摘要:详细介绍了Debian Sarge (Debian 3.1) 配置虚拟主机需要的服务,包括DNS服务器,MySQL服务器,Mail服务器,Web服务器,FTP服务器,以及磁盘限额。(虽然是收集整理的资料,但是每一步都经亲自试验成功后才拿出来分享的,主要适用于全新安装服务器,完全安装顺序执行这些操作就行了。)
安装基本系统
linux26 netcfg/disable_dhcp=true
安装基本系统的过程设置主机名server1,域名example.com,网关和域名服务器;不要配置Exim。
安装/删除一些软件
apt-get install bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx
fileutils
apt-get remove lpr nfs-common portmap pidentd pppoe pppoeconf ppp pppconfig
update-rc.d -f exim remove
update-inetd --remove daytime (telnet / time / finger / talk / ntalk / ftp / discard)
重新加载inetd服务:/etc/init.d/inetd reload
☆磁盘限额quota 3.12
apt-get install quota quotatool
编辑/etc/fstab,增加userquota,grpquota给root分区:
| 引用: |
#
/dev/hda1 / reiserfs defaults,usrquota,grpquota 0 1 |
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck –avugm
quotaon -avug
☆DNS服务器bind 9.2.4
apt-get install bind9
编辑/etc/bind/named.conf.local,添加:
| 引用: |
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.0";
allow-update { none; };
}; |
/etc/bind/db.example.com
| 引用: |
$TTL 38400
@ IN SOA example.com. root.example.com. (
2006060101
10800
3600
604800
38400 )
@ IN NS example.com.
@ IN MX 10 mail.example.com.
@ IN A 192.168.0.100
server1 IN A 192.168.0.100
www IN CNAME server1.example.com.
mail IN CNAME server1.example.com. |
/etc/bind/db.192.168.0
| 引用: |
$TTL 38400
@ IN SOA example.com. root.example.com. (
2006060101
10800
3600
604800
38400 )
@ IN NS example.com.
100 IN PTR example.com.
100 IN PTR server1.example.com. |
以chroot方式运行BIND。停止服务:/etc/init.d/bind9 stop
编辑/etc/default/bind9,修改:
OPTIONS="-u bind -t /var/lib/named"
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
编辑/etc/init.d/sysklogd,修改:
SYSLOGD="-a /var/lib/named/dev/log"
重启日志服务:/etc/init.d/sysklogd restart
启动bind,如果有错误可以查看/var/log/syslog:/etc/init.d/bind9 start
/etc/resolv.conf
search example.com
nameserver 192.168.0.100
检查bind是否工作正常
rndc status
named-checkzone example.com /etc/bind/db.example.com
nslookup
set all -> server1.example.com或example.com
set q=any -> example.com
set q=ptr -> 192.168.0.100
set type=txt -> set class=chaos -> version.bind -> exit
☆MySQL 4.0.24
apt-get install mysql-server mysql-client libmysqlclient12-dev
mysqladmin -u root password xxxxxx
运行netstat -tap,应该看到类似于下面的一行
tcp 0 0 localhost.localdo:mysql *:* LISTEN 3192/mysqld
重启MySQL:/etc/init.d/mysql restart
☆Postfix 2.1.5
apt-get install postfix postfix-mysql postfix-doc courier-authdaemon courier-authmysql courier-pop courier-pop-ssl courier-imap
courier-imap-ssl postfix-tls libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin
mysqladmin -u root -p create provider
mysql -u root -p
grant select,insert,update,delete on provider.* to provider_admin@localhost identified by 'xxxxxx';
grant select,insert,update,delete on provider.* to identified by 'xxxxxx';
flush privileges;
use provider;
create table domains (domain varchar(50) not null, primary key (domain) ) type=myisam;
create table forwardings (source varchar(80) not null, destination text not null, primary key (source) ) type=myisam;
create table users (email varchar(80) not null, password varchar(20) not null, primary key (email) ) type=myisam;
insert into `domains` (`domain`) values ('example.com');
insert into `users` (`email`,`password`) values ('username@example.com','xxxxxx');
mysql-virtual_domains.cf
| 引用: |
user = provider_admin
password = xxxxxx
dbname = provider
table = domains
select_field = 'virtual'
where_field = domain
hosts = 127.0.0.1 |
mysql-virtual_forwardings.cf
| 引用: |
user = provider_admin
password = xxxxxx
dbname = provider
table = forwardings
select_field = destination
where_field = source
hosts = 127.0.0.1 |
mysql-virtual_email2email.cf
| 引用: |
user = provider_admin
password = xxxxxx
dbname = provider
table = users
select_field = email
where_field = email
hosts = 127.0.0.1 |
mysql-virtual_mailboxes.cf
| 引用: |
user = provider_admin
password = xxxxxx
dbname = provider
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1 |
chgrp postfix /etc/postfix/mysql-virtual_*.cf
chmod u=rw,g=r,o= /etc/postfix/mysql-virtual_*.cf
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m
/etc/postfix/main.cf
| 引用: |
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key |
/etc/postfix/sasl/smtpd.conf
| 引用: |
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: provider_admin
sql_passwd: xxxxxx
sql_database: provider
sql_select: select password from users where email='%u@%r' |
chown root:postfix /etc/postfix/sasl/smtpd.conf
chmod u=rw,g=r,o= /etc/postfix/sasl/smtpd.conf
openssl req -new -outform PEM -out /etc/postfix/smtpd.cert -newkey rsa:2048
-nodes -keyout /etc/postfix/smtpd.key -keyform PEM -days 3650 -x509
chmod u=rw,g=r,o= /etc/postfix/smtpd.key
chown root:postfix /etc/postfix/smtpd.key
/etc/courier/authdaemonrc
| 引用: |
| authmodulelist="authmysql" |
/etc/courier/authmysqlrc
| 引用: |
MYSQL_SERVER localhost
MYSQL_USERNAME provider_admin
MYSQL_PASSWORD xxxxxx
MYSQL_PORT 0
MYSQL_DATABASE provider
MYSQL_USER_TABLE users
#MYSQL_CRYPT_PWFIELD (comment this out)
MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD (comment this out) |
/etc/init.d/courier-authdaemon restart
重启Postfix:/etc/init.d/postfix restart
☆Apache 2.0.54/PHP 4.3.10
apt-get install apache2 apache2-doc
apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd
php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick
编辑/etc/php4/apache2/php.ini,修改:
| 引用: |
display_errors = off
disable_functions = phpinfo, get_cfg_var |
编辑/etc/apache2/apache2.conf,修改:
| 引用: |
AddDefaultCharset off
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.pl index.xhtml |
激活SSL, rewrite, deflate模块
echo 'Listen 443' >> /etc/apache2/ports.conf
a2enmod ssl (rewrite / deflate)
apache2-ssl-certificate
重启Apache:/etc/init.d/apache2 restart
PHPMyAdmin 2.6.2/SquirrelMail 1 .4.4
apt-get install phpmyadmin squirrelmail
/usr/sbin/squirrelmail-configure
ln –s /usr/share/squirrelmail /var/www/webmail
编辑/etc/apache2/httpd.conf:
| 引用: |
NameVirtualHost *:80
NameVirtualHost *:443
ServerName
ServerAlias example.com
DocumentRoot /var/www/
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
ErrorLog "|/usr/sbin/rotatelogs /var/log/apache2/ 604800"
CustomLog "|/usr/sbin/rotatelogs /var/log/apache2/ 604800" combined
ServerName mail.example.com
DocumentRoot /var/www/webmail
ErrorLog /var/log/apache2/mail.example.com_error.log
CustomLog /var/log/apache2/mail.example.com_access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
|
☆ProFTPd 1.2.10 + MySQL认证
apt-get install proftpd-mysql
groupadd -g 5500 ftpgroup
useradd -u 5500 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser
CREATE DATABASE `proftpd`;
GRANT select, insert, update, delete on proftpd_admin@localhost IDENTIFIED BY 'xxxxxx';
USE proftpd;
CREATE TABLE `ftpgroup` (
`groupname` varchar(16) NOT NULL default '',
`gid` smallint(6) NOT NULL default '5500',
`members` varchar(16) NOT NULL default '',
KEY `groupname` (`groupname`)
) TYPE=MyISAM;
INSERT INTO 'ftpgroup' VALUES ('ftpgroup',5500, 'ftpuser');
CREATE TABLE `ftpuser` (
`id` int(10) unsigned NOT NULL auto_increment,
`userid` varchar(32) NOT NULL default '',
`passwd` varchar(32) NOT NULL default '',
`uid` smallint(6) NOT NULL default '5500',
`gid` smallint(6) NOT NULL default '5500',
`homedir` varchar(255) NOT NULL default '',
`shell` varchar(16) NOT NULL default '/bin/false',
`count` int(11) NOT NULL default '0',
`accessed` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`LoginAllowed` enum('true','false') NOT NULL default 'true',
PRIMARY KEY (`id`)
) TYPE=MyISAM;
INSERT INTO ftpuser (userid,passwd,uid,gid,homedir,shell) VALUES ('username','xxxxxx',5500,5500,'/home/username', '/sbin/nologin');
CREATE TABLE `ftpquotalimits` (
`name` varchar(30) default NULL,
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`par_session` enum('false','true') NOT NULL default 'false',
`limit_type` enum('soft','hard') NOT NULL default 'soft',
`bytes_up_limit` float NOT NULL default '0',
`bytes_down_limit` float NOT NULL default '0',
`bytes_transfer_limit` float NOT NULL default '0',
`files_up_limit` int(10) unsigned NOT NULL default '0',
`files_down_limit` int(10) unsigned NOT NULL default '0',
`files_transfer_limit` int(10) unsigned NOT NULL default '0'
) TYPE=MyISAM;
INSERT INTO ftpquotalimits VALUES ('testuser','user','false','soft','104857600','0','0','0','0','0');
CREATE TABLE `ftpquotatotal` (
`name` varchar(30) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`bytes_up_total` float NOT NULL default '0',
`bytes_down_total` float NOT NULL default '0',
`bytes_transfer_total` float NOT NULL default '0',
`files_up_total` int(10) unsigned NOT NULL default '0',
`files_down_total` int(10) unsigned NOT NULL default '0',
`files_transfer_total` int(10) unsigned NOT NULL default '0'
) TYPE=MyISAM;
编辑/etc/proftpd.conf:
| 引用: |
SQLAuthTypes Plaintext
SQLAuthenticate users groups
SQLConnectInfo proftpd@localhost proftpd_admin xxxxxx
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLUserWhereClause "LoginAllowed = 'true'"
SQLGroupInfo ftpgroup groupname gid members
SQLHomedirOnDemand on
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, par_session, limit_type, bytes_up_limit, bytes_down_limit, bytes_transfer_
limit, files_up_limit, files_down_limit, files_transfer_limit FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_up_total, bytes_down_total, bytes_transfer_total, files_up_total, files
_down_total, files_transfer_total FROM ftpquotatotal WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_up_total = bytes_up_total + %{0}, bytes_down_total = bytes_down_total + %{1}, bytes_transfer_total = bytes_transfer_total + %{2}, files_up_total = files_up_total + %{3}, files_down_total = files_down_total + %{4}, files_transfer_total = files_transfer_total + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatotal
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatotal
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
DefaultRoot ~
RootLogin off
RequireValidShell off
SQLLogFile /var/log/proftpd.mysql.log
LogFormat auth "%v [%P] %h %t "%r" %s"
ExtendedLog /var/log/proftpd.auth.log AUTH auth
LogFormat write "%h %l %u %t "%r" %s %b"
ExtendedLog /var/log/proftpd.access.log WRITE,READ write |
原文链接:
