A nice commandline walkthrough. Replace 'eyebeam' with your org name

# setting up apache2 + SSL on FreeBSD
# a list of commands you can copy/paste!
# @author Jamie Wilkinson 
# ganked from 

# edit /etc/openssl.conf to set some nice defaults for location, org. name, etc.
# important! change the default dir ./demoCA to /root/sslCA


# setup
cd ~root/
mkdir sslCA
chmod 700 sslCA
cd sslCA
mkdir certs private newcerts
echo 1000 > serial
touch index.txt

# generate certs
openssl req -new -nodes -out eyebeam-req.pem -keyout private/eyebeam-key.pem -config /etc/ssl/openssl.cnf
openssl req -new -x509 -days 3650 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -config /etc/ssl/openssl.cnf
openssl ca -config /etc/ssl/openssl.cnf -out eyebeam-cert.pem -days 3650 -infiles eyebeam-req.pem 

# keep them somewhere handy
mkdir /etc/ssl/crt
mkdir /etc/ssl/key
cp ~root/sslCA/eyebeam-cert.pem /etc/ssl/crt
cp ~root/sslCA/private/eyebeam-key.pem /etc/ssl/key

# add below to an ssl.conf that you include in your httpd.conf
<VirtualHost *:443>
        ServerName colossus.eyebeam.org:443
        SSLEngine on
        SSLCertificateFile /etc/ssl/crt/eyebeam-cert.pem
        SSLCertificateKeyFile /etc/ssl/key/eyebeam-key.pem
        DocumentRoot /www
        CustomLog /var/log/httpd-ssl-access.log combined
        ErrorLog /var/log/httpd-ssl-error.log
VirtualHost>

cd /usr/ports/net/openldap23-server
sudo make install WITH_ODBC=y WITH_ODBC_TYPE=unixodbc

More to come on configuring the beast and accompanying phpLDAPadmin...

{Disclaimer: these were with FreeBSD 5. FreeBSD 6 doesn't seem to have the same issues}

Netperf server running on yumi.textdrive.com (solaris nevada build) and comox.textdrive.com (freebsd 5.4).

Tested from emi.textdrive.com (solaris) and pacific.textdrive.com (freebsd)

Restricted to one 3.2 Ghz Intel Xeon CPU

Representative numbers below and maximum of a gigabit is 128MB/sec

Also done with file sizes of 6400 and 64000 with insignificant differences

---------
LOOPBACKS
---------

Loopback speeds comox -> comox via private IP (All FreeBSD)

# /usr/local/netperf/netperf -fM -H private.comox.textdrive.com -tTCP_STREAM -- -m1472
TCP STREAM TEST to private.comox.textdrive.com
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

65536  32768   1472    10.00      59.79

Loopback speeds comox -> comox via localhost (All FreeBSD)

# /usr/local/netperf/netperf -fM -H 127.0.0.1 -tTCP_STREAM -- -m1472
TCP STREAM TEST to 127.0.0.1
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

65536  32768   1472    10.00     180.22


Loopback speed yumi -> yumi via private IP (All Solaris)

[yumi:/] root# /opt/csw/bin/netperf -fM -H private.yumi.textdrive.com -tTCP_STREAM -- -m1472
TCP STREAM TEST from ::ffff:0.0.0.0 (0.0.0.0) port 0 AF_INET to private.yumi.textdrive.com (10.0.0.247) port 0 AF_INET

Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

49152  49152   1472    10.00     303.60

Loopback speed yumi -> yumi via 127.0.0.1 (All Solaris)

[yumi:/] root# /opt/csw/bin/netperf -fM -H 127.0.0.1 -tTCP_STREAM -- -m1472
TCP STREAM TEST from ::ffff:0.0.0.0 (0.0.0.0) port 0 AF_INET to ::ffff:127.0.0.1 (127.0.0.1) port 0 AF_INET
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

49152  49152   1472    9.99      331.41

-------------
OVER A SWITCH
-------------

FreeBSD -> FreeBSD

pacific# /usr/local/netperf/netperf -fM -H private.comox.textdrive.com -tTCP_STREAM -- -m1472
TCP STREAM TEST to private.comox.textdrive.com
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

65536  32768   1472    10.02       4.86

FreeBSD -> Solaris

pacific# /usr/local/netperf/netperf -fM -H private.yumi.textdrive.com -tTCP_STREAM -- -m1472
TCP STREAM TEST to private.yumi.textdrive.com
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

49152  32768   1472    10.01       4.95

Solaris -> FreeBSD

[emi:/] root# /opt/csw/bin/netperf -fM -H private.comox.textdrive.com -tTCP_STREAM -- -m1472
TCP STREAM TEST from ::ffff:0.0.0.0 (0.0.0.0) port 0 AF_INET to private.comox.textdrive.com (10.0.0.189) port 0 AF_INET
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

65536  49152   1472    10.07      44.13

Solaris -> Solaris

[emi:/] root# /opt/csw/bin/netperf -fM -H private.yumi.textdrive.com -tTCP_STREAM -- -m1472
TCP STREAM TEST from ::ffff:0.0.0.0 (0.0.0.0) port 0 AF_INET to private.yumi.textdrive.com (10.0.0.247) port 0 AF_INET
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    MBytes/sec

49152  49152   1472    10.00      75.59

Ocassionally things go bad(tm). This has bit me for the second time in approx 3 years now, but generally one needs to load the old FreeBSD kernel to start debugging and going through a box with a fine toothcomb.

The following snipbit gives you an idea what steps to take when rebooting the server so that you can load the previous working copy of the FreeBSD kernel:
When the boot menu appears hit the spacebar to stop the countdown.
Press "6" for "to escape to loader prompt"
unload
load /boot/kernel.old/kernel
boot

Now the old working FreeBSD kerenl is booting up. It would be recommended to copy the last working version to /boot/kernel.last for example so that you can "load /boot/kernel.last/kernel", especially if you are going to be building your kernel multiple times on a server.

This searches for and destroys the zombie processes that linger (and block I/O for an indefinite amount of time) after cron starts up on a shared server:

for each in `ps jauxww | grep Z | grep -v PID | awk '{print $3}'`; do for every in `ps auxw | grep $each | grep cron | awk '{print $2}'`; do kill -9 $every; done; done

User the "begin routers" section add:

route_append:
    driver = manualroute
    domains = *
    transport = remote_smtp
    route_data = "smarthost.host.name byname"

Given that this isn't something I do regularly, it's handy to have the commands to hand so I don't have to scroll through man pages trying to remember how to do it.

Clear the disk

# dd if=/dev/zero of=/dev/ad1 bs=1k count=1

Initialise it

# fdisk -BI ad1

Label it, then edit the labels created

# bsdlabel -B -w ad1s1 auto
# bsdlabel -e ad1s1

Format it with a filesystem

# newfs /dev/ad1s1e

Make directories and mount as appropriate, and you're done!

Install CVSup

cd /usr/ports/net/cvsup-without-gui
make install distclean

Make and populate the CVSup config file

touch /root/cvsup-stable-src.sup
echo '*default host=cvsup14.us.FreeBSD.org' >> /root/cvsup-stable-src.sup
echo '*default base=/var/db' >> /root/cvsup-stable-src.sup
echo '*default prefix=/usr' >> /root/cvsup-stable-src.sup
echo '*default release=cvs tag=RELENG_5' >> /root/cvsup-stable-src.sup
echo '*default delete use-rel-suffix compress' >> /root/cvsup-stable-src.sup
echo ' src-all' >> /root/cvsup-stable-src.sup

Update the /usr/src/ tree

cvsup /root/cvsup-stable-src.sup

Get rid of any old "worlds" and make a new one

rm -rf /usr/obj/usr
cd /usr/src/
make buildworld

Make changes to /usr/src/sys/i386/conf/GENERIC and name it was what you want.

Build the kernel, install the kernel, verify it and dot.old in /boot/, run mergemaster, and install the new world.

make buildkernel KERNCONF=GENERIC
make installkernel KERNCONF=GENERIC
mergemaster -p
make installworld
mergemaster
ls -l /boot/
shutdown -r now

Note, we often run in a securelevel of 1 and have immutable binaries in the system folders. You'll need to edit rc.conf.

nano /etc/rc.conf

kern_securelevel_enable="NO"
kern_securelevel="1"

Reboot

shutdown -r now

Then make things mutable

chflags noschg /bin/*
chflags noschg /sbin/*
chflags noschg /bin
chflags noschg /sbin
chflags noschg /usr/bin/*
chflags noschg /usr/sbin/*
chflags noschg /usr/bin
chflags noschg /usr/sbin

Using "textdrive" as an example

pw groupadd textdrive
pw useradd textdrive -m -c "Main Textdrive account" -d /home/textdrive -s /bin/tcsh -G textdrive -k /usr/share/skel/

Then set the password:

passwd textdrive