Installing FreeBSD 11.0

We will want to install a rather basic server to begin with.
Relevant things to know before installing the server:

For full functionality, we’ll want a domain name as per the Prerequisites page. In this guide, we’ll be using “mydomain.com” as a placeholder.

We will want a server name. This guide uses websrv1, which is both boring and descriptive just like I prefer it. Others use mythological or astronomical names. The important thing is to be able to remember what server performs which functions in your network. The fully qualified hostname – “websrv1.mydomain.com” in this case – should be used when the FreeBSD installer asks for a hostname.
In the Distribution Select window, we’ll keep the default choices of the ports collection, and the 32-bit compatibility layer. Optionally, add the “Additional documentation” choice since is not bad to have, although as we likely have a client computer available it may be simpler to browse the operating system documentation directly on the web.

The partitioning window comes with some choices which may not be entirely self-describing. The short of it is this:

  • If the web server is a virtual machine or if it’s the only system on the computer used (either is fine), I recommend letting the FreeBSD installer take care of partitioning unless we have very specific needs.
  • On relatively modern hardware – definitely if we plan to use a stand-alone computer with disk mirroring or a parity scheme, and if we have plenty of RAM available – ZFS is the way to go in the FreeBSD world. “Plenty” in this case means at least a GB of RAM for every TB of disk space.
  • If the server truly is old, and if we can live with the risks of a less robust file system to gain some performance, UFS may be chosen.

If we go with ZFS, we will have to perform some additional configuration:
Under pool Type/Disks, select the virtual device type. With a single disk, stripe is the natural choice. With two disks, we can use mirror to gain resilience. With more disks available, raid10 is almost always preferable to higher raid levels from a performance+resilience perspective in a general use server, especially if using large disks, at the cost of storage space. In situations where backup routines are excellent and sequential read speeds are much more important than random write speeds, raidz1 (comparable to what’s usually called raid5) and upwards may be preferable.

After choosing a configuration, a list of available disks will show up. Check the ones to include in the configuration and press OK.

The ZFS configuration window also lets us change some other settings related to ZFS, including a security hardening option for encrypting the Swap space if we worry more about data security than about performance. Most other choices should be safe to leave as default, so we select the >>> Install menu choice and proceed.

Root account

The first account we create will be the root account. We will set up sudo later, but until then, this is the privileged account we use to mess with our settings. It’s a good idea to give it a password which is strong, and which we will remember – but different from the one we’ll use for our regular account. Don’t forget to store this password in your password manager.

Network settings

For a basic server installation we want to manually assign the server an IP address, which means not choosing DHCP. As mentioned in the prerequisites we need a basic understanding of our network environment – we need to know which addresses are free to use, we need to know how large our network is, and we need to know the default router. It’s not likely we need IPv6, but we will need to know our domain name (real or fictional), and we need to know our DNS addresses – either local or presented by a service provider we trust.

Time selection

Our server should have a correct local clock. The installer allows us to set the time and date.

System Configuration

When choosing services to start, remember that we can always add services after installation too. The important ones to activate here are sshd, which is marked by default, and ntpd which isn’t, but which will help our server to keep the correct time. Depending on how worried we are about our electricity bill we may want to activate powerd, but it will come at a performance penalty.

System Hardening

Optionally we can enable various settings that will make the system more resilient against attack. I see no real point in not checking them all at this point.

Add User Accounts

We will set up a more-or-less unprivileged account which will allow us to remote into the server using ssh. The account requires one specific non-default setting: It needs to be a member of the group wheel as part of the question “Invite [username] into other groups?”. This group membership makes it possible to su to root, and it is also what we will use to allow sudo usage in a little while.

If we forget the group membership here, we can always fix that once we boot into our environment:

Note that we will not be able to log on as root directly via ssh, so this command would have to be run locally on the server.

After this, we can exit the installer, eject the installation medium, and reboot the server. Welcome to FreeBSD 11.0!