分类: LINUX
2009-09-11 23:09:10
用vi打开/etc/hosts:
vi /etc/hosts
内容大概类似于这样:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1
::1 localhost6.localdomain6 localhost6
一般情况下hosts文件的每行为一个主机,每行由三部份组成,每个部份由空格隔开。其中#号开头的行做说明,不被系统解释。
第一部份:网络IP地址;
第二部份:主机名或域名;
第三部份:主机名别名;
当然每行也可以是两部份,即主机IP地址和主机名;比如
192.168.1.100 myhost100。
这里可以稍微解释一下主机名(hostname)和域名(Domain)的区别:主机名通常在局域网内使用,通过hosts文件,主机名就被解析到对应ip;域名通常在internet上使用,但如果本机不想使用internet上的域名解析,这时就可以更改hosts文件,加入自己的域名解析。
(这一部分是可选的,之所以列在这里只是为了说明在第一次安装之后如何在CentOS上添加另外的IP)
假设已有网卡配置为eth0,那么相应的应该有一个这样的文件:/etc/sysconfig/network-scripts/ifcfg-eth0 。我们可以用这个文件作为基础进行修改:
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
相应的如果需要配置第二个ip那么就是ifcfg-eth0:1
然后编辑这个文件:
vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
内容大概如下:
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
一般来说只需要修改IPADDR就可以了。之后需要重启网络:
/etc/init.d/network restart
可能你也想修改一下/etc/hosts,不过这不是必需的步骤。
运行ifconfig就可以看到新配置的IP生效了。
对于服务器来说安全性是很重要的,关于如何配置iptables,你可以查看这篇文章:
http://www.ondev.net/post/show/749
这里就不再一一赘述了。
首先需要导入软件包的GPG Key:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
之后更新现有的一些软件:
yum update
然后安装一些比较有用的软件:
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++
Quota允许你设置用户的磁盘限额。所以如果你的服务器将来会有多个用户使用,安装Quota还是很有用的。
用root用户运行yum安装quota:
yum install quota
编辑/etc/fstab,对根目录(/)添加,usrquota,grpquota
vi /etc/fstab
编辑后的文件类似这样:
ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
之后运行如下命令:
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
之后运行如下命令:
chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
cp /usr/share/doc/bind-9.3.4/sample/var/named/named.local /var/named/chroot/var/named/named.local
cp /usr/share/doc/bind-9.3.4/sample/var/named/named.root /var/named/chroot/var/named/named.root
touch /var/named/chroot/etc/named.conf
chkconfig --levels 235 named on
/etc/init.d/named start
BIND会在/var/named/chroot/var/named/下运行,关于如何配置BIND可以查找相关文章。
用yum安装mysql:
yum install mysql mysql-devel mysql-server
然后用chkconfig使mysql可以开机自动运行:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
之后检查是否mysql已经在运行了:
netstat -tap | grep mysql
输出应该是类似于这样的:
[root@server1 named]# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 2497/mysqld
[root@server1 named]#
如果不是那么需要编辑/etc/my.cnf:
vi /etc/my.cnf
找到skip-networking然后注释掉或者删除掉:
#skip-networking
如果你需要特别设置mysql的字符集,也可以在/etc/my.cnf里面指定,首先找到[mysqld]在下面添加或者更改:
[mysql]
default-character-set=utf8
之后查找其他部分的default-character-set并且都设置成utf8(或者你需要的其他字符集)
重启mysqld:
/etc/init.d/mysqld restart
设置mysql中root的密码:
mysqladmin -u root password yourrootsqlpassword
如果你需要从另外的机器访问那么用类似以下指令:
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
现在安装Postfix以及Dovecot(Dovecot可以用作pop/imap服务器)。
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
现在配置SMTP-AUTH以及TLS(如果你的smtp服务器不需要认证可以跳过这一步),使用root用户:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8'
之后需要编辑/usr/lib/sasl2/smtpd.conf,64位CentOS上是/usr/lib64/sasl2/smtpd.conf:
vi /usr/lib/sasl2/smtpd.conf
将其中的内容编辑成类似如下的内容:
pwcheck_method: saslauthd
mech_list: plain login
之后创建TLS证书:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
之后对postfix配置TLS:
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
然后配置smtp服务器的域名:
postconf -e 'myhostname = server1.example.com'
把server1.example.com换成你的域名
之后检查一下你的配置,所有的配置都在/etc/postfix/main.cf中:
cat /etc/postfix/main.cf
其中的内容应该类似下面:
- queue_directory = /var/spool/postfix
- command_directory = /usr/sbin
- daemon_directory = /usr/libexec/postfix
- mail_owner = postfix
- inet_interfaces = all
- mydestination = $myhostname, localhost.$mydomain, localhost
- unknown_local_recipient_reject_code = 550
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- debug_peer_level = 2
- debugger_command =
- PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
- xxgdb $daemon_directory/$process_name $process_id & sleep 5
- sendmail_path = /usr/sbin/sendmail.postfix
- newaliases_path = /usr/bin/newaliases.postfix
- mailq_path = /usr/bin/mailq.postfix
- setgid_group = postdrop
- html_directory = no
- manpage_directory = /usr/share/man
- sample_directory = /usr/share/doc/postfix-2.3.3/samples
- readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
- smtpd_sasl_local_domain =
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_security_options = noanonymous
- broken_sasl_auth_clients = yes
- smtpd_sasl_authenticated_header = yes
- smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
- mynetworks = 127.0.0.0/8
- smtpd_tls_auth_only = no
- smtp_use_tls = yes
- smtpd_use_tls = yes
- smtp_tls_note_starttls_offer = yes
- smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
- smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
- smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
- smtpd_tls_loglevel = 1
- smtpd_tls_received_header = yes
- smtpd_tls_session_cache_timeout = 3600s
- tls_random_source = dev:/dev/urandom
- myhostname = server1.example.com
默认情况下,CentOS上Dovecot只用于IMAP服务器,如果你也想用它做pop服务器可以修改/etc/dovecot.conf.
将其中的protocols改成:
protocols = imap imaps pop3 pop3s
用vi打开配置文件:
vi /etc/dovecot.conf
其中的内容修改成类似这样的:
[...]
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to "none".
protocols = imap imaps pop3 pop3s
# IP or host address where to listen in for connections. It's not currently
# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4
# interfaces depending on the operating system.
[...]
配置MailDir
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart启动邮件服务器
启动postfix,saslauthd以及dovecot:
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start
之后验证是否smtp服务器已经开始运行:
telnet localhost 25
连接上以后打这个命令:
ehlo localhost
如果postfix已经正常启动应该看到这样一行字:
250-STARTTLS
以及:
250-AUTH PLAIN LOGIN
然后打入:
quit
退出这次连接。
Apache2以及PHP,Ruby,Python
现在我们开始安装apache和php:
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
编辑/etc/httpd/conf/httpd.conf:
vi /etc/httpd/conf/httpd.conf
然后改变DirectoryIndex:
[...]
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl
[...]
将apache注册为启动的服务:chkconfig --levels 235 httpd on
启动apache:
/etc/init.d/httpd start
安装mod_ruby
CentOS 5.3上没有mod_ruby,所以如果你要使用ruby必须自己编译安装mod_ruby。首先需要安装一些软件包:yum install httpd-devel ruby ruby-devel
然后下载安装mod_ruby:
cd /tmp
wget
tar zxvf mod_ruby-1.3.0.tar.gz
cd mod_ruby-1.3.0/
./configure.rb --with-apr-includes=/usr/include/apr-1
make
make install最后把mod_ruby加入apache配置中,在/etc/httpd/conf.d中新建ruby.conf:
vi /etc/httpd/conf.d/ruby.conf
加入这一行以后保存:LoadModule ruby_module modules/mod_ruby.so
重启Apache:/etc/init.d/httpd restart
安装mod_python
用yum安装mod_python:
yum install mod_python
重启apache:
/etc/init.d/httpd restart
安装FTP服务器
可以安装vsftpd用作ftp服务器:
yum install vsftpd
启动ftp服务器:
service vsftpd start
之后如果要验证ftp服务器是否在运行用ftp命令:
ftp localhost
按照提示输入anonymous和一个email作为用户名即可登陆
