QQ登录

只需一步,快速开始

 找回密码
 注册

QQ登录

只需一步,快速开始

查看: 3643|回复: 2

Debian虚拟主机学习笔记

[复制链接]
发表于 2006-6-12 22:33:51 | 显示全部楼层 |阅读模式
摘要:详细介绍了Debian Sarge (Debian 3.1) 配置虚拟主机需要的服务,包括DNS服务器,MySQL服务器,Mail服务器,Web服务器,FTP服务器,以及磁盘限额。(虽然是收集整理的资料,但是每一步都经亲自试验成功后才拿出来分享的,主要适用于全新安装服务器,完全安装顺序执行这些操作就行了。)

安装基本系统
linux26 netcfg/disable_dhcp=true
安装基本系统的过程设置主机名server1,域名example.com,网关和域名服务器;不要配置Exim。

安装/删除一些软件
apt-get install bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx
fileutils
apt-get remove lpr nfs-common portmap pidentd pppoe pppoeconf ppp pppconfig
update-rc.d -f exim remove
update-inetd --remove daytime (telnet / time / finger / talk / ntalk / ftp / discard)
重新加载inetd服务:/etc/init.d/inetd reload

☆磁盘限额quota 3.12
apt-get install quota quotatool
编辑/etc/fstab,增加userquota,grpquota给root分区:
# <file system> <mount point> <type>   <options>                 <dump> <pass>
/dev/hda1       /           reiserfs  defaults,usrquota,grpquota    0      1

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck –avugm
quotaon -avug

☆DNS服务器bind 9.2.4
apt-get install bind9
编辑/etc/bind/named.conf.local,添加:
zone "example.com" {
                type master;
                file "/etc/bind/db.example.com";
                allow-update { none; };
                };
zone "1.168.192.in-addr.arpa" {
                type master;
                file "/etc/bind/db.192.168.0";
                allow-update { none; };
                };

/etc/bind/db.example.com
$TTL 38400
@        IN        SOA                example.com.        root.example.com. (
                                2006060101
                                10800
                                3600
                                604800
                                38400 )
@                IN        NS                        example.com.
@                IN        MX                10        mail.example.com.
@                IN        A                192.168.0.100
server1        IN        A                192.168.0.100
www                IN        CNAME        server1.example.com.
mail                IN        CNAME        server1.example.com.

/etc/bind/db.192.168.0
$TTL 38400
@        IN        SOA                example.com.        root.example.com. (
                                2006060101
                                10800
                                3600
                                604800
                                38400 )
@        IN        NS                example.com.
100        IN        PTR                example.com.
100        IN        PTR                server1.example.com.


以chroot方式运行BIND。停止服务:/etc/init.d/bind9 stop
编辑/etc/default/bind9,修改:
OPTIONS="-u bind -t /var/lib/named"

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc

ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
编辑/etc/init.d/sysklogd,修改:
SYSLOGD="-a /var/lib/named/dev/log"
重启日志服务:/etc/init.d/sysklogd restart
启动bind,如果有错误可以查看/var/log/syslog:/etc/init.d/bind9 start

/etc/resolv.conf
search example.com
nameserver 192.168.0.100

检查bind是否工作正常
rndc status
named-checkzone example.com /etc/bind/db.example.com
nslookup
set all -> server1.example.com或example.com
set q=any -> example.com
set q=ptr -> 192.168.0.100
set type=txt -> set class=chaos -> version.bind -> exit

☆MySQL 4.0.24
apt-get install mysql-server mysql-client libmysqlclient12-dev
mysqladmin -u root password xxxxxx
运行netstat -tap,应该看到类似于下面的一行
tcp        0      0 localhost.localdo:mysql *:*           LISTEN     3192/mysqld
重启MySQL:/etc/init.d/mysql restart

☆Postfix 2.1.5
apt-get install postfix postfix-mysql postfix-doc courier-authdaemon courier-authmysql courier-pop courier-pop-ssl courier-imap
courier-imap-ssl postfix-tls libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin

mysqladmin -u root -p create provider
mysql -u root -p
grant select,insert,update,delete on provider.* to provider_admin@localhost identified by 'xxxxxx';
grant select,insert,update,delete on provider.* to [email protected] identified by 'xxxxxx';
flush privileges;
use provider;
create table domains (domain varchar(50) not null, primary key (domain) ) type=myisam;
create table forwardings (source varchar(80) not null, destination text not null, primary key (source) ) type=myisam;
create table users (email varchar(80) not null, password varchar(20) not null, primary key (email) ) type=myisam;
insert into `domains` (`domain`) values ('example.com');
insert into `users` (`email`,`password`) values ('[email protected]','xxxxxx');

mysql-virtual_domains.cf
user = provider_admin
password = xxxxxx
dbname = provider
table = domains
select_field = 'virtual'
where_field = domain
hosts = 127.0.0.1


mysql-virtual_forwardings.cf
user = provider_admin
password = xxxxxx
dbname = provider
table = forwardings
select_field = destination
where_field = source
hosts = 127.0.0.1


mysql-virtual_email2email.cf
user = provider_admin
password = xxxxxx
dbname = provider
table = users
select_field = email
where_field = email
hosts = 127.0.0.1


mysql-virtual_mailboxes.cf
user = provider_admin
password = xxxxxx
dbname = provider
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1


chgrp postfix /etc/postfix/mysql-virtual_*.cf
chmod u=rw,g=r,o= /etc/postfix/mysql-virtual_*.cf
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

/etc/postfix/main.cf
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key


/etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: provider_admin
sql_passwd: xxxxxx
sql_database: provider
sql_select: select password from users where email='%u@%r'


chown root:postfix /etc/postfix/sasl/smtpd.conf
chmod u=rw,g=r,o= /etc/postfix/sasl/smtpd.conf

openssl req -new -outform PEM -out /etc/postfix/smtpd.cert -newkey rsa:2048 \
-nodes -keyout /etc/postfix/smtpd.key -keyform PEM -days 3650 -x509
chmod u=rw,g=r,o= /etc/postfix/smtpd.key
chown root:postfix /etc/postfix/smtpd.key

/etc/courier/authdaemonrc
authmodulelist="authmysql"


/etc/courier/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME provider_admin
MYSQL_PASSWORD xxxxxx
MYSQL_PORT 0
MYSQL_DATABASE provider
MYSQL_USER_TABLE users
#MYSQL_CRYPT_PWFIELD (comment this out)
MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD (comment this out)


/etc/init.d/courier-authdaemon restart
重启Postfix:/etc/init.d/postfix restart

☆Apache 2.0.54/PHP 4.3.10
apt-get install apache2 apache2-doc
apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd
php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick

编辑/etc/php4/apache2/php.ini,修改:
display_errors = off
disable_functions = phpinfo, get_cfg_var

编辑/etc/apache2/apache2.conf,修改:
AddDefaultCharset off
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.pl index.xhtml

激活SSL, rewrite, deflate模块
echo 'Listen 443' >> /etc/apache2/ports.conf
a2enmod ssl (rewrite / deflate)
apache2-ssl-certificate
重启Apache:/etc/init.d/apache2 restart

PHPMyAdmin 2.6.2/SquirrelMail 1 .4.4
apt-get install phpmyadmin squirrelmail
/usr/sbin/squirrelmail-configure
ln –s /usr/share/squirrelmail /var/www/webmail

编辑/etc/apache2/httpd.conf:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
        ServerName www.example.com
        ServerAlias example.com
        DocumentRoot /var/www/
        ScriptAlias /cgi-bin/ /var/www/cgi-bin/
        ErrorLog "|/usr/sbin/rotatelogs /var/log/apache2/www.example.com_error.log 604800"
        CustomLog "|/usr/sbin/rotatelogs /var/log/apache2/www.example.com_access.log 604800" combined
</VirtualHost>
<VirtualHost *:443>
        ServerName mail.example.com
        DocumentRoot /var/www/webmail
        ErrorLog /var/log/apache2/mail.example.com_error.log
        CustomLog /var/log/apache2/mail.example.com_access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>


☆ProFTPd 1.2.10 + MySQL认证
apt-get install proftpd-mysql
groupadd -g 5500 ftpgroup
useradd -u 5500 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser
CREATE DATABASE `proftpd`;
GRANT select, insert, update, delete on proftpd_admin@localhost IDENTIFIED BY 'xxxxxx';
USE proftpd;

CREATE TABLE `ftpgroup` (
`groupname` varchar(16) NOT NULL default '',
`gid` smallint(6) NOT NULL default '5500',
`members` varchar(16) NOT NULL default '',
KEY `groupname` (`groupname`)
) TYPE=MyISAM;
INSERT INTO 'ftpgroup' VALUES ('ftpgroup',5500, 'ftpuser');

CREATE TABLE `ftpuser` (
`id` int(10) unsigned NOT NULL auto_increment,
`userid` varchar(32) NOT NULL default '',
`passwd` varchar(32) NOT NULL default '',
`uid` smallint(6) NOT NULL default '5500',
`gid` smallint(6) NOT NULL default '5500',
`homedir` varchar(255) NOT NULL default '',
`shell` varchar(16) NOT NULL default '/bin/false',
`count` int(11) NOT NULL default '0',
`accessed` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`LoginAllowed` enum('true','false') NOT NULL default 'true',
PRIMARY KEY (`id`)
) TYPE=MyISAM;
INSERT INTO ftpuser (userid,passwd,uid,gid,homedir,shell) VALUES ('username','xxxxxx',5500,5500,'/home/username', '/sbin/nologin');

CREATE TABLE `ftpquotalimits` (
`name` varchar(30) default NULL,
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`par_session` enum('false','true') NOT NULL default 'false',
`limit_type` enum('soft','hard') NOT NULL default 'soft',
`bytes_up_limit` float NOT NULL default '0',
`bytes_down_limit` float NOT NULL default '0',
`bytes_transfer_limit` float NOT NULL default '0',
`files_up_limit` int(10) unsigned NOT NULL default '0',
`files_down_limit` int(10) unsigned NOT NULL default '0',
`files_transfer_limit` int(10) unsigned NOT NULL default '0'
) TYPE=MyISAM;
INSERT INTO ftpquotalimits VALUES ('testuser','user','false','soft','104857600','0','0','0','0','0');

CREATE TABLE `ftpquotatotal` (
`name` varchar(30) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`bytes_up_total` float NOT NULL default '0',
`bytes_down_total` float NOT NULL default '0',
`bytes_transfer_total` float NOT NULL default '0',
`files_up_total` int(10) unsigned NOT NULL default '0',
`files_down_total` int(10) unsigned NOT NULL default '0',
`files_transfer_total` int(10) unsigned NOT NULL default '0'
) TYPE=MyISAM;

编辑/etc/proftpd.conf:
SQLAuthTypes Plaintext
SQLAuthenticate users groups
SQLConnectInfo proftpd@localhost proftpd_admin xxxxxx
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLUserWhereClause "LoginAllowed = 'true'"
SQLGroupInfo ftpgroup groupname gid members
SQLHomedirOnDemand on
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, par_session, limit_type, bytes_up_limit, bytes_down_limit, bytes_transfer_
limit, files_up_limit, files_down_limit, files_transfer_limit FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_up_total, bytes_down_total, bytes_transfer_total, files_up_total, files
_down_total, files_transfer_total FROM ftpquotatotal WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_up_total = bytes_up_total + %{0}, bytes_down_total = bytes_down_total + %{1}, bytes_transfer_total = bytes_transfer_total + %{2}, files_up_total = files_up_total + %{3}, files_down_total = files_down_total + %{4}, files_transfer_total = files_transfer_total + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatotal
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatotal
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
DefaultRoot ~
RootLogin off
RequireValidShell off
SQLLogFile /var/log/proftpd.mysql.log
LogFormat auth "%v [%P] %h %t \"%r\" %s"
ExtendedLog /var/log/proftpd.auth.log AUTH auth
LogFormat write "%h %l %u %t \"%r\" %s %b"
ExtendedLog /var/log/proftpd.access.log WRITE,READ write
发表于 2006-6-14 22:16:16 | 显示全部楼层
排版很好,顶
回复

使用道具 举报

发表于 2006-6-19 02:27:11 | 显示全部楼层
楼主辛苦了
支持!
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

GMT+8, 2024-3-29 15:30 , Processed in 0.130256 second(s), 15 queries .

© 2021 Powered by Discuz! X3.5.

快速回复 返回顶部 返回列表