1,安装mysql
cd /usr/ports/database/mysql51-server
make install clean
2,安装lighttpd
cd /usr/ports/www/lighttpd
make install clean
(默认选项)
3,安装php5
cd /usr/ports/lang/php5
make install clean
(默认选项)
4,安装php5-extensions
cd /usr/ports/lang/php5-extensions
make install clean
增加GD,MBSTRING,MCRYPT,MYSQL,MYSQLI
5,配置lighttpd
vi /usr/local/etc/lighttpd.conf
取消需要用到模块的注释,mod_rewrite,mod_access,mod_fastcgi,
mod_simple_vhost,mod_cgi,mod_compress,mod_accesslog
取消fastcgi.server的注释
fastcgi.server = ( “.php” =>
( “localhost” =>
(
“socket” => “/var/run/lighttpd/php-fastcgi.socket”,
“bin-path” => “/usr/local/bin/php-cgi”
)
)
)
另:
touch /var/log/lighttpd.access.log
touch /var/log/lighttpd.error.log
mkdir /var/run/lighttpd
chown -R www:www /var/run/lighttpd
chown www:www /var/log/lighttpd.access.log
chown www:www /var/log/lighttpd.error.log
6,启动lighttpd和mysql
vi /etc/rc.conf
增加
mysql_enable=”YES”
lighttpd_enable=”YES”
执行
/usr/local/etc/rc.d/lighttpd start
/usr/local/etc/rc.d/mysql start
十二月 15th, 2009
FreeBSD7.2下Lighttpd+PHP+Mysql安装配置笔记
1 Comment, FreeBSD, MySQL, PHP, by garey, 9,782 views.ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/garey/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/garey/.ssh/id_rsa.
Your public key has been saved in /home/garey/.ssh/id_rsa.pub.
The key fingerprint is:
57:57:65:2e:29:05:dd:23:37:b1:39:28:8b:93:f5:3a garey@test.bsdart.org
The key’s randomart image is:
+–[ RSA 2048]—-+
| .o.o*|
| ooO+|
| oo.*++|
| +.+o ..|
| S+.. . |
| .. . |
| E |
| . |
| |
+—————–+
cd .ssh/
cp id_rsa.pub authorized_keys
vi /etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
或者
UsePAM no
/etc/rc.d/sshd restart
将私钥id_rsa下载到本地,ssh客户端使用即可。
putty需要用PUTTYGEN.EXE把私钥转换一下才能使用。
昨天raymond把ipfw编进内核,结果一重启,默认策略把自己挡在门外。
今天把策略重新作了详细研究,再重新编辑了策略。
vi /etc/rc.conf
新增
firewall_enable=”YES”
firewall_type=”UNKNOWN”
firewall_script=”/etc/ipfw.rules”
vi /etc/ipfw.rules
#!/bin/sh
oif=”em0″
iif=”em1″
fwcmd=”/sbin/ipfw -q add”
valid_tcpport=”22,25,53,80,110,465,995″
valid_udpport=”53″
/sbin/ipfw -q -f flush
$fwcmd 00010 check-state
$fwcmd 00020 allow all from any to any via $iif
$fwcmd 00030 allow all from any to any via lo0
$fwcmd 00040 allow all from any to any out via $oif keep-state
$fwcmd 10000 allow tcp from any to me $valid_tcpport in via $oif setup keep-state
$fwcmd 10001 allow udp from any to me $valid_udpport in via $oif keep-state
再执行:sh /etc/ipfw.rules
虽然就这么简单几句,有一丁点错误都可能把自己关门外。
在网上搜了很多关于postfix+mysql的帖子,发现Extmail做的很好,只是本人要用的系统是FreeBSD 7.2,而Extmail For FreeBSD安装手册不是用的mysql,本人结合Extmail For Linux安装手册,成功安装了一套邮件系统(FreeBSD+Postfix+MySQL+Extman)。
一、创建帐号
增加一个存储邮件的帐号和组(vmail)
执行如下命令
pw group add vmail -g 1000
pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null
二、mysql的安装和配置
cd /usr/ports/database/mysql51-server
make install clean
编辑/etc/rc.conf
mysql_enable=”YES”
三、ExtMan的安装
由于在安装过程中要使用ExtMan里面带的文件,因此在此先安装ExtMan。安装时需要选择MySQL支持。
cd /usr/ports/mail/extman/ && make install clean
数据库初始化
mysql -u root -p < /usr/local/www/extman/docs/extmail.sql
mysql -u root -p < /usr/local/www/extman/docs/init.sql
四、安装配置courier-imap POP3/IMAP
Courier-imap的安装
安装时选择:
TRASHQUOTA
AUTH_MYSQL
cd /usr/ports/mail/courier-imap/ && make install clean
Authlib的配置
编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下:
authmodulelist=”authmysql”
authmodulelistorig=”authmysql”
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS=”wbnodsn=1″
LOGGEROPTS=”"
增加/var/run/authdaemond的执行权限,在FreeBSD系统下,其他用户默认没有执行权限
chmod +x /var/run/authdaemond
编辑/usr/local/etc/authlib/authmysqlrc文件,内容类似如下:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,”",uidnumber,gidnumber,
CONCAT(‘/home/domains/’,homedir),
CONCAT(‘/home/domains/’,maildir),
quota,
name
FROM mailbox
WHERE username = ‘$(local_part)@$(domain)’
配置支持POP3s
拷贝一份配置文件
cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下:
RANDFILE = /usr/local/share/courier-imap/pop3d.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=SH
L=Shang Hai
O=Bsdart
OU=Esdart
CN=bsdartbsdart.org
emailAddress=garey.ding@gmail.com
[ cert_type ]
nsCertType = server
执行如下命令产生供POP3s使用的证书
/usr/local/sbin/mkpop3dcert
配置自动启动
编辑/etc/rc.conf文件,添加如下行:
courier_authdaemond_enable=”YES”
courier_imap_pop3d_enable=”YES”
courier_imap_pop3d_ssl_enable=”YES”
五、Postfix的安装和配置-MTA
安装postfix
安装时选择:
PCRE
SASL2
TLS
MYSQL
VDA
TEST
cd /usr/ports/mail/postfix/ && make install clean
配置postfix
编辑/etc/rc.conf,增加如下一行
sendmail_enable=”NO”
postfix_enable=”YES”
编辑/etc/aliases,确保有如下一行
postfix: root
替换掉系统带的sendmail程序
编辑/etc/mail/mailer.conf,修改:
sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
hoststat /usr/local/sbin/sendmail
purgestat /usr/local/sbin/sendmail
编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。
daily_clean_hoststat_enable=”NO”
daily_status_mail_rejects_enable=”NO”
daily_status_include_submit_mailq=”NO”
daily_submit_queuerun=”NO”
执行如下命令
postalias /etc/aliases
chown postfix:postfix /etc/opiekeys
编辑/usr/local/etc/postfix/main.cf
增加
mynetworks = 127.0.0.0/8
mydomain = bsdart.org
myhostname = mail.bsdart.org
myorigin = $mydomain
mail_name = Postfix – by bsdart.org
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_error_sleep_time = 0s
unknown_local_recipient_reject_code = 450
virtual_mailbox_base = /home/domains
virtual_uid_maps=static:1000
virtual_gid_maps=static:1000
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
SMTP认证设置
编辑/usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
#smtpd_sasl_local_domain = $myhostname
postfix反垃圾设置
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access
smtpd_helo_restrictions = reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain
smtpd_data_restrictions = reject_unauth_pipelining
header_checks = regexp:/usr/local/etc/postfix/head_checks
body_checks = regexp:/usr/local/etc/postfix/body_checks
TLS设置
生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。
mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo “01″ > serial
touch index.txt
cp /usr/src/crypto/openssl/apps/openssl.cnf .
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:SH
Locality Name (eg, city) []:Shang Hai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bsdart
Organizational Unit Name (eg, section) []:bsdart
Common Name (eg, YOUR name) []:bsdart.org
Email Address []:garey.ding@gmail.com
命令如下:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0
配置postfix支持TLS
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 0
smtpd_starttls_timeout = 60s
配置master.cf,添加如下信息
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
六、Maildrop的安装和配置-MDA
安装maildrop
安装时选择mysql
cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean
修改master.cf
修改master.cf的maildrop,类似修改为:
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}
编辑/usr/local/etc/postfix/main.cf
增加
virtual_transport=maildrop:
maildrop_destination_concurrency_limit=1
maildrop_destination_recipient_limit=1
编辑文件/usr/local/etc/maildroprc
确保是如下内容:
logfile “/var/log/maildrop.log”
TEST=”/bin/test -f”
#
# Check for custom user .mailfilter file
#
CUSTOM_FILTER=”$HOME/.mailfilter”
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
to “$HOME/Maildir”
}
touch /var/log/maildrop.log
chmod vmail:vmail /var/log/maildrop.log
七、安装配置Apache
安装apache
cd /usr/ports/www/apache22/ &&make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www install clean
配置/etc/rc.conf
添加如下一行
apache22_enable=”YES”
虚拟主机配置
编辑/usr/local/etc/apache22/Includes/extmail.conf
NameVirtualHost *:80
ServerName mail.extmail.org
DocumentRoot /usr/local/www/extman/html/
ScriptAlias /extman/cgi “/usr/local/www/extman/cgi/”
Alias /extman “/usr/local/www/extman/html/”
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
AllowOverride None
Options None
Order allow,deny
Allow from all
SuexecUserGroup vmail vmail
八、配置ExtMan
配置extman
编辑/usr/local/www/extman/webman.cf,修改对应的参数如下
SYS_CONFIG = /usr/local/www/extman/
SYS_LANGDIR = /usr/local/www/extman/lang
SYS_TEMPLDIR = /usr/local/www/extman/html
SYS_MAILDIR_BASE = /home/domains
SYS_SESS_DIR = /var/tmp/extman/
SYS_PSIZE = 50
SYS_LANG = zh_CN
SYS_DEFAULT_MAXQUOTA = 10000
SYS_DEFAULT_MAXALIAS = 10000
SYS_DEFAULT_MAXUSERS = 1000
SYS_DEFAULT_MAXNDQUOTA = 100
SYS_BACKEND_TYPE = mysql
SYS_CRYPT_TYPE = md5crypt
SYS_MYSQL_USER = extman
SYS_MYSQL_PASS = extman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
SYS_MYSQL_TABLE = manager
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_PASSWD = password
其他设置
执行如下命令
mkdir /var/tmp/extman/
chown –R vmail:vmail /var/tmp/extman/
chmod 700 /var/tmp/extman/
chmod 600 /usr/local/www/extman/webman.cf
unlink /usr/local/www/extman/libs/HTML/KTemplate.pm
cp /usr/local/www/extmail/libs/HTML/KTemplate.pm /usr/local/www/extman/libs/HTML/
配置图形日志
安装依赖软件
cd /usr/ports/databases/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean
安装mailgraph_ext
cp -Rfp /usr/local/www/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
之后使用root@extmail.org登录Extman后台管理控制台,新建自己需要的bsdart.org域,并建立帐号和别名。
之后就可以用建立好的帐号使用pop3,pop3s,smtp,smtps登录了。
当BIND设置好后,启动的时候总是报如下错误:
Jul 9 14:08:31 file named[32501]: the working directory is not writable
直接修改/etc/namedb目录的权限,在重启BIND之后权限还会恢复过来,问题依旧。在网上搜索之后,得到如下解决办法。
It is what’s called “programmer inflected useless warnings”.
The directory option is used for 2 things:
- The working directory for named
- The base directory for relative path references
For some reason named finds it worth mentioning that it can’t write anything in this directory since a few releases. Conventional setups have not written in the named base dir for decades, but all of a sudden it’s important to spit into logfiles.
If you really want this message to go away, you will need to change the directory option, like:
options {
// Paths
directory “/etc/namedb/letskeepthisdirwriteable”;
}
As a result all your relative path references need to be rewritten, like:
zone “.” {
type slave;
file “../slave/root.slave”;
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
I found it better to just ignore this warning.
FreeBSD系统自带BIND软件,我们编辑/etc/namedb/named.conf即可设置BIND。
把默认的named.conf作个备份
cp /etc/namedb/named.conf /etc/namedb/named.conf.default
修改named.conf
options选项增加
allow-query { any; };
recursion no; // 不提供递归服务
去掉
listen-on { 127.0.0.1; };
域名记录增加
zone “bsdartbsdart.org” {
type master;
file “bsdart/bsdart.org.db”;
};
zone “23.51.210.in-addr.arpa” {
type master;
file “bsdart/bsdart.org.rev”;
};
新建bsdart目录
mkdir /etc/namedb/bsdart
chown -R bind:wheel /etc/namedb/bsdart
cd /etc/namedb/bsdart
vi bsdart.org.db
$TTL 3600
bsdart.org. IN SOA dns.bsdart.org. admin.bsdart.org. (
2009070901 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
300 ) ; Negative Reponse TTL
; DNS Servers
IN NS dns.bsdart.org.
; MX Records
IN MX 10 mail.bsdart.org.
IN A 210.51.23.23
; Machine Names
localhost IN A 127.0.0.1
mail IN A 210.51.23.23
dns IN A 210.51.23.23
; Aliases
www IN CNAME bsdart.org.
vi bsdart.org.rev
$TTL 3600
23.51.210.in-addr.arpa. IN SOA dns.bsdart.org. admin.bsdart.org. (
2009070901 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
300 ) ; Negative Reponse TTL
IN NS dns.bsdart.org.
23 IN PTR mail.bsdart.org.
vi /etc/rc.conf
新增
named_enable=”YES”