSTALL
           and /usr/local/share/doc/spamassassin/UPGRADE
           BEFORE enabling SpamAssassin for important changes

        2) Edit the configuration in /usr/local/etc/mail/spamassassin,
           in particular /usr/local/etc/mail/spamassassin/init.pre
           You may get lots of annoying (but harmless) error messages
           if you skip this step.

        3) To run spamd, add the following to /etc/rc.conf:
           spamd_enable="YES"

        4) If this is a new installation, you should run sa-update
           and sa-compile. If this isn't a new installation, you
           should probably run those commands on a regular basis
           anyway.

        5) Install mail/spamass-rules if you want some third-party
           spam-catching rulesets

SECURITY NOTE:
By default, spamd runs as root (the AS_ROOT option). If you wish
to change this, add the following to /etc/rc.conf:

        spamd_flags="-u spamd -H /var/spool/spamd"

===>   vpopmail-5.4.33_3 depends on executable: spamc - found


***********************************************************************
Now you should add the following options to your spamd.sh startup file:
-v -u vpopmail
***********************************************************************
===>   NOTICE:

The vpopmail port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port

===>  Cleaning for spamassassin-3.4.2_3
===>  Cleaning for p5-Encode-Detect-1.01_1
===>  Cleaning for p5-Module-Build-0.4229
===>  Cleaning for p5-HTML-Parser-3.72
===>  Cleaning for p5-HTML-Tagset-3.20_1
===>  Cleaning for p5-HTTP-Date-6.02_1
===>  Cleaning for p5-Net-DNS-1.21,1
===>  Cleaning for p5-Digest-HMAC-1.03_1
===>  Cleaning for p5-NetAddr-IP-4.079
===>  Cleaning for p5-Net-CIDR-Lite-0.21_1
===>  Cleaning for p5-Net-IDN-Encode-2.500
===>  Cleaning for p5-Test-NoWarnings-1.04_2
===>  Cleaning for p5-Net-LibIDN-0.12_5
===>  Cleaning for libidn-1.35
===>  Cleaning for gmake-4.2.1_3
===>  Cleaning for texinfo-6.6_4,1
===>  Cleaning for help2man-1.47.11
===>  Cleaning for p5-Locale-gettext-1.07
===>  Cleaning for gettext-tools-0.20.1_1
===>  Cleaning for libtextstyle-0.20.1
===>  Cleaning for p5-Locale-libintl-1.31
===>  Cleaning for p5-Text-Unidecode-1.30
===>  Cleaning for p5-Unicode-EastAsianWidth-12.0
===>  Cleaning for pkgconf-1.6.3,1
===>  Cleaning for p5-URI-1.76
===>  Cleaning for re2c-0.14.3
===>  Cleaning for p5-IO-Socket-SSL-2.066
===>  Cleaning for p5-Net-SSLeay-1.85
===>  Cleaning for p5-Test-Exception-0.43
===>  Cleaning for p5-Sub-Uplevel-0.2800
===>  Cleaning for p5-Mozilla-CA-20180117
===>  Cleaning for p5-IO-Socket-INET6-2.72_1
===>  Cleaning for p5-Socket6-0.29
===>  Cleaning for p5-Mail-DKIM-0.56
===>  Cleaning for p5-Crypt-OpenSSL-RSA-0.31
===>  Cleaning for p5-Crypt-OpenSSL-Guess-0.11
===>  Cleaning for p5-Crypt-OpenSSL-Bignum-0.09
===>  Cleaning for p5-Crypt-OpenSSL-Random-0.15
===>  Cleaning for p5-Mail-AuthenticationResults-1.20180923
===>  Cleaning for p5-Mail-Tools-2.19
===>  Cleaning for p5-TimeDate-2.30_2,1
===>  Cleaning for p5-Net-DNS-Resolver-Mock-1.20171219
===>  Cleaning for gnupg1-1.4.23_2
===>  Cleaning for p5-Mail-SPF-2.9.0_5
===>  Cleaning for p5-Error-0.17028
===>  Cleaning for p5-Net-DNS-Resolver-Programmable-0.009
===>  Cleaning for vpopmail-5.4.33_3
Installing dovecot-2.3.7_4...
===> Creating groups.
Creating group 'dovecot' with gid '143'.
Creating group 'dovenull' with gid '144'.
===> Creating users
Creating user 'dovecot' with uid '143'.
Creating user 'dovenull' with uid '144'.
---------------------------------------------------------------------

 You must create the configuration files yourself. Copy them over
 to /usr/local/etc/dovecot and edit them as desired:

        cp -R /usr/local/etc/dovecot/example-config/* \
                /usr/local/etc/dovecot

 The default configuration includes IMAP and POP3 services, will
 authenticate users agains the system's passwd file, and will use
 the default /var/mail/$USER mbox files.

 Next, enable dovecot in /etc/rc.conf:

        dovecot_enable="YES"


---------------------------------------------------------------------

 To avoid a risk of mailbox corruption, do not set the
 security.bsd.see_other_uids or .see_other_gids sysctls to 0
 if Dovecot is storing mail for multiple concurrent users (PR 218392).

---------------------------------------------------------------------

 If you want to be able to search within attachments using the
 decode2text plugin, you'll need to install textproc/catdoc, and
 one of graphics/xpdf or graphics/poppler-utils.

---------------------------------------------------------------------

 There are some potentially breaking changes in Dovecot 2.3. If you
 are upgrading from Dovecot 2.2:

   * Read https://wiki2.dovecot.org/Upgrading/2.3
   * Merge the configuration file changes from
     /usr/local/etc/dovecot/examples-config/

---------------------------------------------------------------------

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/lib/dovecot/libdovecot.so.0.0.0
/usr/local/lib/dovecot/libdovecot.a(net.o)

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/dovecot

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://www.dovecot.org/
===>  Cleaning for pkgconf-1.6.1,1
===>  Cleaning for dovecot-2.3.7_4
===>  Installing for spamassassin-3.4.2_3
===>  Checking if spamassassin is already installed
===>   Registering installation for spamassassin-3.4.2_3
Installing spamassassin-3.4.2_3...
===> Creating groups.
Creating group 'spamd' with gid '58'.
===> Creating users
Creating user 'spamd' with uid '58'.
==========================================================================

You should complete the following post-installation tasks:

        1) Read /usr/local/share/doc/spamassassin/INSTALL
           and /usr/local/share/doc/spamassassin/UPGRADE
           BEFORE enabling SpamAssassin for important changes

        2) Edit the configuration in /usr/local/etc/mail/spamassassin,
           in particular /usr/local/etc/mail/spamassassin/init.pre
           You may get lots of annoying (but harmless) error messages
           if you skip this step.

        3) To run spamd, add the following to /etc/rc.conf:
           spamd_enable="YES"

        4) If this is a new installation, you should run sa-update
           and sa-compile. If this isn't a new installation, you
           should probably run those commands on a regular basis
           anyway.

        5) Install mail/spamass-rules if you want some third-party
           spam-catching rulesets

SECURITY NOTE:
By default, spamd runs as root (the AS_ROOT option). If you wish
to change this, add the following to /etc/rc.conf:

        spamd_flags="-u spamd -H /var/spool/spamd"

==========================================================================

$ /usr/local/bin/sa-update
$ /usr/local/bin/sa-compile
# pkg install apache24-2.4.41
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        apache24: 2.4.41
        libnghttp2: 1.39.2
        expat: 2.2.6_1
        perl5: 5.28.2
        pcre: 8.43_1
        apr: 1.6.5.1.6.1_1
        gdbm: 1.18.1_1
        db5: 5.3.28_7

Number of packages to be installed: 8

The process will require 147 MiB more space.
33 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/8] Fetching apache24-2.4.41.txz: 100%    5 MiB   1.7MB/s    00:03
[2/8] Fetching libnghttp2-1.39.2.txz: 100%  115 KiB 117.5kB/s    00:01
[3/8] Fetching expat-2.2.6_1.txz: 100%  120 KiB 122.4kB/s    00:01
[4/8] Fetching perl5-5.28.2.txz: 100%   14 MiB   2.9MB/s    00:05
[5/8] Fetching pcre-8.43_1.txz: 100%    1 MiB 638.0kB/s    00:02
[6/8] Fetching apr-1.6.5.1.6.1_1.txz: 100%  463 KiB 474.0kB/s    00:01
[7/8] Fetching gdbm-1.18.1_1.txz: 100%  162 KiB 166.2kB/s    00:01
[8/8] Fetching db5-5.3.28_7.txz: 100%   12 MiB   2.6MB/s    00:05
Checking integrity... done (0 conflicting)
[1/8] Installing expat-2.2.6_1...
[1/8] Extracting expat-2.2.6_1: 100%
[2/8] Installing gdbm-1.18.1_1...
[2/8] Extracting gdbm-1.18.1_1: 100%
[3/8] Installing db5-5.3.28_7...
[3/8] Extracting db5-5.3.28_7: 100%
[4/8] Installing libnghttp2-1.39.2...
[4/8] Extracting libnghttp2-1.39.2: 100%
[5/8] Installing perl5-5.28.2...
[5/8] Extracting perl5-5.28.2: 100%
[6/8] Installing pcre-8.43_1...
[6/8] Extracting pcre-8.43_1: 100%
[7/8] Installing apr-1.6.5.1.6.1_1...
[7/8] Extracting apr-1.6.5.1.6.1_1: 100%
[8/8] Installing apache24-2.4.41...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[8/8] Extracting apache24-2.4.41: 100%
Message from perl5-5.28.2:

The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:

#!/usr/local/bin/perl

or

#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from apr-1.6.5.1.6.1_1:

/!\ ================================================================== /!\

The Apache Portable Runtime project removed support for FreeTDS with
version 1.6. Users requiring MS-SQL connectivity must migrate
configurations to use the added ODBC driver and FreeTDS' ODBC features.

/!\ ================================================================== /!\
Message from apache24-2.4.41:

To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

# pkg install php73 php73-mysqli php73-mbstring php73-zlib php73-curl php73-gd php73-json
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 21 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        php73: 7.3.9
        php73-mysqli: 7.3.9
        php73-mbstring: 7.3.9
        php73-zlib: 7.3.9
        php73-curl: 7.3.9
        php73-gd: 7.3.9
        php73-json: 7.3.9
        libargon2: 20171227_1
        pcre2: 10.32_1
        oniguruma: 6.9.3
        curl: 7.65.1
        ca_root_nss: 3.45
        freetype2: 2.10.0
        png: 1.6.37
        jpeg-turbo: 2.0.2
        libgd: 2.2.5_1,1
        fontconfig: 2.12.6,1
        webp: 1.0.2
        tiff: 4.0.10_1
        jbigkit: 2.1_1
        giflib: 5.1.9

Number of packages to be installed: 21

The process will require 60 MiB more space.
11 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/21] Fetching php73-7.3.9.txz: 100%    3 MiB   1.8MB/s    00:02
[2/21] Fetching php73-mysqli-7.3.9.txz: 100%   40 KiB  41.3kB/s    00:01
[3/21] Fetching php73-mbstring-7.3.9.txz: 100%  742 KiB 759.8kB/s    00:01
[4/21] Fetching php73-zlib-7.3.9.txz: 100%   17 KiB  17.8kB/s    00:01
[5/21] Fetching php73-curl-7.3.9.txz: 100%   30 KiB  30.5kB/s    00:01
[6/21] Fetching php73-gd-7.3.9.txz: 100%   29 KiB  29.9kB/s    00:01
[7/21] Fetching php73-json-7.3.9.txz: 100%   22 KiB  22.0kB/s    00:01
[8/21] Fetching libargon2-20171227_1.txz: 100%   65 KiB  66.1kB/s    00:01
[9/21] Fetching pcre2-10.32_1.txz: 100%    1 MiB 626.6kB/s    00:02
[10/21] Fetching oniguruma-6.9.3.txz: 100%  213 KiB 217.7kB/s    00:01
[11/21] Fetching curl-7.65.1.txz: 100%    1 MiB   1.3MB/s    00:01
[12/21] Fetching ca_root_nss-3.45.txz: 100%  295 KiB 301.6kB/s    00:01
[13/21] Fetching freetype2-2.10.0.txz: 100%    1 MiB   1.4MB/s    00:01
[14/21] Fetching png-1.6.37.txz: 100%  286 KiB 293.0kB/s    00:01
[15/21] Fetching jpeg-turbo-2.0.2.txz: 100%  344 KiB 351.8kB/s    00:01
[16/21] Fetching libgd-2.2.5_1,1.txz: 100%  200 KiB 204.4kB/s    00:01
[17/21] Fetching fontconfig-2.12.6,1.txz: 100%  357 KiB 365.6kB/s    00:01
[18/21] Fetching webp-1.0.2.txz: 100%  410 KiB 419.9kB/s    00:01
[19/21] Fetching tiff-4.0.10_1.txz: 100%  830 KiB 850.1kB/s    00:01
[20/21] Fetching jbigkit-2.1_1.txz: 100%   74 KiB  75.6kB/s    00:01
[21/21] Fetching giflib-5.1.9.txz: 100%  199 KiB 203.4kB/s    00:01
Checking integrity... done (0 conflicting)
[1/21] Installing jpeg-turbo-2.0.2...
[1/21] Extracting jpeg-turbo-2.0.2: 100%
[2/21] Installing jbigkit-2.1_1...
[2/21] Extracting jbigkit-2.1_1: 100%
[3/21] Installing freetype2-2.10.0...
[3/21] Extracting freetype2-2.10.0: 100%
[4/21] Installing png-1.6.37...
[4/21] Extracting png-1.6.37: 100%
[5/21] Installing tiff-4.0.10_1...
[5/21] Extracting tiff-4.0.10_1: 100%
[6/21] Installing giflib-5.1.9...
[6/21] Extracting giflib-5.1.9: 100%
[7/21] Installing libargon2-20171227_1...
[7/21] Extracting libargon2-20171227_1: 100%
[8/21] Installing pcre2-10.32_1...
[8/21] Extracting pcre2-10.32_1: 100%
[9/21] Installing ca_root_nss-3.45...
[9/21] Extracting ca_root_nss-3.45: 100%
[10/21] Installing fontconfig-2.12.6,1...
[10/21] Extracting fontconfig-2.12.6,1: 100%
Running fc-cache to build fontconfig cache...
/usr/local/share/fonts: skipping, no such directory
/usr/local/lib/X11/fonts: skipping, no such directory
/var/db/fontconfig: cleaning cache directory
fc-cache: succeeded
[11/21] Installing webp-1.0.2...
[11/21] Extracting webp-1.0.2: 100%
[12/21] Installing php73-7.3.9...
[12/21] Extracting php73-7.3.9: 100%
[13/21] Installing oniguruma-6.9.3...
[13/21] Extracting oniguruma-6.9.3: 100%
[14/21] Installing curl-7.65.1...
[14/21] Extracting curl-7.65.1: 100%
[15/21] Installing libgd-2.2.5_1,1...
[15/21] Extracting libgd-2.2.5_1,1: 100%
[16/21] Installing php73-mysqli-7.3.9...
[16/21] Extracting php73-mysqli-7.3.9: 100%
[17/21] Installing php73-mbstring-7.3.9...
[17/21] Extracting php73-mbstring-7.3.9: 100%
[18/21] Installing php73-zlib-7.3.9...
[18/21] Extracting php73-zlib-7.3.9: 100%
[19/21] Installing php73-curl-7.3.9...
[19/21] Extracting php73-curl-7.3.9: 100%
[20/21] Installing php73-gd-7.3.9...
[20/21] Extracting php73-gd-7.3.9: 100%
[21/21] Installing php73-json-7.3.9...
[21/21] Extracting php73-json-7.3.9: 100%
Message from freetype2-2.10.0:

The 2.7.x series now uses the new subpixel hinting mode (V40 port's option) as
the default, emulating a modern version of ClearType. This change inevitably
leads to different rendering results, and you might change port's options to
adapt it to your taste (or use the new "FREETYPE_PROPERTIES" environment
variable).

The environment variable "FREETYPE_PROPERTIES" can be used to control the
driver properties. Example:

FREETYPE_PROPERTIES=truetype:interpreter-version=35 \
        cff:no-stem-darkening=1 \
        autofitter:warping=1

This allows to select, say, the subpixel hinting mode at runtime for a given
application.

The controllable properties are listed in the section "Controlling FreeType
Modules" in the reference's table of contents
(/usr/local/share/doc/freetype2/reference/site/index.html, if documentation was installed).
Message from ca_root_nss-3.45:

********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem

***************************************************************************
Message from php73-mysqli-7.3.9:

This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-mysqli.ini
Message from php73-mbstring-7.3.9:

This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-mbstring.ini
Message from php73-zlib-7.3.9:

This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-zlib.ini
Message from php73-curl-7.3.9:

This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-curl.ini
Message from php73-gd-7.3.9:

This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-gd.ini
Message from php73-json-7.3.9:

This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-json.ini

;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;

include=/web/global/.config/fpm.d/*
include=/web/bachi.net/.config/fpm.d/*
include=/web/losenko.ch/.config/fpm.d/*
include=/web/meggen56.ch/.config/fpm.d/*
include=/web/styleesh.com/.config/fpm.d/*
include=/web/te-clan.ch/.config/fpm.d/*
include=/web/teehaus-umami.ch/.config/fpm.d/*
include=/web/y8303.net/.config/fpm.d/*
include=/web/bootteilet.ch/.config/fpm.d/*

;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;

[global]
pid = run/php-fpm.pid
error_log = log/php-fpm.log
syslog.facility = daemon
syslog.ident = php-fpm
log_level = notice
daemonize = yes
# pw user add -n www_bachi_net -g 80 -c www.bachi.net -d /web/bachi.net/www -s /usr/sbin/nologin
# pw group add -n www_bachi_net -g 1002

Apache Module mod_proxy_fcgi
VirtualHost Examples
suEXEC Support
FreeBSD install PHP 7.2 with FPM for Nginx
Apache 2.4 /PHP7.3 /PHP-FPM /freeBSD 12 (part 1)
How to set Apache’s MPM Event and PHP-FPM on FreeBSD
Virtual Hosts
PHP-FPM

Help with PHP-FPM on Apache
NextCloud12 auf debian 9 mit php7.0-fpm und apache2.4.25
Install PHP 7.3 / PHP 7.3-FPM With Apache2 / Nginx On Ubuntu 16.04 | 18.04 | 18.10
PHP-FPM
mod_php vs (Fast)CGI vs FPM
Install Apache, MySQL, PHP (FAMP) Stack on FreeBSD 12

phpMyAdmin Fehlermeldung: Konfiguration des pmadb… fehlerhaft
GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'localhost' IDENTIFIED BY 'passwort';

					

FreeBSD 12 on Samsung NP300E5A

FreeBSD 12 Installer Display Pixelated

<ESC>
mode 2
boot

Linux grub Config

menuentry "FreeBSD" {
  insmod ufs2
  insmod bsd
  set root=(hd0,7)
  chainloader /boot/boot1.efi
}

Loader Config

loader(8) interpreter has been switched from 4th to Lua

Lua-based loader(8) does not pick up /boot/loader.rc.local
gop set (nor mode) load from /boot/loader.rc.local at boot (manual works)

/boot/loader.rc        NOT parsed
/boot/loader.rc.local  NOT parsed
/boot/loader.conf      parsed, but EFI-mode don't like modules
exec="mode 2"
[...]
kld_list="/boot/modules/i915kms.ko"
[...]

Changing Console Resolution

FreeBSDs Bootvorgang

YouTube: Improving security of the FreeBSD boot process TPM and Secure Boot in FreeBSD by Michal Stanek
BSDCan 2019: Improving security of the FreeBSD boot process
Kernel Boot Resolution?
Changing console resolution in FreeBSD 10 with vt(4)
Configuring default resolution for FreeBSD 11 with UEFI

UEFI GOP: screen goes blank during boot after loader is finished

console driver

old: sc — the console driver

new: vt — virtual terminal console driver

wpa_supplicant

# already installed from base-system
$ whereis wpa_supplicant
wpa_supplicant: /usr/sbin/wpa_supplicant
                /usr/share/man/man8/wpa_supplicant.8.gz
                /usr/ports/security/wpa_supplicant

bash

$ pkg install bash
$ pw user mod andreas -s /usr/local/bin/bash

FreeBSD bash Key Bindings

# pkg install drm-kmod-g20190710
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        drm-kmod: g20190710
        drm-fbsd12.0-kmod: 4.16.g20190710
        gpu-firmware-kmod: g20190620

Number of packages to be installed: 3

The process will require 44 MiB more space.
5 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/3] Fetching drm-kmod-g20190710.txz: 100%    808 B   0.8kB/s    00:01
[2/3] Fetching drm-fbsd12.0-kmod-4.16.g20190710.txz: 100%    2 MiB 412.1kB/s    00:05
[3/3] Fetching gpu-firmware-kmod-g20190620.txz: 100%    3 MiB 518.7kB/s    00:07
Checking integrity... done (0 conflicting)
[1/3] Installing gpu-firmware-kmod-g20190620...
[1/3] Extracting gpu-firmware-kmod-g20190620: 100%
[2/3] Installing drm-fbsd12.0-kmod-4.16.g20190710...
[2/3] Extracting drm-fbsd12.0-kmod-4.16.g20190710: 100%
[3/3] Installing drm-kmod-g20190710...
Message from drm-fbsd12.0-kmod-4.16.g20190710:

The drm-fbsd12.0-kmod port can be enabled for amdgpu (for AMD GPUs starting
with the HD7000 series / Tahiti) or i915kms (for Intel APUs starting with
HD3000 / Sandy Bridge) through kld_list in /etc/rc.conf. radeonkms for older
AMD GPUs can be loaded and there are some positive reports if EFI boot is NOT
enabled (similar to amdgpu).

For amdgpu: kld_list="amdgpu"
For Intel: kld_list="/boot/modules/i915kms.ko"
For radeonkms: kld_list="/boot/modules/radeonkms.ko"

Please ensure that all users requiring graphics are members of the
"video" group.

Older generations are supported by the legacy kms modules (radeonkms /
i915kms) in base or by installing graphics/drm-legacy-kmod.
---<<BOOT>>---
Copyright (c) 1992-2018 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 12.0-RELEASE-p7 GENERIC amd64
FreeBSD clang version 6.0.1 (tags/RELEASE_601/final 335540) (based on LLVM 6.0.1)
VT(efifb): resolution 1024x768
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2494.39-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x206a7  Family=0x6  Model=0x2a  Stepping=7
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x1fbae3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX>
  AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
  AMD Features2=0x1<LAHF>
  XSAVE Features=0x1<XSAVEOPT>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 4002455552 (3817 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <SECCSD LH43STAR>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 hardware threads
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-23 on motherboard
Launching APs: 1 2 3
Timecounter "TSC-low" frequency 1247193490 Hz quality 1000
random: entropy device external interface
kbd1 at kbdmux0
netmap: loaded module
[ath_hal] loaded
module_register_init: MOD_LOAD (vesa, 0xffffffff810f9a00, 0) error 19
nexus0
efirtc0: <EFI Realtime Clock> on motherboard
efirtc0: registered as a time-of-day clock, resolution 1.000000s
cryptosoft0: <software crypto> on motherboard
acpi0: <SECCSD LH43STAR> on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
Event timer "HPET3" frequency 14318180 Hz quality 440
Event timer "HPET4" frequency 14318180 Hz quality 440
atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_ec0: <Embedded Controller: GPE 0x17> port 0x62,0x66 on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vgapci0: <VGA-compatible display> port 0x3000-0x307f mem 0xe0000000-0xe0ffffff,0xb0000000-0xbfffffff,0xc0000000-0xc1ffffff at device 0.0 on pci1
vgapci1: <VGA-compatible display> port 0x4000-0x403f mem 0xe1000000-0xe13fffff,0xd0000000-0xdfffffff irq 16 at device 2.0 on pci0
vgapci1: Boot video device
pci0: <simple comms> at device 22.0 (no driver attached)
ehci0: <Intel Cougar Point USB 2.0 controller> mem 0xe160a000-0xe160a3ff at device 26.0 on pci0
usbus0: EHCI version 1.0
usbus0 on ehci0
usbus0: 480Mbps High Speed USB v2.0
hdac0: <Intel Cougar Point HDA Controller> mem 0xe1600000-0xe1603fff at device 27.0 on pci0
pcib2: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
iwn0: <Intel Centrino Wireless-N 130> mem 0xe1500000-0xe1501fff at device 0.0 on pci2
pcib3: <ACPI PCI-PCI bridge> at device 28.3 on pci0
pci3: <ACPI PCI bus> on pcib3
re0: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0x2000-0x20ff mem 0xe1404000-0xe1404fff,0xe1400000-0xe1403fff at device 0.0 on pci3
re0: Using 1 MSI-X message
re0: ASPM disabled
re0: Chip rev. 0x2c800000
re0: MAC rev. 0x00100000
miibus0: <MII bus> on re0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: e8:03:9a:1a:a5:bc
re0: netmap queues/slots: TX 1/256, RX 1/256
ehci1: <Intel Cougar Point USB 2.0 controller> mem 0xe1609000-0xe16093ff at device 29.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci1
usbus1: 480Mbps High Speed USB v2.0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
ahci0: <Intel Cougar Point AHCI SATA controller> port 0x4088-0x408f,0x4094-0x4097,0x4080-0x4087,0x4090-0x4093,0x4060-0x407f mem 0xe1608000-0xe16087ff at device 31.2 on pci0
ahci0: AHCI v1.30 with 6 3Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich2: <AHCI channel> at channel 2 on ahci0
ahcich3: <AHCI channel> at channel 3 on ahci0
ahcich4: <AHCI channel> at channel 4 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
acpi_acad0: <AC Adapter> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
acpi_tz1: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 0
battery0: <ACPI Control Method Battery> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
Timecounters tick every 1.000 msec
hdacc0: <Realtek ALC269 HDA CODEC> at cad 0 on hdac0
hdaa0: <Realtek ALC269 Audio Function Group> at nid 1 on hdacc0
pcm0: <Realtek ALC269 (Analog 2.0+HP/2.0)> at nid 20,33 and 24,25 on hdaa0
hdacc1: <Intel Cougar Point HDA CODEC> at cad 3 on hdac0
hdaa1: <Intel Cougar Point Audio Function Group> at nid 1 on hdacc1
pcm1: <Intel Cougar Point (HDMI/DP 8ch)> at nid 5 on hdaa1
ugen1.1: <Intel EHCI root HUB> at usbus1
ugen0.1: <Intel EHCI root HUB> at usbus0
uhub0: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <WDC WDS240G2G0A-00JH30 UF450000> ACS-2 ATA SATA 3.x device
ada0: Serial Number 183773804130
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 228944MB (468877312 512 byte sectors)
ses0 at ahciem0 bus 0 scbus4 target 0 lun 0
ses0: <AHCI SGPIO Enclosure 1.00 0001> SEMB S-E-S 2.00 device
ses0: SEMB SES Device
cd0 at ahcich2 bus 0 scbus1 target 0 lun 0
cd0: <Slimtype DVD A DS8A5SH XS21> Removable CD-ROM SCSI device
cd0: Serial Number 110270143545
cd0: 150.000MB/s transfers (SATA 1.x, UDMA5, ATAPI 12bytes, PIO 8192bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed
Trying to mount root from ufs:/dev/ada0p7 [rw]...
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
drmn1: <drmn> on vgapci1
vgapci1: child drmn1 requested pci_enable_io
vgapci1: child drmn1 requested pci_enable_io
[drm] Unable to create a private tmpfs mount, hugepage support will be disabled(-19).
Failed to add WC MTRR for [0xd0000000-0xdfffffff]: -28; performance may suffer
[drm] Got stolen memory base 0xaba00000, size 0x4000000
[drm] Supports vblank timestamp caching Rev 2 (21.10.2013).
[drm] Driver supports precise vblank timestamp query.
[drm] Connector LVDS-1: get mode from tunables:
[drm]   - kern.vt.fb.modes.LVDS-1
[drm]   - kern.vt.fb.default_mode
[drm] Connector VGA-1: get mode from tunables:
[drm]   - kern.vt.fb.modes.VGA-1
[drm]   - kern.vt.fb.default_mode
[drm] Connector HDMI-A-1: get mode from tunables:
[drm]   - kern.vt.fb.modes.HDMI-A-1
[drm]   - kern.vt.fb.default_mode
[drm] Connector DP-1: get mode from tunables:
[drm]   - kern.vt.fb.modes.DP-1
[drm]   - kern.vt.fb.default_mode
[drm] Initialized i915 1.6.0 20171222 for drmn1 on minor 0
VT: Replacing driver "efifb" with new "fb".
start FB_INFO:
type=11 height=768 width=1366 depth=32
cmsize=16 size=4227072
pbase=0xd0361000 vbase=0xfffff800d0361000
name=drmn1 flags=0x0 stride=5504 bpp=32
cmap[0]=0 cmap[1]=7f0000 cmap[2]=7f00 cmap[3]=c4a000
end FB_INFO
drmn1: fb0: inteldrmfb frame buffer device
lo0: link state changed to UP
re0: link state changed to DOWN
ugen1.2: <vendor 0x8087 product 0x0024> at usbus1
uhub2 on uhub0
uhub2: <vendor 0x8087 product 0x0024, class 9/0, rev 2.00/0.00, addr 2> on usbus1
ugen0.2: <vendor 0x8087 product 0x0024> at usbus0
uhub3 on uhub1
uhub3: <vendor 0x8087 product 0x0024, class 9/0, rev 2.00/0.00, addr 2> on usbus0
uhub2: 6 ports with 6 removable, self powered
uhub3: 6 ports with 6 removable, self powered
ugen1.3: <Logitech USB Receiver> at usbus1
ukbd0 on uhub2
ukbd0: <Logitech USB Receiver, class 0/0, rev 2.00/12.03, addr 3> on usbus1
kbd2 at ukbd0
ugen0.3: <Image Processor WebCam SC-0311139N> at usbus0
ugen1.4: <vendor 0x8086 product 0x0189> at usbus1
ums0 on uhub2
ums0: <Logitech USB Receiver, class 0/0, rev 2.00/12.03, addr 3> on usbus1
ums0: 16 buttons and [XYZT] coordinates ID=2
uhid0 on uhub2
uhid0: <Logitech USB Receiver, class 0/0, rev 2.00/12.03, addr 3> on usbus1
ubt0 on uhub2
ubt0: <vendor 0x8086 product 0x0189, class 224/1, rev 2.00/69.19, addr 4> on usbus1
WARNING: attempt to domain_add(bluetooth) after domainfinalize()
re0: link state changed to UP
WARNING: attempt to domain_add(netgraph) after domainfinalize()
Security policy loaded: MAC/ntpd (mac_ntpd)
---<<BOOT>>---
Copyright (c) 1992-2018 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 12.0-RELEASE r341666 GENERIC amd64
FreeBSD clang version 6.0.1 (tags/RELEASE_601/final 335540) (based on LLVM 6.0.1)
VT(efifb): resolution 1024x768
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2494.39-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x206a7  Family=0x6  Model=0x2a  Stepping=7
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x1fbae3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX>
  AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
  AMD Features2=0x1<LAHF>
  XSAVE Features=0x1<XSAVEOPT>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 4002455552 (3817 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <SECCSD LH43STAR>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 hardware threads
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-23 on motherboard
Launching APs: 1 2 3
Timecounter "TSC-low" frequency 1247195878 Hz quality 1000
random: entropy device external interface
kbd1 at kbdmux0
netmap: loaded module
[ath_hal] loaded
module_register_init: MOD_LOAD (vesa, 0xffffffff810f9770, 0) error 19
nexus0
efirtc0: <EFI Realtime Clock> on motherboard
efirtc0: registered as a time-of-day clock, resolution 1.000000s
cryptosoft0: <software crypto> on motherboard
acpi0: <SECCSD LH43STAR> on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
Event timer "HPET3" frequency 14318180 Hz quality 440
Event timer "HPET4" frequency 14318180 Hz quality 440
atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_ec0: <Embedded Controller: GPE 0x17> port 0x62,0x66 on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vgapci0: <VGA-compatible display> port 0x3000-0x307f mem 0xe0000000-0xe0ffffff,0xb0000000-0xbfffffff,0xc0000000-0xc1ffffff at device 0.0 on pci1
vgapci1: <VGA-compatible display> port 0x4000-0x403f mem 0xe1000000-0xe13fffff,0xd0000000-0xdfffffff irq 16 at device 2.0 on pci0
vgapci1: Boot video device
pci0: <simple comms> at device 22.0 (no driver attached)
ehci0: <Intel Cougar Point USB 2.0 controller> mem 0xe160a000-0xe160a3ff at device 26.0 on pci0
usbus0: EHCI version 1.0
usbus0 on ehci0
usbus0: 480Mbps High Speed USB v2.0
hdac0: <Intel Cougar Point HDA Controller> mem 0xe1600000-0xe1603fff at device 27.0 on pci0
pcib2: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
iwn0: <Intel Centrino Wireless-N 130> mem 0xe1500000-0xe1501fff at device 0.0 on pci2
pcib3: <ACPI PCI-PCI bridge> at device 28.3 on pci0
pci3: <ACPI PCI bus> on pcib3
re0: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0x2000-0x20ff mem 0xe1404000-0xe1404fff,0xe1400000-0xe1403fff at device 0.0 on pci3
re0: Using 1 MSI-X message
re0: ASPM disabled
re0: Chip rev. 0x2c800000
re0: MAC rev. 0x00100000
miibus0: <MII bus> on re0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: e8:03:9a:1a:a5:bc
re0: netmap queues/slots: TX 1/256, RX 1/256
ehci1: <Intel Cougar Point USB 2.0 controller> mem 0xe1609000-0xe16093ff at device 29.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci1
usbus1: 480Mbps High Speed USB v2.0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
ahci0: <Intel Cougar Point AHCI SATA controller> port 0x4088-0x408f,0x4094-0x4097,0x4080-0x4087,0x4090-0x4093,0x4060-0x407f mem 0xe1608000-0xe16087ff at device 31.2 on pci0
ahci0: AHCI v1.30 with 6 3Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich2: <AHCI channel> at channel 2 on ahci0
ahcich3: <AHCI channel> at channel 3 on ahci0
ahcich4: <AHCI channel> at channel 4 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
acpi_acad0: <AC Adapter> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
acpi_tz1: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 0
battery0: <ACPI Control Method Battery> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
Timecounters tick every 1.000 msec
hdacc0: <Realtek ALC269 HDA CODEC> at cad 0 on hdac0
hdaa0: <Realtek ALC269 Audio Function Group> at nid 1 on hdacc0
pcm0: <Realtek ALC269 (Analog 2.0+HP/2.0)> at nid 20,33 and 24,25 on hdaa0
hdacc1: <Intel Cougar Point HDA CODEC> at cad 3 on hdac0
hdaa1: <Intel Cougar Point Audio Function Group> at nid 1 on hdacc1
pcm1: <Intel Cougar Point (HDMI/DP 8ch)> at nid 5 on hdaa1
ugen1.1: <Intel EHCI root HUB> at usbus1
ugen0.1: <Intel EHCI root HUB> at usbus0
uhub0: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <WDC WDS240G2G0A-00JH30 UF450000> ACS-2 ATA SATA 3.x device
ada0: Serial Number 183773804130
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 228944MB (468877312 512 byte sectors)
ses0 at ahciem0 bus 0 scbus4 target 0 lun 0
ses0: <AHCI SGPIO Enclosure 1.00 0001> SEMB S-E-S 2.00 device
ses0: SEMB SES Device
cd0 at ahcich2 bus 0 scbus1 target 0 lun 0
cd0: <Slimtype DVD A DS8A5SH XS21> Removable CD-ROM SCSI device
cd0: Serial Number 110270143545
cd0: 150.000MB/s transfers (SATA 1.x, UDMA5, ATAPI 12bytes, PIO 8192bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed
Trying to mount root from ufs:/dev/ada0p7 [rw]...
lo0: link state changed to UP
re0: link state changed to DOWN
uhub1: 2 ports with 2 removable, self powered
uhub0: 2 ports with 2 removable, self powered
ugen0.2: <vendor 0x8087 product 0x0024> at usbus0
uhub2 on uhub1
uhub2: <vendor 0x8087 product 0x0024, class 9/0, rev 2.00/0.00, addr 2> on usbus0
ugen1.2: <vendor 0x8087 product 0x0024> at usbus1
uhub3 on uhub0
uhub3: <vendor 0x8087 product 0x0024, class 9/0, rev 2.00/0.00, addr 2> on usbus1
uhub2: 6 ports with 6 removable, self powered
uhub3: 6 ports with 6 removable, self powered
ugen1.3: <Logitech USB Receiver> at usbus1
ukbd0 on uhub3
ukbd0: <Logitech USB Receiver, class 0/0, rev 2.00/12.03, addr 3> on usbus1
kbd2 at ukbd0
ugen0.3: <Image Processor WebCam SC-0311139N> at usbus0
re0: link state changed to UP
ugen1.4: <vendor 0x8086 product 0x0189> at usbus1
ums0 on uhub3
ums0: <Logitech USB Receiver, class 0/0, rev 2.00/12.03, addr 3> on usbus1
ums0: 16 buttons and [XYZT] coordinates ID=2
uhid0 on uhub3
uhid0: <Logitech USB Receiver, class 0/0, rev 2.00/12.03, addr 3> on usbus1
re0: link state changed to DOWN
re0: link state changed to UP
ubt0 on uhub3
ubt0: <vendor 0x8086 product 0x0189, class 224/1, rev 2.00/69.19, addr 4> on usbus1
WARNING: attempt to domain_add(bluetooth) after domainfinalize()
WARNING: attempt to domain_add(netgraph) after domainfinalize()
Security policy loaded: MAC/ntpd (mac_ntpd)
re0: link state changed to DOWN
re0: link state changed to UP
info: [drm] Initialized drm 1.1.0 20060810
drmn1: =======================================================
drmn1: This code is obsolete abandonware. Install the graphics/drm-legacy-kmod pkg
drmn1: =======================================================
drmn1: Deprecated code (to be removed in FreeBSD 13): drm2 drivers
drmn1: =======================================================
drmn1: This code is obsolete abandonware. Install the graphics/drm-legacy-kmod pkg
drmn1: =======================================================
drmn1: Deprecated code (to be removed in FreeBSD 13): drm2 drivers
drmn1: <Intel SandyBridge (M)> on vgapci1
info: [drm] Memory usable by graphics device = 2048M
info: [drm] MTRR allocation failed.  Graphics performance may suffer.
intel_iicbb0 on drmn1
iicbus0: <Philips I2C bus> on iicbb0 addr 0xff
iic0: <I2C generic I/O> on iicbus0
iicbus1: <Philips I2C bus> on intel_gmbus0
iic1: <I2C generic I/O> on iicbus1
intel_iicbb1 on drmn1
iicbus2: <Philips I2C bus> on iicbb1 addr 0xff
iic2: <I2C generic I/O> on iicbus2
iicbus3: <Philips I2C bus> on intel_gmbus1
iic3: <I2C generic I/O> on iicbus3
intel_iicbb2 on drmn1
iicbus4: <Philips I2C bus> on iicbb2 addr 0xff
iic4: <I2C generic I/O> on iicbus4
iicbus5: <Philips I2C bus> on intel_gmbus2
iic5: <I2C generic I/O> on iicbus5
intel_iicbb3 on drmn1
iicbus6: <Philips I2C bus> on iicbb3 addr 0xff
iic6: <I2C generic I/O> on iicbus6
iicbus7: <Philips I2C bus> on intel_gmbus3
iic7: <I2C generic I/O> on iicbus7
intel_iicbb4 on drmn1
iicbus8: <Philips I2C bus> on iicbb4 addr 0xff
iic8: <I2C generic I/O> on iicbus8
iicbus9: <Philips I2C bus> on intel_gmbus4
iic9: <I2C generic I/O> on iicbus9
intel_iicbb5 on drmn1
iicbus10: <Philips I2C bus> on iicbb5 addr 0xff
iic10: <I2C generic I/O> on iicbus10
iicbus11: <Philips I2C bus> on intel_gmbus5
iic11: <I2C generic I/O> on iicbus11
info: [drm] MSI enabled 1 message(s)
info: [drm] Supports vblank timestamp caching Rev 1 (10.10.2010).
info: [drm] Driver supports precise vblank timestamp query.
intel_sdvo_ddc_proxy921920 on drmn1
intel_sdvo_ddc_proxy921920: detached
drm_iic_dp_aux0 on drmn1
drmn1: taking over the fictitious range 0xd0000000-0xe0000000
info: [drm] Connector LVDS-1: get mode from tunables:
info: [drm]   - kern.vt.fb.modes.LVDS-1
info: [drm]   - kern.vt.fb.default_mode
info: [drm] Connector VGA-1: get mode from tunables:
info: [drm]   - kern.vt.fb.modes.VGA-1
info: [drm]   - kern.vt.fb.default_mode
info: [drm] Connector HDMI-A-1: get mode from tunables:
info: [drm]   - kern.vt.fb.modes.HDMI-A-1
info: [drm]   - kern.vt.fb.default_mode
info: [drm] Connector DP-1: get mode from tunables:
info: [drm]   - kern.vt.fb.modes.DP-1
info: [drm]   - kern.vt.fb.default_mode
fbd1 on drmn1
VT: Replacing driver "efifb" with new "fb".
info: [drm] Initialized i915 1.6.0 20080730 for drmn1 on minor 1
info: [drm] Enabling RC6 states: RC6 on, RC6p off, RC6pp off

SKINTEGRITY / Fluedema

SKINTEGRITY
Teilprojekte von SKINTEGRITY
ETH Zürich Foundation: SKINTEGRITY

Qt

C++

“warning: use of old-style cast” in g++ [duplicate]
When should static_cast, dynamic_cast, const_cast and reinterpret_cast be used?
What are the rules about using an underscore in a C++ identifier?

Overloading Macro on Number of Arguments

Installer

C:\Users\andreas\Documents\QtProjects\FluoedemaSource\DatabaseSelect\release\v0.1\packages\ch.zhaw.fluedema\data
> C:\Qt\5.12.5\mingw73_64\bin\windeployqt.exe DatabaseSelect.exe

C:\Users\andreas\Documents\QtProjects\FluoedemaSource\DatabaseSelect\release\v0.1
> C:\Qt\Tools\QtInstallerFramework\3.1\bin\binarycreator.exe --offline-only -c config\config.xml -p packages DatabaseSelectInstaller.exe

Free SSL Certificate / Zertifikat

Let’s Encrypt
Let’s Encrypt Glossar

ZeroSSL – FREE SSL Certificate Wizard

Wie Sie ein Let’s Encrypt Zertifikat erstellen und in ein Webhosting-Produkt einbinden

Web-Server

How to Secure Apache with SSL and Let’s Encrypt in FreeBSD
NameBasedSSLVHosts
NameBasedSSLVHostsWithSNI

Mail-Server

Certbot: Let’s Encrypt TLS-Zertifikate für Mailserver (Deprecated!)

Wildcard

Generate Wildcard SSL certificate using Let’s Encrypt/Certbot
Wildcard Domain Step-By-Step
ACME v2 Production Environment & Wildcards

Weiterleitung

Weiterleitung auf HTTPS einrichten
Apache2 http zu https Umleitung
QuickTipp: Weiterleitung (redirect) von HTTP auf HTTPS via Apache oder Htaccess

Multiple SSL Certificates with One IP Address

Server Name Indication (SNI)
Using Multiple SSL Certificates in Apache with One IP Address
Apache SNI Browser Support
Multi-Domain (SAN) Certificates – Using Subject Alternative Names
Was ist Server Name Indication (SNI)?
SSL vs. TLS – Worin bestehen die Unterschiede?
SNI (Server Name Indication)

pf

pfctl cheat sheet

py36-certbot

# pkg install py36-certbot
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 24 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py36-certbot: 0.35.1,1
        py36-openssl: 19.0.0
        py36-cryptography: 2.6.1
        py36-six: 1.12.0
        py36-cffi: 1.12.3
        py36-pycparser: 2.19
        py36-asn1crypto: 0.24.0
        py36-josepy: 1.2.0
        py36-acme: 0.35.1,1
        py36-requests-toolbelt: 0.8.0
        py36-requests: 2.21.0
        py36-chardet: 3.0.4_1
        py36-certifi: 2019.6.16
        py36-urllib3: 1.22,1
        py36-pysocks: 1.7.0
        py36-idna: 2.8
        py36-pytz: 2019.1,1
        py36-pyrfc3339: 1.1
        py36-zope.interface: 4.6.0
        py36-zope.component: 4.2.2
        py36-zope.event: 4.1.0
        py36-parsedatetime: 2.4_1
        py36-configobj: 5.0.6_1
        py36-configargparse: 0.14.0

Number of packages to be installed: 24

The process will require 27 MiB more space.
7 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/24] Fetching py36-certbot-0.35.1,1.txz: 100%  458 KiB 468.8kB/s    00:01
[2/24] Fetching py36-openssl-19.0.0.txz: 100%   86 KiB  87.8kB/s    00:01
[3/24] Fetching py36-cryptography-2.6.1.txz: 100%  326 KiB 334.0kB/s    00:01
[4/24] Fetching py36-six-1.12.0.txz: 100%   19 KiB  18.9kB/s    00:01
[5/24] Fetching py36-cffi-1.12.3.txz: 100%  200 KiB 205.0kB/s    00:01
[6/24] Fetching py36-pycparser-2.19.txz: 100%  164 KiB 167.6kB/s    00:01
[7/24] Fetching py36-asn1crypto-0.24.0.txz: 100%  156 KiB 159.3kB/s    00:01
[8/24] Fetching py36-josepy-1.2.0.txz: 100%   73 KiB  75.3kB/s    00:01
[9/24] Fetching py36-acme-0.35.1,1.txz: 100%  125 KiB 128.2kB/s    00:01
[10/24] Fetching py36-requests-toolbelt-0.8.0.txz: 100%    4 MiB   1.6MB/s    00:03
[11/24] Fetching py36-requests-2.21.0.txz: 100%   82 KiB  84.4kB/s    00:01
[12/24] Fetching py36-chardet-3.0.4_1.txz: 100%  154 KiB 157.9kB/s    00:01
[13/24] Fetching py36-certifi-2019.6.16.txz: 100%  145 KiB 148.0kB/s    00:01
[14/24] Fetching py36-urllib3-1.22,1.txz: 100%  157 KiB 161.1kB/s    00:01
[15/24] Fetching py36-pysocks-1.7.0.txz: 100%   23 KiB  23.8kB/s    00:01
[16/24] Fetching py36-idna-2.8.txz: 100%   76 KiB  78.2kB/s    00:01
[17/24] Fetching py36-pytz-2019.1,1.txz: 100%  157 KiB 160.4kB/s    00:01
[18/24] Fetching py36-pyrfc3339-1.1.txz: 100%    8 KiB   8.1kB/s    00:01
[19/24] Fetching py36-zope.interface-4.6.0.txz: 100%  190 KiB 194.7kB/s    00:01
[20/24] Fetching py36-zope.component-4.2.2.txz: 100%   91 KiB  93.4kB/s    00:01
[21/24] Fetching py36-zope.event-4.1.0.txz: 100%    8 KiB   7.8kB/s    00:01
[22/24] Fetching py36-parsedatetime-2.4_1.txz: 100%   57 KiB  58.3kB/s    00:01
[23/24] Fetching py36-configobj-5.0.6_1.txz: 100%   51 KiB  52.1kB/s    00:01
[24/24] Fetching py36-configargparse-0.14.0.txz: 100%   24 KiB  24.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/24] Installing py36-pycparser-2.19...
[1/24] Extracting py36-pycparser-2.19: 100%
[2/24] Installing py36-six-1.12.0...
[2/24] Extracting py36-six-1.12.0: 100%
[3/24] Installing py36-cffi-1.12.3...
[3/24] Extracting py36-cffi-1.12.3: 100%
[4/24] Installing py36-asn1crypto-0.24.0...
[4/24] Extracting py36-asn1crypto-0.24.0: 100%
[5/24] Installing py36-cryptography-2.6.1...
[5/24] Extracting py36-cryptography-2.6.1: 100%
[6/24] Installing py36-openssl-19.0.0...
[6/24] Extracting py36-openssl-19.0.0: 100%
[7/24] Installing py36-pysocks-1.7.0...
[7/24] Extracting py36-pysocks-1.7.0: 100%
[8/24] Installing py36-idna-2.8...
[8/24] Extracting py36-idna-2.8: 100%
[9/24] Installing py36-chardet-3.0.4_1...
[9/24] Extracting py36-chardet-3.0.4_1: 100%
[10/24] Installing py36-certifi-2019.6.16...
[10/24] Extracting py36-certifi-2019.6.16: 100%
[11/24] Installing py36-urllib3-1.22,1...
[11/24] Extracting py36-urllib3-1.22,1: 100%
[12/24] Installing py36-requests-2.21.0...
[12/24] Extracting py36-requests-2.21.0: 100%
[13/24] Installing py36-pytz-2019.1,1...
[13/24] Extracting py36-pytz-2019.1,1: 100%
[14/24] Installing py36-josepy-1.2.0...
[14/24] Extracting py36-josepy-1.2.0: 100%
[15/24] Installing py36-requests-toolbelt-0.8.0...
[15/24] Extracting py36-requests-toolbelt-0.8.0: 100%
[16/24] Installing py36-pyrfc3339-1.1...
[16/24] Extracting py36-pyrfc3339-1.1: 100%
[17/24] Installing py36-zope.interface-4.6.0...
[17/24] Extracting py36-zope.interface-4.6.0: 100%
[18/24] Installing py36-zope.event-4.1.0...
[18/24] Extracting py36-zope.event-4.1.0: 100%
[19/24] Installing py36-acme-0.35.1,1...
[19/24] Extracting py36-acme-0.35.1,1: 100%
[20/24] Installing py36-zope.component-4.2.2...
[20/24] Extracting py36-zope.component-4.2.2: 100%
[21/24] Installing py36-parsedatetime-2.4_1...
[21/24] Extracting py36-parsedatetime-2.4_1: 100%
[22/24] Installing py36-configobj-5.0.6_1...
[22/24] Extracting py36-configobj-5.0.6_1: 100%
[23/24] Installing py36-configargparse-0.14.0...
[23/24] Extracting py36-configargparse-0.14.0: 100%
[24/24] Installing py36-certbot-0.35.1,1...
[24/24] Extracting py36-certbot-0.35.1,1: 100%

Message from py36-urllib3-1.22,1:
Be careful, support of IPv6 is broken with PySocks 1.5.7.

Message from py36-certbot-0.35.1,1:
===========================================================================

This port installs the "standalone" client only, which does not use and
is not the certbot-auto bootstrap/wrapper script.

The simplest form of usage to obtain certificates is:

 # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>

NOTE:

The client requires the ability to bind on TCP port 80 or 443 (depending
on the --preferred-challenges option used). If a server is running on that
port, it will need to be temporarily stopped so that the standalone server
can listen on that port to complete the challenge authentication process.

For more information on the 'standalone' mode, see:

  https://certbot.eff.org/docs/using.html#standalone

The certbot plugins to support apache and nginx certificate installation
will be made available in the following ports:

 * Apache plugin: security/py-certbot-apache
 * Nginx plugin: security/py-certbot-nginx

===========================================================================
# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: ns3.te-clan.ch
    Domains: ns3.te-clan.ch
    Expiry Date: 2019-11-17 07:43:26+00:00 (VALID: 89 days)
    Certificate Path: /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem
    Private Key Path: /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# certbot certonly --standalone -d XXX
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): XXX

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ns3.te-clan.ch
Waiting for verification...
Challenge failed for domain ns3.te-clan.ch
http-01 challenge for ns3.te-clan.ch
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ns3.te-clan.ch
   Type:   connection
   Detail: dns :: DNS problem: NXDOMAIN looking up A for
   ns3.te-clan.ch

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /usr/local/etc/letsencrypt. You should
   make a secure backup of this folder now. This configuration
   directory will also contain certificates and private keys obtained
   by Certbot so making regular backups of this folder is ideal.

# ping ns3.te-clan.ch
ping: cannot resolve ns3.te-clan.ch: Unknown host

### DNS CONFIG ###

# ping ns3.te-clan.ch
PING ns3.te-clan.ch (185.72.247.169): 56 data bytes
64 bytes from 185.72.247.169: icmp_seq=0 ttl=64 time=0.162 ms
64 bytes from 185.72.247.169: icmp_seq=1 ttl=64 time=0.159 ms

# certbot certonly --standalone -d ns3.te-clan.ch
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ns3.te-clan.ch
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem
   Your key file has been saved at:
   /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/privkey.pem
   Your cert will expire on 2019-11-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
# service apache24 stop
Stopping apache24.
Waiting for PIDS: 46220.

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/ns3.te-clan.ch.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ns3.te-clan.ch
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

FreeBSD 12 & BIND 914

FreeBSD: Install an authoritative DNS server (BIND) (with DNSSEC)

pkg install bind914
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 13 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        bind914: 9.14.3
        libxml2: 2.9.9
        libidn2: 2.2.0
        libunistring: 0.9.10_1
        bind-tools: 9.14.3
        python36: 3.6.9
        readline: 8.0.0
        libffi: 3.2.1_3
        py36-ply: 3.11
        py36-setuptools: 41.0.1
        libedit: 3.1.20190324,1
        json-c: 0.13.1
        lmdb: 0.9.23,1
[...]
Message from python36-3.6.9:

===========================================================================

Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py36-gdbm       databases/py-gdbm@py36
py36-sqlite3    databases/py-sqlite3@py36
py36-tkinter    x11-toolkits/py-tkinter@py36

===========================================================================
Message from bind914-9.14.3:

BIND requires configuration of rndc, including a "secret"
key.  The easiest, and most secure way to configure rndc is
to run 'rndc-confgen -a' to generate the proper conf file,
with a new random key, and appropriate file permissions.

The /usr/local/etc/rc.d/named script will do that for you.

If using syslog to log the BIND9 activity, and using a
chroot'ed installation, you will need to tell syslog to install
a log socket in the BIND9 chroot by running:

  # sysrc altlog_proglist+=named

And then restarting syslogd with: service syslogd restart

Test / Analyzer

MX Toolbox – SuperTool
DNS Checker
Verisign Labs – DNSSEC Analyzer

$ ls /usr/local/etc/namedb
namedb -> /var/named/etc/namedb

$ ls -la /var/named
dev
etc
usr
var

$ ls -la /var/named/etc/namedb
bind.keys
dynamic
master
named.conf
named.root
rndc.key
slave
working

$ cat /etc/fstab
# Device        Mountpoint      FStype    Options           Dump    Pass#
/dev/ada0p2     /               ufs       rw                1       1
/dev/ada0p3     none            swap      sw                0       0
/dev/ada0p4     /var            ufs       rw                2       2
/dev/ada0p5     /tmp            ufs       rw                2       2
/dev/ada0p6     /usr            ufs       rw                2       2
fdesc           /dev/fd         fdescfs   rw                0       0
devfs           /var/named/dev  devfs     rw,ruleset=4      0       0
$ /usr/local/sbin/named -fg -t /var/named -u bind -c /usr/local/etc/namedb/named.conf

Qt: evileg.com Qt/C++ – Tutorial

Qt/C++ – Lesson 004. QSqlTableModel – How to present the table from database?
Qt/C++ – Lesson 008. QDataWidgetMapper – Working with the database via a widget
Qt/C++ – Lesson 019. How to paint triangle in Qt5. Positioning shapes in QGraphicsScene
Qt/C++ – Lesson 021. The drawing mouse in Qt
Qt/C++ – Lesson 027. Polymorphism in Qt by the example of geometric shapes in QGraphicsScene
Qt/C++ – Lesson 036. QWebView – How to make simple browser on the Qt
Qt/C++ – Lesson 045. SvgReader on the Qt. Loading data from SVG file into QGraphicsScene
Qt/C++ – Lesson 050. Logging Qt application events to a text file
Qt/C++ – Lesson 054. Reading data from a CSV file, and their representation via QStandardItemModel
Qt/C++ – Lesson 056. Connecting the Boost library in Qt for MinGW and MSVC compilers
Qt/C++ – Tutorial 063. Adding windows inside the main application window using QMdiArea
Qt/C++ – Tutorial 067. Using QMultiMap for a dictionary of synonyms
Qt/C++ – Tutorial 068. Hello World using the CMAKE build system in CLion
Qt/C++ – Tutorial 069. XOR Encryption
Qt/C++ – Tutorial 070. Crop image using QGraphicsScene
Qt/C++ – Tutorial 072. An example of a vector editor on Qt
Qt/C++ – Tutorial 073. Signals and slots. Connecting Slots to Overloaded Signals in the Qt5 Syntax
Qt/C++ – Tutorial 075. Improving the syntax of signals and slots in Qt 5.7 and above for overloaded signals and slots
Qt/C++ – Tutorial 076. Visualizing Mathematical Formulas on Qt
Qt/C++ – Tutorial 078. Do not mix the old syntax of signals and slots on SIGNAL SLOT macros with new syntax on pointers
Qt/C++ – Tutorial 079. foreach vs range-based for in C++11?
Qt/C++ – Tutorial 081. How to make a base class for widgets using ui form files
Qt/C++ – Tutorial 082. Custom widgets in the Qt Designer
Qt/C++ – Tutorial 083. Creating a dynamic library and connecting it to another project
Qt/C++ – Tutorial 084. How to run JavaScript code in a C ++ application using the example of working with two variables
Qt/C++ – Tutorial 086. Using QSequentialAnimationGroup and QPropertyAnimation to move a button
Qt/C++ – Tutorial 087. Get the maximum number of multiple input fields QLineEdit
Qt/C++ – Tutorial 088. Text search with highlighting in QTextEdit

WinAPI

Qt WinAPI – Lesson 009. SetWindowsHookEx – Logging mouse events via WinAPI