使用Owncloud提供日历,联系人,文件服务并通过Roundcube配置网页邮件
既然我们已经拥有了一流的邮件服务器,让我们再为它增加在云上保存通讯录,日程表和文件的能力。这些是所提供的非常赞的服务。在这个弄好后,我们还会设置一个网页邮件,这样就算你没带任何电子设备出去旅行时,或者说在你的手机或笔记本没电的情况下,也可以通过网吧来检查邮件。
安装Owncloud非常直观,而且在有非常好的介绍。在Debian系统里,归根结底就是把owncloud的仓库添加到apt源里,下载Owncloud的发行密钥并安装到apt钥匙链中,然后通过apt-get安装Owncloud:
- echo 'deb /'>>/etc/apt/sources.list.d/owncloud.list
- wget http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_6.0/Release.key
- apt-key add -<Release.key
- apt-get update
- apt-get install apache2 owncloud roundcube
在有提示的时候,选择dbconfig并设置roundcube使用mysql。然后,提供一下mysql的root密码并为roundcube的mysql用户设置一个漂亮的密码。然后,按如下方式编辑roundcube的配置文件/etc/roundcube/main.inc.php,这样登录roundcube默认会使用你的IMAP服务器:
- $rcmail_config['default_host']='ssl://localhost';
- $rcmail_config['default_port']=993;
现在我们来配置一下apache2网页服务器增加SSL支持,这样我们可以和Owncloud和Roundcube对话时使用加密的方式传输我们的密码和数据。让我们打开Apache的SSL模块:
- a2enmod ssl
然后编辑文件/etc/apache2/ports.conf并设定以下参数:
-
NameVirtualHost*:80
Listen80
ServerName
<IfModule mod_ssl.c> - # If you add NameVirtualHost *:443 here, you will also have to change
- # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
-
# to
- # Server Name Indication for SSL named virtual hosts is currently not
- # supported by MSIE on Windows XP.
- NameVirtualHost*:443
- Listen443
- IfModule>
- <IfModule mod_gnutls.c>
- Listen443
- IfModule>
我们将在目录/var/www下为服务器加密连接设定一个默认网站。编辑文件/etc/apache2/sites-available/default-ssl:
-
_default_:443> - ServerAdmin webmaster@localhost
- DocumentRoot /var/www
- ServerName
- [...]
-
/var/www/owncloud> - Deny from all
- [...]
- SSLCertificateFile /etc/ssl/certs/cloud.crt
- SSLCertificateKeyFile /etc/ssl/private/cloud.key
- [...]
然后让我们同时也在目录/var/www下设定一个非加密连接的默认网站。编辑文件/etc/apache2/sites-available/default:
-
_default_:443> - DocumentRoot /var/www
- ServerName
- [...]
-
/var/www/owncloud> - Deny from all
这样的话,我们通过把文件放到/var/www目录下让使用它们提供网站服务。名叫'Deny from all'的指令可以阻止通过访问Owncloud:我们将设定通过来正常访问。
现在我们将设定网页邮件(roundcube),让它可以通过网址来访问。编辑文件/etc/apache2/sites-available/roundcube并写入以下内容:
-
mod_ssl.c> -
*:443> - ServerAdmin webmaster@localhost
- DocumentRoot /var/lib/roundcube
- # The host name under which you'd like to access the webmail
- ServerName webmail.linuxidc.net
-
/> - Options FollowSymLinks
- AllowOverride None
- ErrorLog ${APACHE_LOG_DIR}/error.log
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
- CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
- # do not allow unsecured connections
- # SSLRequireSSL
- SSLCipherSuite HIGH:MEDIUM
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/cloud.crt
- SSLCertificateKeyFile /etc/ssl/private/cloud.key
- # Those aliases do not work properly with several hosts on your apache server
- # Uncomment them to use it or adapt them to your configuration
- Alias /program/js/tiny_mce/ /usr/share/tinymce/www/
- # Access to tinymce files
-
"/usr/share/tinymce/www/"> - Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order allow,deny
- allow from all
-
/var/lib/roundcube/> - Options +FollowSymLinks
- # This is needed to parse /var/lib/roundcube/.htaccess. See its
- # content before setting AllowOverride to None.
- AllowOverride All
- order allow,deny
- allow from all
- # Protecting basic directories:
-
/var/lib/roundcube/config> - Options -FollowSymLinks
- AllowOverride None
-
/var/lib/roundcube/temp> - Options -FollowSymLinks
- AllowOverride None
- Order allow,deny
- Deny from all
-
/var/lib/roundcube/logs> - Options -FollowSymLinks
- AllowOverride None
- Order allow,deny
- Deny from all
-
"\.(cgi|shtml|phtml|php)$"> - SSLOptions +StdEnvVars
-
/usr/lib/cgi-bin> - SSLOptions +StdEnvVars
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # MSIE 7 and newer should be able to use keepalive
- BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
然后在你的DNS服务商那里声明一下服务器,例如:
- webmail.linuxidc.net.300 IN CNAME cloud.linuxidc.net.
现在让我激活这三个网站:
- a2ensite defaultdefault-ssl roundcube
- service apache2 restart
关于网页邮件,可以通过网址来访问,基本上能工作。之后使用邮箱全名(例如)和在本文一开始在邮件服务器数据库里设定的密码登录。第一次连接成功,浏览器会警告说证书没有可靠机构的签名。这个没什么关系,只要添加一个例外即可。
最后但很重要的是,我们将通过把以下内容写入到/etc/apache2/sites-available/owncloud来为Owncloud创建一个虚拟主机。
-
mod_ssl.c> -
*:443> - ServerAdmin webmaster@localhost
- DocumentRoot /var/www/owncloud
- ServerName cloud.linuxidc.net
-
/> - Options FollowSymLinks
- AllowOverride None
-
/var/www/owncloud> - Options Indexes FollowSymLinks MultiViews
- AllowOverride All
- Order allow,deny
- allow from all
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
"/usr/lib/cgi-bin"> - AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
- ErrorLog ${APACHE_LOG_DIR}/error.log
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
- CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
- # do not allow unsecured connections
- # SSLRequireSSL
- SSLCipherSuite HIGH:MEDIUM
- SSLCertificateFile /etc/ssl/certs/cloud.crt
- SSLCertificateKeyFile /etc/ssl/private/cloud.key
-
"\.(cgi|shtml|phtml|php)$"> - SSLOptions +StdEnvVars
-
/usr/lib/cgi-bin> - SSLOptions +StdEnvVars
- BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # MSIE 7 and newer should be able to use keepalive
- BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
然后通过执行以下命令激活Owncloud:
- a2ensite owncloud
- service apache2 reload
之后通过在浏览器里打开链接配置一下Owncloud。
就这些了!现在你已经拥有自己的Google Drive,日程表,联系人,Dropbox,以及Gmail!好好享受下新鲜恢复保护的隐私吧!:-)