Manually installing complex in a jail (Freenas)

Introduction

Since system administration is a difficult and daunting task, There are many powerful tools were developed to make a system administrator's life easier. A major task of the system is to properly configure the security of a system, so it can continue to serve on the task, without security problems.

 

House of Brands!

One of the tools which can be used to enhance the security of a FreeBSD system are jails. Jails were introduced in FreeBSD 4.X by Poul-Henning Kamp<phk@FreeBSD.org>, but were greatly improved in FreeBSD 5.X to make them stronger and more powerful. The development is still going on, enhancing the use, performance, reliability and security.

1. What a jail

BSD-like systems since 4.2 BSD chroot support. The chroot utility can be used to change the root directory of a set of processes that a safe environment is created for the rest of the system. Processes that are created in a chroot environment can not access files and resources beyond. Consequently, a compromitering of a service that is running in a chroot environment not directly mean that the whole system is compromised. The chroot utility is good enough for simple tasks, where flexibility and advanced and complex options are not needed. Since inventing the concept chroot, there are many opportunities to be able to be found in order to obtain and even though they have been improved in modern versions of FreeBSD, it became clear that chroot was not the most ideal solution for securing services. A new subsystem had to be developed.

This is one of the reasons why jails have been developed.

Jails are an improved concept of the chroot environment, in several respects. In a traditional chroot'ed processes are limited only in the part of the file system that they can approach. The rest of the system resources, (such as the set of system users, the running processes or network subsystem) are shared by the chrooted process and the processes on the host system. Jails expand this model by virtualizing not only access to the file system but also the set of users, the networking subsystem of the FreeBSD kernel and a few other parts.

1.1 A jail has four characteristics:

  • A directory structure - the starting point from which a jail is approached. Once one is in the jail, processes may not come out of this directory structure. Traditional problems chroot(2)Have started at design, do not affect FreeBSD jails.
  • A hostname - the hostname that is used in the jail. Jails are mainly used for hosting network services, thereby the system can really help if there descriptive hostnames are chosen.
  • An IP address - this will be linked to the jail and can be modified in any way during the life of the jail. The IP address of a jail is usually an alias to an existing network interface, but this is not necessary.
  • A command - the path name of an executable file in the jail. This is relative to the root directory of the jail environment and varies by situation, depending on the type of the specific jail environment.

Outside these characteristics, jails may have their own set of users and root user. Of course, the possibilities of the root user are limited to the jail environment and, seen from the host system, the root user is not super-user. Furthermore, it is not allowed to perform critical operations to the root user in a jail environment on the system outside the defined jail environment.

https://www.freebsd.org/doc/nl/books/handbook/jails-intro.html

2. Wat is plex

 

Plex is a service, a media center service to be exact. From mediacenterdienst kan al glad I, movies and series to own music, videos and photos, index and make available on various devices. Plex works with PC, Mac, Linux, Android, iOS, smart TVs and more recently the Chromecast. Plex makes Netflix superfluous, if you're running your own server with for example. Freenas.

FreeNAS is an open source software package that allows you to build a NAS. The basis of FreeNAS is a stripped down version of the operating system FreeBSD, the configuration is easily accessible through a GUI. How to configure Freenas to happen I will not explain in this post, but how can you install plex manually in a jail.

2.1 install complex in a jail

 

To begin, navigate to the address of your server and click Freenas jails and then add jails after a window pops up.

jail buttonHere you fill in the following information:

  • Jail name: plex (you can choose a different name of course)
  • Type: plugin jail of standaard (your choice)
  • IPv4 address: there will be an address assigned by the DHCP, you can change it to your own needs
  • Startup: unchecked (standard)
  • VIMAGE: unchecked (standard)
  • Vanilla: unchecked (standard)

add jails

Once these settings are in order, click OK and navigate to the shell. Be it the shell in the WebGUI or via SSH. Once CONNECTED run the following command:

Jls

The result will be in the nature of the following:

JID IP Adress Hostname Path

1 – plexmediaserver /mnt/Homedisk/jails/plexmediaserver

jls

In this case, the plex jail a JID (jail ID) from 1, now to open a shell in the jail and thereby connect, use the following command:

Jexec 1 tcsh

The following command is to obtain the Ports Collection. The Ports Collection is a set of Makefiles, patches, and description files in / usr / ports. This set of files used to build applications and install FreeBSD.

Portsnap fetch extract

A compressed snapshot of the ports collection is downloaded and extracted into / var / db / portsnap.

Now we plex install with the following command.

cd /usr/ports/multimedia/plexmediaserver/ && make install clean

If you come here at a problem, such as not wanting to install the jail by a missing upgrade, you can use the following command.

Pkg upgrade

Once the installation is successful, we must only ensure that complex starts when the jail start, we do this with the following command.

echo plexmediaserver_enable=”YES” >> /etc/rc.conf

Thereafter, the last command to start plex.

Service plexmediaserver start

Plex is now fully operational and available on the previously assigned IP address.

Etc.. 10.10.10.2:32400/web/index.html

Leave a Reply

Your email address will not be published. Required fields are marked *