1. FreeBSD概述与环境规划
FreeBSD是一个类UNIX操作系统,以其高性能、高可靠性和先进的网络功能而闻名。FreeBSD被广泛应用于服务器、嵌入式设备和网络设备中,是许多知名互联网公司的首选操作系统。更多学习教程www.fgedu.net.cn
1.1 FreeBSD版本说明
FreeBSD采用分支开发模式,主要版本包括稳定版(STABLE)和发布版(RELEASE)。本教程以FreeBSD 14.0 RELEASE为例进行详细讲解。
# freebsd-version
14.0-RELEASE-p6
# 查看系统详细信息
# uname -a
FreeBSD fgedudb01.fgedu.net.cn 14.0-RELEASE FreeBSD 14.0-RELEASE releng/14.0-n265380-f9716eee8ab GENERIC amd64
# 查看系统架构
# uname -m
amd64
1.2 环境规划
本次安装环境规划如下:
IP地址:192.168.1.51
网关:192.168.1.1
DNS:192.168.1.1
磁盘分区:
/boot/efi 512MB (EFI系统分区)
/ 100GB (根分区)
/data 500GB (数据分区)
/backup 300GB (备份分区)
swap 32GB (交换分区)
1.3 FreeBSD特点
1. ZFS文件系统:原生支持,提供数据完整性和快照功能
2. Jails容器:轻量级虚拟化技术,隔离应用环境
3. Ports系统:源码包管理系统,灵活定制软件
4. pkg工具:二进制包管理,快速安装软件
5. 网络性能:高性能网络协议栈
6. 安全特性:强大的安全机制和审计功能
2. 硬件环境要求与检查
在安装FreeBSD之前,需要对服务器硬件环境进行全面检查。学习交流加群风哥微信: itpux-com
2.1 最低硬件要求
CPU:64位处理器
内存:2GB
磁盘:20GB
推荐配置(生产环境):
CPU:8核心以上
内存:32GB以上(使用ZFS建议64GB以上)
磁盘:500GB以上(建议使用SSD)
网络:千兆网卡
2.2 硬件检查命令
# sysctl hw.model hw.ncpu hw.physmem
hw.model: Intel(R) Xeon(R) Gold 6248R CPU @ 3.00GHz
hw.ncpu: 32
hw.physmem: 67108864512
# 检查内存信息
# sysctl hw.realmem
hw.realmem: 68719476736
# 查看内存使用情况
# top -n | head -5
last pid: 12345; load avg: 0.10, 0.05, 0.01; up 0+01:23:45 10:00:00
62 processes: 2 running, 60 sleeping
CPU: 2.5% user, 0.0% nice, 1.2% system, 0.1% interrupt, 96.2% idle
Mem: 124M Active, 2048M Inact, 58G Free, 1024M Cache, 2048M Buf, 32G Wired
# 检查磁盘信息
# camcontrol devlist
# 查看磁盘分区
# gpart show
=> 40 976773088 ada0 GPT (466G)
40 409600 1 efi (200M)
409640 2097152 2 freebsd-swap (1.0G)
2506792 974266336 3 freebsd-zfs (465G)
# 检查网络接口
# ifconfig
em0: flags=8863
options=81209b
ether 00:0c:29:12:34:56
inet 192.168.1.51 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT
status: active
nd6 options=29
lo0: flags=8049
options=680003
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21
3. FreeBSD系统安装步骤
本节详细介绍FreeBSD 14.0的安装过程,包括图形化安装和命令行安装两种方式。学习交流加群风哥QQ113257174
3.1 下载FreeBSD镜像
# wget https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/14.0/FreeBSD-14.0-RELEASE-amd64-dvd1.iso
# 或使用国内镜像加速
# wget https://mirrors.tuna.tsinghua.edu.cn/freebsd/releases/amd64/amd64/ISO-IMAGES/14.0/FreeBSD-14.0-RELEASE-amd64-dvd1.iso
# 验证ISO文件完整性
# sha256sum FreeBSD-14.0-RELEASE-amd64-dvd1.iso
abc123def456… FreeBSD-14.0-RELEASE-amd64-dvd1.iso
3.2 创建安装介质
# dd if=FreeBSD-14.0-RELEASE-amd64-dvd1.iso of=/dev/da0 bs=4M status=progress && sync
# 输出示例:
3623878656 bytes (3.4 GB, 3.4 GiB) copied, 120 s, 30 MB/s
864+0 records in
864+0 records out
3.3 图形化安装步骤
图形化安装步骤:
步骤1:启动安装程序 – 选择”Install” – 按Enter键
步骤2:选择键盘布局 – 选择”Default”或根据需要选择其他布局
步骤3:设置主机名 – 输入fgedudb01.fgedu.net.cn
步骤4:选择安装组件 – 选择”base-dbg”、”kernel-dbg”、”src”等
步骤5:分区设置 – 选择”Auto (ZFS)”或”Manual”
步骤6:网络配置 – 配置IP地址、网关、DNS
步骤7:设置时区 – 选择Asia/Shanghai
步骤8:设置root密码 – 输入并确认密码
步骤9:创建普通用户 – 设置用户名和密码
步骤10:完成安装 – 退出并重启系统
3.4 使用ZFS自动分区安装
# 安装程序会自动创建以下结构:
# – EFI系统分区(512MB)
# – ZFS池(zroot)
# – zroot/ROOT/default(根文件系统)
# – zroot/tmp(临时文件)
# – zroot/usr(用户程序)
# – zroot/usr/home(用户主目录)
# – zroot/usr/ports(Ports集合)
# – zroot/usr/src(源代码)
# – zroot/var(系统变量数据)
# – zroot/var/audit(审计日志)
# – zroot/var/crash(崩溃转储)
# – zroot/var/log(系统日志)
# – zroot/var/mail(邮件)
# – zroot/var/tmp(临时文件)
# ZFS池配置选项:
# Pool Type: stripe(单盘)、mirror(镜像)、raidz(RAID5)、raidz2(RAID6)
# Pool Name: zroot(默认)
# Force 4K Sectors: yes(建议启用)
# Encrypt Disks: 根据需要选择
3.5 初始系统配置
FreeBSD 14.0-RELEASE (GENERIC) #0 releng/14.0-n265380-f9716eee8ab: Fri Nov 10 05:57:23 UTC 2023
Welcome to FreeBSD!
fgedudb01 login: root
Password:
# 更新系统
# freebsd-update fetch install
# 输出示例:
Looking up update.FreeBSD.org mirrors… 3 mirrors found.
Fetching public key from update.FreeBSD.org… done.
Fetching metadata signature for 14.0-RELEASE from update.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 2 metadata files… done.
Inspecting system… done.
Preparing to download files… done.
Fetching 25 patches…..10….20.. done.
Applying patches… done.
The following files will be updated as part of updating to 14.0-RELEASE-p6:
/bin/freebsd-version
/boot/kernel/kernel
…
Does this look reasonable (y/n)? y
Installing updates… done.
# 更新软件包
# pkg update && pkg upgrade -y
# 输出示例:
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:14:amd64/latest, please wait…
Verifying signature with trusted certificate pkg.freebsd.org.2023102301… done
Installing pkg-1.21.0…
Extracting pkg-1.21.0: 100%
Updating FreeBSD repository catalogue…
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching data.pkg: 100% 7 MiB 3.5MB/s 00:02
Processing entries: 100%
FreeBSD repository update completed. 34258 packages processed.
All repositories are up to date.
4. 网络配置与优化
网络配置是系统安装后的重要环节,需要根据实际环境进行合理配置。更多学习教程公众号风哥教程itpux_com
4.1 配置网络接口
# ifconfig -l
em0 lo0
# 配置静态IP地址
# vi /etc/rc.conf
# 添加以下配置
ifconfig_em0=”inet 192.168.1.51 netmask 255.255.255.0″
defaultrouter=”192.168.1.1″
# 配置DNS
# vi /etc/resolv.conf
nameserver 192.168.1.1
nameserver 8.8.8.8
search fgedu.net.cn
# 启动网络服务
# service netif restart
# 输出示例:
Stopping Network: lo0 em0.
lo0: flags=8049
em0: flags=8863
Starting Network: lo0 em0.
lo0: flags=8049
em0: flags=8863
4.2 配置主机名
# hostname fgedudb01.fgedu.net.cn
# 永久配置
# vi /etc/rc.conf
hostname=”fgedudb01.fgedu.net.cn”
# 配置hosts文件
# vi /etc/hosts
127.0.0.1 localhost localhost.fgedu.net.cn
::1 localhost localhost.fgedu.net.cn
192.168.1.51 fgedudb01.fgedu.net.cn fgedudb01
# 验证主机名
# hostname
fgedudb01.fgedu.net.cn
4.3 网络性能优化
# sysctl kern.ipc.maxsockbuf
kern.ipc.maxsockbuf: 2097152
# 增加网络缓冲区
# sysctl kern.ipc.maxsockbuf=8388608
kern.ipc.maxsockbuf: 2097152 -> 8388608
# 查看TCP缓冲区设置
# sysctl net.inet.tcp.sendspace net.inet.tcp.recvspace
net.inet.tcp.sendspace: 65536
net.inet.tcp.recvspace: 65536
# 增加TCP缓冲区
# sysctl net.inet.tcp.sendspace=262144
# sysctl net.inet.tcp.recvspace=262144
# 查看网络队列长度
# sysctl net.inet.tcp.syncookies
net.inet.tcp.syncookies: 1
# 启用TCP优化
# sysctl net.inet.tcp.slowstart_flightsize=10
# sysctl net.inet.tcp.local_slowstart_flightsize=100
# 永久配置
# vi /etc/sysctl.conf
kern.ipc.maxsockbuf=8388608
net.inet.tcp.sendspace=262144
net.inet.tcp.recvspace=262144
net.inet.tcp.slowstart_flightsize=10
net.inet.tcp.local_slowstart_flightsize=100
5. 内核参数配置
内核参数对系统性能和稳定性至关重要,需要根据实际应用场景进行优化配置。from:www.itpux.com
5.1 配置sysctl参数
# vi /etc/sysctl.conf
# 添加以下内核参数
# 文件描述符限制
kern.maxfiles=6815744
kern.maxfilesperproc=3276800
# 共享内存参数
kern.ipc.shmmax=34359738368
kern.ipc.shmall=8388608
kern.ipc.shmmni=4096
kern.ipc.shmseg=1024
# 信号量参数
kern.ipc.semmni=1024
kern.ipc.semmns=65536
kern.ipc.semmnu=1024
kern.ipc.semmsl=256
kern.ipc.semopm=128
kern.ipc.semume=64
# 网络参数
net.inet.ip.portrange.first=9000
net.inet.ip.portrange.last=65535
net.inet.tcp.sendspace=262144
net.inet.tcp.recvspace=262144
net.inet.udp.recvspace=262144
net.local.stream.sendspace=262144
net.local.stream.recvspace=262144
# 内存参数
vm.swappiness=10
vm.dirty_background_ratio=5
vm.dirty_ratio=10
# 安全参数
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.conservative_signals=1
# sysctl -f /etc/sysctl.conf
# 输出示例:
kern.maxfiles: 6815744
kern.maxfilesperproc: 3276800
kern.ipc.shmmax: 34359738368
kern.ipc.shmall: 8388608
…
# 验证参数设置
# sysctl kern.maxfiles
kern.maxfiles: 6815744
# sysctl kern.ipc.shmmax
kern.ipc.shmmax: 34359738368
5.2 配置用户资源限制
# vi /etc/login.conf
# 修改default用户类
default:\
:passwd_format=sha512:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
:nologin=/var/run/nologin:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=unlimited:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=65535:\
:maxproc=unlimited:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:
# 重建login.conf数据库
# cap_mkdb /etc/login.conf
# 验证配置
# ulimit -a
cputime unlimited
filesize unlimited
datasize unlimited
stacksize unlimited
coredumpsize unlimited
memoryuse unlimited
memorylocked unlimited
maxproc unlimited
openfiles 65535
sbsize unlimited
vmemoryuse unlimited
5.3 配置大内存页
# sysctl vm.largepages
vm.largepages: 0
# 配置大内存页数量
# sysctl vm.largepages=10240
vm.largepages: 0 -> 10240
# 查看大内存页信息
# sysctl vm.largepages vm.largepages_free
vm.largepages: 10240
vm.largepages_free: 10240
# 永久配置
# vi /etc/sysctl.conf
vm.largepages=10240
# 查看内存信息
# vmstat -m | head -10
Item Total Limit Used Free Requests Failures
umtx_shm 0 0 0 0 0 0
vntoken 0 0 0 0 0 0
khelp 0 0 0 0 0 0
pmc 0 0 0 0 0 0
temp 0 0 0 0 0 0
6. 存储配置与优化
存储配置直接影响系统性能,FreeBSD的ZFS文件系统提供了强大的存储管理功能。更多学习教程www.fgedu.net.cn
6.1 ZFS文件系统管理
# zpool status
pool: zroot
state: ONLINE
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
ada0p3 ONLINE 0 0 0
errors: No known data errors
# 查看ZFS文件系统
# zfs list
NAME USED AVAIL REFER MOUNTPOINT
zroot 50.0G 400G 96K /zroot
zroot/ROOT 49.5G 400G 96K none
zroot/ROOT/default 49.5G 400G 49.5G /
zroot/tmp 256M 400G 256M /tmp
zroot/usr 128K 400G 96K /usr
zroot/usr/home 96K 400G 96K /usr/home
zroot/usr/ports 256M 400G 256M /usr/ports
zroot/usr/src 128K 400G 96K /usr/src
zroot/var 256M 400G 256M /var
zroot/var/log 96K 400G 96K /var/log
zroot/var/tmp 96K 400G 96K /var/tmp
# 创建新的ZFS文件系统
# zfs create -o mountpoint=/data zroot/data
# 设置ZFS属性
# zfs set compression=lz4 zroot/data
# zfs set atime=off zroot/data
# zfs set recordsize=128K zroot/data
# 验证设置
# zfs get compression,atime,recordsize zroot/data
NAME PROPERTY VALUE SOURCE
zroot/data compression lz4 local
zroot/data atime off local
zroot/data recordsize 128K local
6.2 创建ZFS镜像池
# zpool create datamirror mirror ada1 ada2
# 输出示例:
# zpool status datamirror
pool: datamirror
state: ONLINE
config:
NAME STATE READ WRITE CKSUM
datamirror ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada1 ONLINE 0 0 0
ada2 ONLINE 0 0 0
errors: No known data errors
# 创建RAIDZ池(类似RAID5)
# zpool create dataraidz raidz ada1 ada2 ada3
# 创建RAIDZ2池(类似RAID6)
# zpool create dataraidz2 raidz2 ada1 ada2 ada3 ada4
# 添加缓存设备(L2ARC)
# zpool add zroot cache ada5
# 添加日志设备(ZIL)
# zpool add zroot log ada6
6.3 ZFS性能优化
# zpool iostat 1 5
capacity operations bandwidth
pool alloc free read write read write
———- —– —– —– —– —– —–
zroot 50.0G 400G 5 10 256K 512K
zroot 50.0G 400G 2 5 128K 256K
zroot 50.0G 400G 0 3 64K 192K
zroot 50.0G 400G 1 4 96K 224K
zroot 50.0G 400G 0 2 32K 128K
# 设置ZFS ARC缓存大小
# sysctl vfs.zfs.arc_max=34359738368
vfs.zfs.arc_max: 17179869184 -> 34359738368
# 查看ARC缓存使用情况
# arc_summary
ARC size (current): 12.5 % 2.5 GiB
Target size (adaptive): 25.0 % 5.0 GiB
Min size (hard limit): 6.2 % 1.2 GiB
Max size (high water): 100.0 % 20.0 GiB
# 设置预读
# sysctl vfs.zfs.prefetch_disable=0
# 永久配置
# vi /etc/sysctl.conf
vfs.zfs.arc_max=34359738368
vfs.zfs.prefetch_disable=0
# ZFS快照管理
# 创建快照
# zfs snapshot zroot/data@backup-20260404
# 查看快照
# zfs list -t snapshot
NAME USED AVAIL REFER MOUNTPOINT
zroot/data@backup-20260404 0B – 100G –
# 回滚快照
# zfs rollback zroot/data@backup-20260404
# 发送快照到远程
# zfs send zroot/data@backup-20260404 | ssh backup-server “zfs receive backuppool/data”
7. 安全配置与防火墙
安全配置是生产环境的重要环节,FreeBSD提供了多种安全机制。学习交流加群风哥微信: itpux-com
7.1 配置PF防火墙
# vi /etc/rc.conf
pf_enable=”YES”
pf_rules=”/etc/pf.conf”
pflog_enable=”YES”
pflog_logfile=”/var/log/pflog”
# 创建PF规则文件
# vi /etc/pf.conf
# 添加以下规则
# 定义变量
ext_if=”em0″
tcp_services=”{ 22, 80, 443, 3306, 5432 }”
udp_services=”{ 53 }”
# 默认策略
set block-policy return
set skip on lo0
# 规范化数据包
scrub in all
# NAT规则(如需要)
# nat on $ext_if from 192.168.1.0/24 to any -> ($ext_if)
# 过滤规则
block in all
pass out all keep state
# 允许SSH
pass in on $ext_if proto tcp from any to any port 22
# 允许Web服务
pass in on $ext_if proto tcp from any to any port { 80, 443 }
# 允许数据库服务
pass in on $ext_if proto tcp from 192.168.1.0/24 to any port { 3306, 5432 }
# 允许DNS
pass in on $ext_if proto udp from any to any port 53
# 允许ICMP
pass in on $ext_if inet proto icmp all icmp-type echoreq
# 启动PF
# service pf start
# 检查PF状态
# pfctl -s all
# 输出示例:
Status: Enabled for 0 days 00:05:00 Debug: Urgent
Interface Stats for em0 IPv4 IPv6
Bytes In 12345678 123456
Bytes Out 8765432 87654
Packets In
Passed 12345 123
Blocked 1234 12
Packets Out
Passed 8765 87
Blocked 123 1
7.2 配置SSH安全
# vi /etc/ssh/sshd_config
# 修改以下配置
Port 22
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
PermitEmptyPasswords no
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers admin@192.168.1.0/24
# 重启SSH服务
# service sshd restart
# 输出示例:
Stopping sshd.
Starting sshd.
# 验证SSH配置
# sshd -t
# 查看SSH服务状态
# service sshd status
sshd is running as pid 12345.
7.3 配置系统安全
# vi /etc/rc.conf
kern_securelevel_enable=”YES”
kern_securelevel=”1″
# 安全级别说明:
# -1: 永久不安全模式
# 0: 不安全模式
# 1: 安全模式(不能卸载文件系统、不能清除文件标志等)
# 2: 高度安全模式(额外限制内核调试)
# 3: 网络安全模式(额外限制网络配置)
# 配置文件标志
# 设置不可变标志
# chflags schg /etc/rc.conf
# chflags schg /etc/sysctl.conf
# 查看文件标志
# ls -lo /etc/rc.conf
-rw-r–r– 1 root wheel schg 1234 Apr 4 10:00 /etc/rc.conf
# 清除文件标志
# chflags noschg /etc/rc.conf
# 启用审计
# vi /etc/rc.conf
auditd_enable=”YES”
# 启动审计服务
# service auditd start
Starting auditd.
8. 系统升级与迁移
系统升级和迁移是运维工作中的重要环节,FreeBSD提供了便捷的升级工具。更多学习教程公众号风哥教程itpux_com
8.1 系统版本升级
# freebsd-update fetch
# 输出示例:
Looking up update.FreeBSD.org mirrors… 3 mirrors found.
Fetching public key from update.FreeBSD.org… done.
Fetching metadata signature for 14.0-RELEASE from update.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 2 metadata files… done.
Inspecting system… done.
Preparing to download files… done.
Fetching 25 patches…..10….20.. done.
Applying patches… done.
The following files will be updated as part of updating to 14.0-RELEASE-p6:
/bin/freebsd-version
/boot/kernel/kernel
…
# 安装更新
# freebsd-update install
# 输出示例:
Installing updates… done.
# 跨版本升级(如从13.x升级到14.x)
# freebsd-update -r 14.0-RELEASE upgrade
# 输出示例:
Looking up update.FreeBSD.org mirrors… 3 mirrors found.
Fetching metadata signature for 13.2-RELEASE from update.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 2 metadata files… done.
Inspecting system… done.
The following components of FreeBSD seem to be installed:
kernel/generic src/src world/base
The following releases of FreeBSD are installed on this system:
13.2-RELEASE
Fetching metadata signature for 14.0-RELEASE from update.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 2 metadata files… done.
Inspecting system… done.
To install the downloaded upgrades, run “/usr/sbin/freebsd-update install”.
# 安装升级
# freebsd-update install
# 重启系统
# reboot
# 完成升级
# freebsd-update install
8.2 软件包升级
# pkg update
# 输出示例:
Updating FreeBSD repository catalogue…
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching data.pkg: 100% 7 MiB 3.5MB/s 00:02
Processing entries: 100%
FreeBSD repository update completed. 34258 packages processed.
All repositories are up to date.
# 升级所有软件包
# pkg upgrade -y
# 输出示例:
Checking for upgrades (25 candidates): 100%
Processing candidates (25 candidates): 100%
The following 25 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
package1: 1.2.3
package2: 4.5.6
Number of packages to be installed: 25
The process will require 50 MiB more space.
25 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/25] Fetching package1-1.2.3.pkg: 100% 2 MiB 1.0MB/s 00:02
…
[25/25] Installing package25-7.8.9…
Extracting package25-7.8.9: 100%
8.3 系统迁移
# 在源系统创建快照
# zfs snapshot -r zroot@migrate-20260404
# 发送快照到目标系统
# zfs send -R zroot@migrate-20260404 | ssh target-server “zfs receive -F zroot”
# 输出示例:
full send of zroot@migrate-20260404 estimated size is 50.0G
total estimated size is 50.0G
TIME SENT SNAPSHOT
10:00:00 256K zroot@migrate-20260404
10:05:00 1.0G zroot@migrate-20260404
…
# 使用dump/restore进行迁移
# 在源系统备份
# dump -0uan -f – / | gzip > /backup/root.dump.gz
# 在目标系统恢复
# cd /target
# gzcat /backup/root.dump.gz | restore -rf –
# 使用rsync迁移数据
# rsync -avz –progress /data/ target-server:/data/
# 输出示例:
sending incremental file list
./
file1.txt
file2.txt
dir1/
dir1/file3.txt
sent 1.5G bytes received 12.3K bytes 25.6M bytes/sec
total size is 50.0G speedup is 33.33
9. 生产环境实战案例
本节提供一个完整的生产环境配置案例,帮助读者更好地理解FreeBSD的实际应用。from:www.itpux.com
9.1 数据库服务器配置案例
主机名:fgedudb01.fgedu.net.cn
IP地址:192.168.1.51
内存:64GB
磁盘:500GB SSD(ZFS)
用途:PostgreSQL数据库服务器
# 1. 配置内核参数
# vi /etc/sysctl.conf
kern.maxfiles=6815744
kern.maxfilesperproc=3276800
kern.ipc.shmmax=34359738368
kern.ipc.shmall=8388608
kern.ipc.semmni=1024
kern.ipc.semmns=65536
vfs.zfs.arc_max=17179869184
# 使配置生效
# sysctl -f /etc/sysctl.conf
# 2. 配置ZFS数据集
# zfs create -o mountpoint=/data/postgresql -o recordsize=16K -o compression=lz4 -o atime=off zroot/postgresql
# zfs create -o mountpoint=/data/postgresql/data -o recordsize=8K zroot/postgresql/data
# zfs create -o mountpoint=/data/postgresql/wal -o recordsize=8K zroot/postgresql/wal
# 3. 安装PostgreSQL
# pkg install -y postgresql15-server postgresql15-contrib
# 输出示例:
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
postgresql15-server: 15.6
postgresql15-contrib: 15.6
Number of packages to be installed: 2
The process will require 150 MiB more space.
Proceed with this action? [y/N]: y
[1/2] Installing postgresql15-server-15.6…
===> Creating groups.
===> Creating users
===> Pre-installation configuration for postgresql15-server-15.6
[2/2] Installing postgresql15-contrib-15.6…
Extracting postgresql15-contrib-15.6: 100%
=====
Message from postgresql15-server-15.6:
The PostgreSQL port has a collection of “side orders”:
postgresql-docs: all documentation
postgresql-contrib: many additional features
…
# 4. 初始化数据库
# service postgresql initdb
# 输出示例:
The files belonging to this database system will be owned by user “postgres”.
This user must also own the server process.
The database cluster will be initialized with locale “C.UTF-8”.
The default text search configuration will be set to “english”.
Data page checksums are disabled.
creating directory /var/db/postgres/data15 … done
creating subdirectories … ok
selecting dynamic shared memory implementation … posix
selecting default max_connections … 100
selecting default shared_buffers … 128MB
selecting default time zone … Asia/Shanghai
creating configuration files … ok
running bootstrap script … ok
performing post-bootstrap initialization … ok
syncing data to disk … ok
Success. You can now start the database server using:
pg_ctl -D /var/db/postgres/data15 -l logfile start
# 5. 启动PostgreSQL服务
# sysrc postgresql_enable=”YES”
# service postgresql start
# 输出示例:
2026-04-04 10:00:00.000 CST [12345] LOG: starting PostgreSQL 15.6 on amd64-portbld-freebsd14.0, compiled by clang-17.0.6, 64-bit
2026-04-04 10:00:00.000 CST [12345] LOG: listening on IPv4 address “127.0.0.1”, port 5432
2026-04-04 10:00:00.000 CST [12345] LOG: listening on Unix socket “/tmp/.s.PGSQL.5432”
2026-04-04 10:00:00.000 CST [12345] LOG: database system is ready to accept connections
9.2 Web服务器配置案例
主机名:fgeduweb01.fgedu.net.cn
IP地址:192.168.1.52
内存:16GB
磁盘:200GB SSD
用途:Nginx Web服务器
# 1. 安装Nginx
# pkg install -y nginx
# 输出示例:
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
nginx: 1.24.0_13,3
Number of packages to be installed: 1
The process will require 5 MiB more space.
Proceed with this action? [y/N]: y
[1/1] Installing nginx-1.24.0_13,3…
Extracting nginx-1.24.0_13,3: 100%
=====
Message from nginx-1.24.0_13,3:
Recent version of the NGINX introduces dynamic modules support.
…
# 2. 配置Nginx
# vi /usr/local/etc/nginx/nginx.conf
# 添加以下配置
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
use kqueue;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
}
}
# 3. 启动Nginx服务
# sysrc nginx_enable=”YES”
# service nginx start
# 输出示例:
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
# 4. 配置PF防火墙
# vi /etc/pf.conf
ext_if=”em0″
tcp_services=”{ 22, 80, 443 }”
block in all
pass out all keep state
pass in on $ext_if proto tcp from any to any port $tcp_services
# 启动PF
# service pf start
9.3 系统监控配置
# pkg install -y net-mgmt/zabbix-agent net-mgmt/prometheus-node_exporter
# 配置Zabbix Agent
# vi /usr/local/etc/zabbix5/zabbix_agentd.conf
Server=192.168.1.100
ServerActive=192.168.1.100
Hostname=fgedudb01.fgedu.net.cn
# 启动Zabbix Agent
# sysrc zabbix_agentd_enable=”YES”
# service zabbix_agentd start
# 输出示例:
Starting zabbix_agentd.
# 配置Node Exporter
# sysrc node_exporter_enable=”YES”
# service node_exporter start
# 输出示例:
Starting node_exporter.
# 查看系统性能
# top -n | head -15
last pid: 12345; load avg: 0.10, 0.05, 0.01; up 0+01:23:45 10:00:00
62 processes: 2 running, 60 sleeping
CPU: 2.5% user, 0.0% nice, 1.2% system, 0.1% interrupt, 96.2% idle
Mem: 124M Active, 2048M Inact, 58G Free, 1024M Cache, 2048M Buf, 32G Wired
Arc: 15G Total, 12G MFU, 3G MRU, 256K Anon, 128K Header, 2G Other
8G Compressed, 32G Uncompressed, 4.00:1 Ratio
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
1234 root 1 20 0 256M 128M select 0:05 0.50% nginx
1235 postgres 1 20 0 512M 256M select 0:10 0.30% postgres
1236 root 1 20 0 128M 64M select 0:02 0.10% sshd
9.4 系统备份配置
# zfs create -o mountpoint=/backup zroot/backup
# 创建ZFS快照备份脚本
# vi /backup/zfs_backup.sh
#!/bin/sh
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_POOL=”zroot”
# 创建快照
zfs snapshot -r ${BACKUP_POOL}@backup_${DATE}
# 发送快照到备份服务器
zfs send -R ${BACKUP_POOL}@backup_${DATE} | ssh backup-server “zfs receive -u backuppool/fgedudb01”
# 清理7天前的快照
zfs list -t snapshot -o name | grep ${BACKUP_POOL}@backup_ | head -n -7 | xargs -n 1 zfs destroy
echo “Backup completed at $(date)”
# 设置脚本权限
# chmod +x /backup/zfs_backup.sh
# 配置定时任务
# crontab -e
0 2 * * * /backup/zfs_backup.sh >> /var/log/backup.log 2>&1
# 验证定时任务
# crontab -l
0 2 * * * /backup/zfs_backup.sh >> /var/log/backup.log 2>&1
# 手动执行备份测试
# /backup/zfs_backup.sh
# 输出示例:
full send of zroot@backup_20260404_020000 estimated size is 50.0G
total estimated size is 50.0G
TIME SENT SNAPSHOT
02:00:00 256K zroot@backup_20260404_020000
02:30:00 25.0G zroot@backup_20260404_020000
03:00:00 50.0G zroot@backup_20260404_020000
Backup completed at Fri Apr 4 03:00:00 CST 2026
# 验证备份快照
# zfs list -t snapshot | head -5
NAME USED AVAIL REFER MOUNTPOINT
zroot@backup_20260404_020000 0B – 100G –
zroot/ROOT@backup_20260404_020000 0B – 49.5G –
zroot/data@backup_20260404_020000 0B – 200G –
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
