Chinaunix首页 | 论坛 | 博客
  • 博客访问: 7171385
  • 博文数量: 3857
  • 博客积分: 6409
  • 博客等级: 准将
  • 技术积分: 15948
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-02 16:48
个人简介

迷彩 潜伏 隐蔽 伪装

文章分类

全部博文(3857)

文章存档

2017年(5)

2016年(63)

2015年(927)

2014年(677)

2013年(807)

2012年(1241)

2011年(67)

2010年(7)

2009年(36)

2008年(28)

分类: 系统运维

2015-03-26 16:19:57

权威指南:构建个人私有云,拿回你的数据隐私的控制权!

[日期:2015-03-26] 来源:Linux中国  作者:Linux [字体:  ]

使用Owncloud提供日历,联系人,文件服务并通过Roundcube配置网页邮件

既然我们已经拥有了一流的邮件服务器,让我们再为它增加在云上保存通讯录,日程表和文件的能力。这些是所提供的非常赞的服务。在这个弄好后,我们还会设置一个网页邮件,这样就算你没带任何电子设备出去旅行时,或者说在你的手机或笔记本没电的情况下,也可以通过网吧来检查邮件。

安装Owncloud非常直观,而且在有非常好的介绍。在Debian系统里,归根结底就是把owncloud的仓库添加到apt源里,下载Owncloud的发行密钥并安装到apt钥匙链中,然后通过apt-get安装Owncloud:

  1. echo 'deb /'>>/etc/apt/sources.list.d/owncloud.list
  2. wget http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_6.0/Release.key
  3. apt-key add -<Release.key
  4. apt-get update
  5. apt-get install apache2 owncloud roundcube

在有提示的时候,选择dbconfig并设置roundcube使用mysql。然后,提供一下mysql的root密码并为roundcube的mysql用户设置一个漂亮的密码。然后,按如下方式编辑roundcube的配置文件/etc/roundcube/main.inc.php,这样登录roundcube默认会使用你的IMAP服务器:

  1. $rcmail_config['default_host']='ssl://localhost';
  2. $rcmail_config['default_port']=993;

现在我们来配置一下apache2网页服务器增加SSL支持,这样我们可以和Owncloud和Roundcube对话时使用加密的方式传输我们的密码和数据。让我们打开Apache的SSL模块:

  1. a2enmod ssl

然后编辑文件/etc/apache2/ports.conf并设定以下参数:

  1. NameVirtualHost*:80
    Listen80
    ServerName
    <IfModule mod_ssl.c>
  2. # If you add NameVirtualHost *:443 here, you will also have to change
  3. # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
  4. # to
  5. # Server Name Indication for SSL named virtual hosts is currently not
  6. # supported by MSIE on Windows XP.
  7. NameVirtualHost*:443
  8. Listen443
  9. IfModule>
  10. <IfModule mod_gnutls.c>
  11. Listen443
  12. IfModule>

我们将在目录/var/www下为服务器加密连接设定一个默认网站。编辑文件/etc/apache2/sites-available/default-ssl

  1.  _default_:443>
  2. ServerAdmin webmaster@localhost
  3. DocumentRoot /var/www
  4. ServerName
  5. [...]
  6. /var/www/owncloud>
  7. Deny from all
  8. [...]
  9. SSLCertificateFile /etc/ssl/certs/cloud.crt
  10. SSLCertificateKeyFile /etc/ssl/private/cloud.key
  11. [...]

然后让我们同时也在目录/var/www下设定一个非加密连接的默认网站。编辑文件/etc/apache2/sites-available/default

  1.  _default_:443>
  2. DocumentRoot /var/www
  3. ServerName
  4. [...]
  5. /var/www/owncloud>
  6. Deny from all

这样的话,我们通过把文件放到/var/www目录下让使用它们提供网站服务。名叫'Deny from all'的指令可以阻止通过访问Owncloud:我们将设定通过来正常访问。

现在我们将设定网页邮件(roundcube),让它可以通过网址来访问。编辑文件/etc/apache2/sites-available/roundcube并写入以下内容:

  1. mod_ssl.c>
  2.  *:443>
  3. ServerAdmin webmaster@localhost
  4. DocumentRoot /var/lib/roundcube
  5. # The host name under which you'd like to access the webmail
  6. ServerName webmail.linuxidc.net
  7. />
  8. Options FollowSymLinks
  9. AllowOverride None
  10. ErrorLog ${APACHE_LOG_DIR}/error.log
  11. # Possible values include: debug, info, notice, warn, error, crit,
  12. # alert, emerg.
  13. LogLevel warn
  14. CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
  15. # SSL Engine Switch:
  16. # Enable/Disable SSL for this virtual host.
  17. SSLEngine on
  18. # do not allow unsecured connections
  19. # SSLRequireSSL
  20. SSLCipherSuite HIGH:MEDIUM
  21. # A self-signed (snakeoil) certificate can be created by installing
  22. # the ssl-cert package. See
  23. # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
  24. # If both key and certificate are stored in the same file, only the
  25. # SSLCertificateFile directive is needed.
  26. SSLCertificateFile /etc/ssl/certs/cloud.crt
  27. SSLCertificateKeyFile /etc/ssl/private/cloud.key
  28. # Those aliases do not work properly with several hosts on your apache server
  29. # Uncomment them to use it or adapt them to your configuration
  30. Alias /program/js/tiny_mce/ /usr/share/tinymce/www/
  31. # Access to tinymce files
  32. "/usr/share/tinymce/www/">
  33. Options Indexes MultiViews FollowSymLinks
  34. AllowOverride None
  35. Order allow,deny
  36. allow from all
  37. /var/lib/roundcube/>
  38. Options +FollowSymLinks
  39. # This is needed to parse /var/lib/roundcube/.htaccess. See its
  40. # content before setting AllowOverride to None.
  41. AllowOverride All
  42. order allow,deny
  43. allow from all
  44. # Protecting basic directories:
  45. /var/lib/roundcube/config>
  46. Options -FollowSymLinks
  47. AllowOverride None
  48. /var/lib/roundcube/temp>
  49. Options -FollowSymLinks
  50. AllowOverride None
  51. Order allow,deny
  52. Deny from all
  53. /var/lib/roundcube/logs>
  54. Options -FollowSymLinks
  55. AllowOverride None
  56. Order allow,deny
  57. Deny from all
  58. "\.(cgi|shtml|phtml|php)$">
  59. SSLOptions +StdEnvVars
  60. /usr/lib/cgi-bin>
  61. SSLOptions +StdEnvVars
  62. # SSL Protocol Adjustments:
  63. # The safe and default but still SSL/TLS standard compliant shutdown
  64. # approach is that mod_ssl sends the close notify alert but doesn't wait for
  65. # the close notify alert from client. When you need a different shutdown
  66. # approach you can use one of the following variables:
  67. # o ssl-unclean-shutdown:
  68. # This forces an unclean shutdown when the connection is closed, i.e. no
  69. # SSL close notify alert is send or allowed to received. This violates
  70. # the SSL/TLS standard but is needed for some brain-dead browsers. Use
  71. # this when you receive I/O errors because of the standard approach where
  72. # mod_ssl sends the close notify alert.
  73. # o ssl-accurate-shutdown:
  74. # This forces an accurate shutdown when the connection is closed, i.e. a
  75. # SSL close notify alert is send and mod_ssl waits for the close notify
  76. # alert of the client. This is 100% SSL/TLS standard compliant, but in
  77. # practice often causes hanging connections with brain-dead browsers. Use
  78. # this only for browsers where you know that their SSL implementation
  79. # works correctly.
  80. # Notice: Most problems of broken clients are also related to the HTTP
  81. # keep-alive facility, so you usually additionally want to disable
  82. # keep-alive for those clients, too. Use variable "nokeepalive" for this.
  83. # Similarly, one has to force some clients to use HTTP/1.0 to workaround
  84. # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
  85. # "force-response-1.0" for this.
  86. BrowserMatch "MSIE [2-6]" \
  87. nokeepalive ssl-unclean-shutdown \
  88. downgrade-1.0 force-response-1.0
  89. # MSIE 7 and newer should be able to use keepalive
  90. BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

然后在你的DNS服务商那里声明一下服务器,例如:

  1. webmail.linuxidc.net.300 IN CNAME cloud.linuxidc.net.

现在让我激活这三个网站:

  1. a2ensite defaultdefault-ssl roundcube
  2. service apache2 restart

关于网页邮件,可以通过网址来访问,基本上能工作。之后使用邮箱全名(例如)和在本文一开始在邮件服务器数据库里设定的密码登录。第一次连接成功,浏览器会警告说证书没有可靠机构的签名。这个没什么关系,只要添加一个例外即可。

最后但很重要的是,我们将通过把以下内容写入到/etc/apache2/sites-available/owncloud来为Owncloud创建一个虚拟主机。

  1. mod_ssl.c>
  2.  *:443>
  3. ServerAdmin webmaster@localhost
  4. DocumentRoot /var/www/owncloud
  5. ServerName cloud.linuxidc.net
  6. />
  7. Options FollowSymLinks
  8. AllowOverride None
  9. /var/www/owncloud>
  10. Options Indexes FollowSymLinks MultiViews
  11. AllowOverride All
  12. Order allow,deny
  13. allow from all
  14. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  15. "/usr/lib/cgi-bin">
  16. AllowOverride None
  17. Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  18. Order allow,deny
  19. Allow from all
  20. ErrorLog ${APACHE_LOG_DIR}/error.log
  21. # Possible values include: debug, info, notice, warn, error, crit,
  22. # alert, emerg.
  23. LogLevel warn
  24. CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
  25. # SSL Engine Switch:
  26. # Enable/Disable SSL for this virtual host.
  27. SSLEngine on
  28. # do not allow unsecured connections
  29. # SSLRequireSSL
  30. SSLCipherSuite HIGH:MEDIUM
  31. SSLCertificateFile /etc/ssl/certs/cloud.crt
  32. SSLCertificateKeyFile /etc/ssl/private/cloud.key
  33. "\.(cgi|shtml|phtml|php)$">
  34. SSLOptions +StdEnvVars
  35. /usr/lib/cgi-bin>
  36. SSLOptions +StdEnvVars
  37. BrowserMatch "MSIE [2-6]" \
  38. nokeepalive ssl-unclean-shutdown \
  39. downgrade-1.0 force-response-1.0
  40. # MSIE 7 and newer should be able to use keepalive
  41. BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

然后通过执行以下命令激活Owncloud:

  1. a2ensite owncloud
  2. service apache2 reload

之后通过在浏览器里打开链接配置一下Owncloud。

就这些了!现在你已经拥有自己的Google Drive,日程表,联系人,Dropbox,以及Gmail!好好享受下新鲜恢复保护的隐私吧!:-)

阅读(699) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~