proxy - new web proxy machine

guest os: FreeBSD / amd64

cpu: 2

memory size: 1024 MB

storage: file - 4 GB

tmux commands: ls - list session, attach - t ,

tmux keys: ctrl-B command key, ctrl-b i information, ctrl-b t time, ctrl-b d detach,

Work log

2021-06-20: from c2 - upgrade packages via ansible

tingo@kg-core2$ pwd
tingo@kg-core2$ ansible-playbook -l proxy fbsd-pkg-upgrade.yml

PLAY [all] ******************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [proxy]

TASK [fbsd-upgrade : pkg upgrade pkg] ***************************************************************************
ok: [proxy]

TASK [fbsd-upgrade : register installed packages] ***************************************************************
changed: [proxy]

TASK [fbsd-upgrade : pkg upgrade all packages] ******************************************************************
changed: [proxy]

PLAY RECAP ******************************************************************************************************
proxy                      : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

and in /var/log/messages on proxy, I see this

Jun 20 19:18:06 proxy pkg: ca_root_nss upgraded: 3.58 -> 3.63
Jun 20 19:18:09 proxy pkg: nginx upgraded: 1.18.0_45,2 -> 1.18.0_49,2
Jun 20 19:18:23 proxy pkg: readline upgraded: 8.0.4 -> 8.1.0
Jun 20 19:19:13 proxy pkg: python37 upgraded: 3.7.9_1 -> 3.7.10
Jun 20 19:19:18 proxy pkg: sudo upgraded: 1.9.5p2 -> 1.9.7p1

still doesn't upgrade from python 3.7 to 3.8. Perhaps I should use the python3 metapackage instead.

2020-07-19: from c2 - I now have a working ansible playbook for configuring this as a reverse proxy for my web server(s). Test:

tingo@kg-core2$ ansible-playbook proxy.yml -l proxy

PLAY [proxy] **************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [proxy]

TASK [nginx : install nginx] **********************************************************************************************************
ok: [proxy]

TASK [nginx : enable nginx] ***********************************************************************************************************
ok: [proxy]

TASK [reverse-proxy : configure nginx as reverse proxy] *******************************************************************************
ok: [proxy]

PLAY RECAP ****************************************************************************************************************************
proxy                      : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  


2020-07-19: from c2 - check to see which repository pkg uses

tingo@kg-core2$ ansible -m raw -a "pkg -vv | grep url" proxy
proxy | CHANGED | rc=0 >>
    url             : "pkg+",
Shared connection to closed.

so - quarterly.

2020-07-19: from c2, install and configure ansible on the vm:

tingo@kg-core2$ pwd

bootstrap ansible

tingo@kg-core2$ ansible-playbook --become-method su --ask-become-pass -l proxy fbsd-bootstrap.yml
BECOME password:

PLAY [all] ****************************************************************************************************************************

TASK [pkg bootstrap] ******************************************************************************************************************
changed: [proxy]

TASK [pkg update] *********************************************************************************************************************
changed: [proxy]

TASK [install python and sudo] ********************************************************************************************************
changed: [proxy]

TASK [set up wheel group to have passwordless sudo] ***********************************************************************************
[WARNING]: Platform freebsd on host proxy is using the discovered Python interpreter at /usr/local/bin/python3.7, but future
installation of another Python interpreter could change this. See for more information.
changed: [proxy]

PLAY RECAP ****************************************************************************************************************************
proxy                      : ok=4    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  

the playbook looks like this

tingo@kg-core2$ cat fbsd-bootstrap.yml
- hosts: all
  gather_facts: no
  become: yes
  - name: pkg bootstrap
    raw: ASSUME_ALWAYS_YES=yes pkg bootstrap
  - name: pkg update
    raw: pkg update
  - name: install python and sudo
    raw: pkg install -y python37 sudo
  - name: set up wheel group to have passwordless sudo
      path: /usr/local/etc/sudoers
      state: present
      regexp: '^%wheel ALL='
      line: '%wheel ALL=(ALL) NOPASSWD: ALL'
      validate: /usr/local/sbin/visudo -cf %s

from here on, ansible works normally. Quick test

tingo@kg-core2$ ansible -m ping proxy
proxy | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/local/bin/python3.7"
    "changed": false,
    "ping": "pong"

check out the facts

tingo@kg-core2$ ansible -m setup proxy
proxy | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
        "ansible_all_ipv6_addresses": [],
        "ansible_apparmor": {
            "status": "disabled"
        "ansible_architecture": "amd64",
        "ansible_bios_date": "NA",
        "ansible_bios_version": "NA",
        "ansible_date_time": {
            "date": "2020-07-19",
            "day": "19",
            "epoch": "1595168505",
            "hour": "16",
            "iso8601": "2020-07-19T14:21:45Z",
            "iso8601_basic": "20200719T162145496682",
            "iso8601_basic_short": "20200719T162145",
            "iso8601_micro": "2020-07-19T14:21:45.498379Z",
            "minute": "21",
            "month": "07",
            "second": "45",
            "time": "16:21:45",
            "tz": "CEST",
            "tz_offset": "+0200",
            "weekday": "Sunday",
            "weekday_number": "0",
            "weeknumber": "28",
            "year": "2020"
[.. snipped ..]
        "ansible_distribution": "FreeBSD",
        "ansible_distribution_major_version": "11",
        "ansible_distribution_release": "11.4-RELEASE",
        "ansible_distribution_version": "11.4",
[.. snipped ..]
        "ansible_is_chroot": false,
        "ansible_iscsi_iqn": "",
        "ansible_kernel": "11.4-RELEASE",
        "ansible_kernel_version": "FreeBSD 11.4-RELEASE #0 r362094: Fri Jun 12 18:27:15 UTC 2020",
[.. snipped ..]
        "discovered_interpreter_python": "/usr/local/bin/python3.7",
        "gather_subset": [
        "module_setup": true
    "changed": false


2020-07-19: from vm3, create the machine, see below.

2020-07-19: ada0p2 - vm - install FreeBSD 11.4 on the vm 'proxy'

root@kg-vm3# vm install proxy FreeBSD-11.4-RELEASE-amd64-disc1.iso
Starting proxy
  * found guest in /zs/vms/proxy
  * booting...

followed by

root@kg-vm3# vm console proxy

(do the install the usual way). Finished:

root@kg-vm3# vm info proxy
Virtual Machine: proxy
  state: running (89210)
  datastore: default
  loader: bhyveload
  uuid: abeefa3f-c9b4-11ea-96a2-600292b5cd2c
  uefi: default
  cpu: 2
  memory: 1024M
  memory-resident: 145133568 (138.410M)

    com1: tmux/proxy

    number: 0
    emulation: virtio-net
    virtual-switch: public
    fixed-mac-address: 58:9c:fc:04:99:e3
    fixed-device: -
    active-device: tap5
    desc: vmnet-proxy-0-public
    mtu: 1500
    bridge: vm-public
    bytes-in: 491227 (479.713K)
    bytes-out: 7284 (7.113K)

    number: 0
    device-type: file
    emulation: virtio-blk
    options: -
    system-path: /zs/vms/proxy/disk0.img
    bytes-size: 4294967296 (4.000G)
    bytes-used: 1125253120 (1.047G)

2020-07-19: ada0p2 - vm - create a new vm with 2 cpus, 1024M memory and 4G disk

root@kg-vm3# vm create -m 1024M -c 2 -s 4G proxy

2020-07-19: ada0p2 - vm - get an iso of FreeBSD 11.4:

root@kg-vm3# vm iso
/zs/vms/.iso/FreeBSD-11.4-RELEASE-amd64-disc1.         715 MB   27 MBps    26s